Emerging AI laws and regulations – Understanding the compliance requirements in Northern Ireland

As artificial intelligence (AI) becomes increasingly integrated into business operations across Northern Ireland, it is essential for companies to understand the reach and impact of the regulations which may apply when they develop, incorporate, make available and use AI – both close to home and in other jurisdictions.

 

 

UK REGULATORY APPROACH

 

The UK Government’s position has for some time been one of flexibility and “pro-innovation”, that favours governance through existing legislation as adapted by domain-specific regulatory authorities, rather than AI-specific legislation which would apply on a blanket basis.

This approach relies on sector-specific regulators, each applying existing principles and adapting their oversight to the unique challenges posed by AI within their respective domains. For example, the ICO addresses data privacy implications, the Competition and Markets Authority (CMA) focuses on competition aspects in digital markets, and the Financial Conduct Authority (FCA) considers the impact on financial services. This decentralised model is intended to avoid over-regulation and foster innovation, allowing for regulatory agility as technologies and use cases evolve.

 

Importantly, businesses must understand that lack of AI-specific legislation does not mean that use of AI in the UK is unregulated. Alongside the various regulators’ guidance, the existing legislative framework will continue to dictate how AI systems are built, deployed and used. When advising on clients’ development and use of AI, we have found that the most-commonly engaged areas are around: data protection; intellectual property; confidentiality; and anti-discrimination in employment. We will be issuing further guidance for businesses on the application of existing legislation in each of these areas to AI systems as part of a series of guidance.

 

Businesses in Northern Ireland must keep abreast of the various sources of compliance obligations, as the landscape is dynamic and policy direction may shift in response to emerging societal concerns, technological advances and the passage of existing and future draft legislation through parliament.

 

 

EU LEGISLATION

Formally adopted in 2024 and due to apply in stages from 2025 to 2026, the EU AI Act was the world’s first comprehensive legal framework regulating AI.

 

Native application

Following Brexit, new EU legislation does not automatically apply in Northern Ireland as it would in an EU Member State unless the UK Government agrees otherwise.

Earlier this year, the EU Commission submitted its position to the UK that the AI Act should in fact be made to be automatically applicable in Northern Ireland; and that position made it to the agenda for the June meeting of the Specialised Committee on the Implementation of the Windsor Framework. However, although the meeting minutes do note that there was an “exchange of views” on the matter – it appears that there is no disruption to the status quo and the EU AI Act therefore does not automatically apply to all businesses in Northern Ireland.

That, however, is not the end of consideration of the EU AI Act’s application to businesses in Northern Ireland.

 

Extra-territorial reach

Similarly to other EU laws, the AI Act can apply on an organisation-by-organisation basis, depending on their interaction with the EU. It can apply to Northern Irish business under the following circumstances:

  1. Selling into the EU Market: if the business provides AI systems, or products of AI-enabled products or services, to customers in the EU;
  2. Using AI in the EU: if it deploys AI systems within the EU (e.g., as part of cross-border operations);
  3. Indirect Application through Supply Chains: if the business is part of the supply chain for an EU-based company, it may be contractually obliged to comply to support EU clients’ regulatory obligations.

 

 

PRACTICAL IMPLICATIONS FOR NORTHERN IRISH BUSINESSES

Therefore, it is sensible for businesses here to now consider:

  • Conducting an AI audit: identifying any AI systems your business develops, deploys, or integrates;
  • Geographic Mapping: considering where the AI systems are deployed and where their outputs are used;
  • Review supply chain obligations: checking if clients require compliance declarations or documentation;
  • Regulatory Compliance Project: ensuring their business, products and staff comply with all applicable regulations, including the AI Act, existing legislation and all applicable guidance, including (among other things) undertaking appropriate training at a senior and junior level, developing out specific policies and guidance for staff, and developing a specific AI policy dictating how AI systems can be used within your organisations and which systems are approved for use; and
  • Update contracts and documentation: considering updating commercial agreements to reflect AI regulatory requirements and other considerations (such as IP rights, confidentiality and disclaimers).

 

 

For legal guidance and advice on what legislation may apply to your business and your use of AI, please contact Paul Eastwood or another member of our Contracts & Technology team.

While great care has been taken in the preparation of the content of this article, it does not purport to be a comprehensive statement of the relevant law and full professional advice should be taken before any action is taken in reliance on any item covered.