UK Government Seeks DMA Members' Feedback on AI Regulatory Landscape | UK Government Seeks DMA Members' Feedback on AI Regulatory Landscape | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

UK Government Seeks DMA Members' Feedback on AI Regulatory Landscape

15 Dec 2025

T-uk-government-seeks-dma-members-feedback-on-ai-regulatory-landscape.jpg

The Department for Science, Innovation and Technology (DSIT) has approached the DMA as part of an invitation-only evidence-gathering exercise examining how the UK’s data protection framework operates in practice when applied to artificial intelligence. The DMA, and a small number of trusted stakeholders, have been specifically invited to respond. We are therefore inviting DMA members to contribute practical insight, case studies and real-world experience to inform this work.

The questions focus on how organisations actually design, deploy and govern AI systems. They span issues across the AI lifecycle, including which data protection requirements most affect AI development and deployment, how lawful bases are selected (including in relation to web-scraped data), and how concepts such as fairness and accuracy are applied in operational settings. DSIT is also seeking insight on how organisations handle data subject rights in AI systems, deliver meaningful transparency at scale, apply purpose limitation between training and deployment, balance data minimisation with model performance, manage international data transfers, and interpret controller and processor roles across complex AI supply chains.

DSIT has made clear that real-world examples are particularly valuable. The aim is to identify priority areas for further discussion with regulators and policymakers, ensuring that future guidance is grounded in practical realities and supports both compliance and innovation.

Member input has consistently been central to shaping that relationship and influencing UK government thinking across data protection, AI and digital regulation. This exercise is a direct opportunity to continue that influence.

Please send responses by 22 December to Michael.Sturrock@dma.org.uk. Contributions can be legal, technical or operational. What matters is clarity, specificity and honesty about what works and where tensions arise.

Theme

What we want to learn

General AI deployment challenges
  • Which requirements within the UK data protection framework have shaped or impacted your AI development/deployment - (positively or negatively)?

  • What actions have your company taken as a result (e.g. increase legal capacity, delay launches, redesign processes, cancel the release of a model etc)?

Legitimate interest & web‑scraped data (GenAI)
  • Which lawful bases do you generally consider while training AI models and why?

Accuracy / “sufficient statistical accuracy”
  • How do you apply the concepts of fairness and accuracy while developing/deploying AI models?

Right to erasure & post‑training removal
  • How do you approach data rights requests in AI systems and where are these exercised across the AI lifecycle in practice?

  • Which data subject rights are the most used and how do you approach/fulfil individual requests?

Right to be informed & transparency
  • How do you fulfil meaningful transparency in the context of AI?

  • Which notification or transparency mechanisms have worked for you at scale?

Purpose limitation (training vs deployment)
  • How do you approach purpose limitation as a principle across the AI lifecycle?

Data minimisation & PETs
  • How do you approach data minimisation in AI systems in practice? How do you balance data minimisation with model quality and accuracy?

International data flows
  • How do you navigate differing international frameworks, and how do data protection/AI regimes affect your training/hosting choices?

Definitions & allocations of Controller / Joint Controller / Processor
  • How do AI developers and other AI actors across the lifecycle fit into controller/processor concepts?

Any other issues
  • Are there any other areas of AI interacting with data protection regulations that your organisation has found more difficult to comply with, that are not mentioned above?

Michael Sturrock Michael Sturrock

Data & Marketing Associations

Subscribe for industry news, insight and analysis
Hear more from the DMA

Please login to comment.

Comments

Expand

Copyright DMA 2025 © All Rights Reserved

Consent Preferences