At 09:00 UTC on July 15, Britain’s Department for Science, Innovation and Technology opened a coordinated review of how data rules should work in an economy increasingly shaped by artificial intelligence. The exercise is not a legislative proposal, and ministers have not selected a reform. It is an evidence-gathering process that puts two commercially important questions on the same policy timetable: whether existing data regulation creates avoidable friction for AI development, and whether public bodies should have more freedom to charge for reusable data.
TECHi’s analysis is that those two levers could pull in opposite directions. Clearer legal rules may reduce the cost of deciding whether and how a company can use data. Greater charging flexibility for public-sector datasets could raise the cost of obtaining some inputs. Britain is therefore examining both the legal price and the access price of data-intensive innovation, without yet saying where either should settle.
The government’s main call for evidence on data regulation and AI runs until September 9. Its companion review of public-sector data charging closes a day earlier. Companies now have a short window to show ministers where current rules produce measurable delay, where safeguards remain necessary, and how a different charging regime would affect investment.
Article Brief
The policy package in brief
4 Points24s Read
- No law has changedDSIT is gathering evidence and has not selected guidance, targeted amendments or fundamental reform.
- Two cost leversClearer AI-data rules could reduce legal uncertainty while broader public-data charging flexibility could raise some access costs.
- Disclosure limits stayThe charging review covers only data already lawfully available for reuse and creates no new disclosure power.
- Government is a test caseDSIT says AI may assist its response analysis, with UK storage and retention of up to two years.
The review reaches beyond generative AI
The AI and data-regulation paper asks whether the present framework needs additional official clarification, targeted legal change or more fundamental reform. Those are materially different outcomes. Clarifying material could alter compliance practice without changing statute. Targeted amendments could address identified conflicts. Fundamental reform would open a wider legislative question, but the government has not endorsed that route.
The detailed evidence paper identifies several technologies and data practices that test existing assumptions. They include agentic AI, synthetic data, privacy-enhancing technologies, data provenance, metadata and interoperability. The scope reflects a policy problem broader than training a large language model: modern systems may collect, transform, combine, infer from and act on data across several organisations.
That chain complicates familiar compliance duties. DSIT is seeking evidence on lawful bases for processing, data minimisation, purpose limitation, individual rights and the allocation of responsibility across supply chains. An AI developer, cloud provider, model deployer, data supplier and customer may each influence the same system, while holding different information about how it works.
Operational evidence will carry more weight than general calls for lighter or stricter regulation. A company arguing that purpose limitation blocks a useful deployment needs to identify the processing step, the legal uncertainty and the resulting cost or delay. A rights group warning about weakened protection needs to show the harm that a proposed interpretation could enable. The consultation is structured to distinguish a difficult compliance task from a rule that is genuinely unfit for the technology.
Copyright and intellectual property are excluded. Respondents cannot treat this process as a new forum for resolving disputes over copyrighted training material or licensing. That boundary narrows the review to data-regulation questions, even where the same AI system raises separate intellectual-property concerns.
The government’s interest in agentic systems also connects regulation to deployment rather than laboratory capability. TECHi previously examined how Britain’s AI Battle Lab links tools to operational training data. Systems that take actions across organisational boundaries make provenance, permissions and responsibility harder to treat as static paperwork. A rule may be clear for a single database operation yet ambiguous across an automated sequence involving several services.
Public data introduces a separate cost question
The companion charging review concerns the marginal-cost restriction under the rules governing reuse of public-sector information. Digital data can often be copied at negligible cost, so a strict marginal-cost approach frequently produces a zero or very low charge. DSIT is asking whether public bodies should have more flexibility to charge above that level.
The public-sector data call for evidence does not choose a pricing model or announce that fees will rise. It asks for evidence about the present restriction, the case for change and the likely consequences. Any claim that Britain has already decided to commercialise public data would run ahead of the document.
Its legal perimeter is also narrow. The review applies only to information that can already lawfully be disclosed and reused. It does not create a right to obtain protected personal data, confidential information or national-security material, and it grants no new disclosure powers. Pricing flexibility would not turn closed records into open datasets.
The economic effects would depend on implementation. Some public bodies may argue that additional income could fund maintenance, documentation, quality assurance or more reliable delivery. Data users may answer that higher fees would favour large incumbents, limit experimentation or make public information less useful to smaller companies and researchers. Neither outcome is established by the call itself.
