AI governance for the UK's pro-innovation approach.
Sentinel for UK enterprises navigating the DSIT principles, ICO AI Auditing Framework, the Data (Use and Access) Act 2025, MHRA's AI-as-Medical-Device guidance, and sector-regulator expectations.
No horizontal AI Act — yet. Heavy-touch enforcement, sector by sector.
The UK delegates AI oversight to existing sector regulators under the DSIT five principles. The Data (Use and Access) Act 2025 (in force) updates the UK data protection regime including ADM provisions. The Cyber Security and Resilience Bill (introduced Nov 2025) is the NIS2-equivalent. ICO, FCA, Ofcom, MHRA and the renamed AI Security Institute all have active AI agendas. A horizontal AI bill may appear in the Spring 2026 King's Speech — not confirmed.
Every framework UK cares about — encoded as data, cross-mapped on day one.
The Sentinel Framework Engine ships with these frameworks as machine-readable data, with explicit cross-maps. When you assess a use case, the workpaper, the review pack, and the auditor evidence trail are generated from this library — not authored from scratch.
DSIT Cross-Sector AI Regulation Principles
GuidanceSafety, transparency, fairness, accountability, contestability — delegated to existing regulators.
Data (Use and Access) Act 2025
In forceUpdates the UK data protection regime, including ADM provisions.
ICO Guidance on AI and Data Protection + AI Auditing Framework
GuidancePrivacy regulator's expectations for AI.
UK GDPR + Data Protection Act 2018
In forceLawful basis, DPIAs, automated-decision rights.
MHRA guidance on AI as a Medical Device (GMLP and PCCPs)
GuidanceMedicines and Healthcare products Regulatory Agency guidance for AI/ML SaMD.
FCA Discussion Paper on AI (FS24/4 and successors)
GuidanceFinancial-services AI governance expectations.
Online Safety Act 2023
In forceAlgorithmic content moderation and risk assessment duties.
Cyber Security and Resilience Bill
PendingNIS2-equivalent for UK critical infrastructure; introduced Nov 2025.
Bank of England / PRA AI risk principles
GuidancePrudential supervision of AI use in banking.
AI Security Institute (renamed from AI Safety Institute, 2024)
GuidanceUK government AI safety / capability evaluation body.
Equality Act 2010
In forceDiscrimination considerations for automated decisions.
ISO/IEC 42001
VoluntaryDe facto standard UK regulators reference.
Plus universal AI standards (every jurisdiction)
Built for international private sector.
CISO, DPO, Head of Risk, or General Counsel at any UK enterprise. Strong fit for FCA-regulated firms, large online platforms, medical-device AI manufacturers, and any organisation with significant automated decision-making.
What ships, regardless of jurisdiction:
- ✓M1 · AI Use-Case Register
- ✓M2 · AIAF / equivalent Workpaper
- ✓M3 · AI Review Committee Workflow
- ✓M4 · Risk Register
- ✓M5 · Transparency Register
- ✓M6 · Regulatory Gap Tracker
- ✓M7 · Evidence Vault + Audit Log
- ✓M8 · Re-attestation Engine
What changes between jurisdictions is the Framework Library pack — the regulations, statutes, and guidance pre-loaded. The platform structure stays the same.
Help shape Sentinel for United Kingdom Private Sector.
Tell us your jurisdiction-specific needs and we'll prioritise the framework pack accordingly. Registered organisations get founding-partner terms when their jurisdiction goes live.
Sentinel · Arrochar Consulting · sales@arrocharconsulting.com