For AI companies, the relevant expense is rarely the file alone. Useful data may require stable identifiers, current metadata, consistent update schedules, licence clarity and machine-readable delivery. A low-priced but poorly maintained dataset can be expensive to integrate. A higher charge could be defensible if it purchases demonstrably better service, yet damaging if it merely raises an entry barrier without improving quality.
Britain’s wider data-flows consultation adds an international dimension. AI products commonly depend on infrastructure, customers and suppliers in more than one jurisdiction. Domestic clarity cannot eliminate costs created by incompatible transfer requirements or uncertain cross-border controls. The commercial value of reform will therefore depend partly on whether companies can apply it across their actual data architecture.
Britain has also worked with AI providers on government deployment and UK data residency, as TECHi covered in its report on the OpenAI data-residency and government partnership. Residency can address one class of procurement or governance concern, but it does not by itself answer whether processing is lawful, whether data collection is proportionate or which party is responsible for an automated decision.
A two-sided adoption cost
The coordinated timing exposes a tension that would be easy to miss if the consultations were read separately. An AI developer could benefit from clearer legal rules while facing a higher bill for a public dataset. Another company might accept a fee if it funds cleaner data and dependable access. A small entrant could decide that even a modest charge makes an experiment uneconomic.
This is a TECHi interpretation of the policy package, not a description of adopted government policy. DSIT has asked for evidence on both issues. It has not promised deregulation, authorised above-cost charging or specified how the two reviews will interact.
The useful measure is total adoption cost. Legal advice, data acquisition, technical cleaning, governance controls, audit records and delays all sit on the same project budget. Lowering one item can encourage deployment, but the effect may be offset if another rises. Respondents should quantify those interactions rather than present regulation and access as unrelated topics.
The scale of data use makes the exercise commercially significant. The government’s UK Business Data Survey 2024 reported that 83% of businesses handle data, 73% analyse it and 15% exchange or sell it. Separate government research estimated that the UK data-driven market contributed £85 billion in gross value added in 2022 and supported 1.5 million jobs in 2023.
Those figures do not establish the effect of any reform, but they show why small changes in compliance or access costs can travel across the economy. The affected organisations are not confined to model developers. Retailers, manufacturers, banks, healthcare suppliers, public contractors and software companies increasingly depend on data-intensive systems.
Britain is also working beside, rather than outside, a European regulatory environment. TECHi’s earlier analysis of the EU’s shifting AI-regulation debate showed how implementation choices can become competitive factors even when the formal legal text remains in place. A UK approach that is clearer domestically but difficult to reconcile with European operations could produce limited savings for companies serving both markets.
Companies need evidence at the level of a workflow
DSIT’s questions invite broad policy positions, but credible submissions will be specific. A useful response can identify the dataset involved, each organisation in the processing chain, the applicable legal duty, the point at which uncertainty arises and the business consequence. It should also explain which safeguard would be lost if a requirement changed.
Public-data users can provide equally concrete evidence. They can state what they currently pay, how often the data is refreshed, what integration work it requires and how a higher charge would affect a product or research programme. Public bodies can disclose the cost of producing reliable reusable datasets and separate that expense from work they would perform regardless of reuse.
The consultation’s own process offers a small governance test. DSIT’s privacy notice says officials may use AI to assist with handling and analysing responses. It also says data will be stored in the UK on Microsoft and Amazon Web Services infrastructure and retained for up to two years.
Using AI assistance does not determine the consultation’s merits. It does, however, place the department inside the operational questions it is asking others to answer: how data is processed, what infrastructure is involved, how long information is retained and where human responsibility sits. The safeguards and disclosure around that analysis will be part of the government’s practical credibility.
The policy choice comes after the evidence
No company should rewrite its compliance programme or data budget on the assumption that these calls have already changed the law. Existing duties and charging arrangements remain in place. The immediate task is to document costs, risks and dependencies while the government is asking for them.
DSIT will then have to decide whether the evidence supports official clarification, targeted amendments, wider reform or no material change. On public-sector information, it will also need to weigh funding and data quality against access, competition and innovation.
The strongest outcome would not simply be fewer rules or more charging freedom. It would be a framework in which responsibility can be assigned across modern AI supply chains and the price of public data reflects a defined service without quietly excluding smaller users. The July consultations open that argument. They do not settle it.
