While the EU was voting this week to push back its own AI Act enforcement timelines, a quieter conversation was happening in London about where Britain fits in the global AI governance picture. The short answer, from the government’s perspective: somewhere between Brussels and Silicon Valley, leaning toward the latter.

The UK has been developing its own approach to AI regulation since formally leaving the EU’s regulatory orbit. The core thesis, articulated in various white papers and consultation documents over the past few years, is this: the EU’s approach is too rigid, too compliance-focused, and will drive AI investment to more permissive jurisdictions. Britain’s answer is regulatory agility — sector-specific guidance rather than horizontal rules, sandbox environments rather than pre-market approval, and a lot of emphasis on what the government calls “pro-innovation” governance.

The Sandbox Strategy

The EU AI Act requires member states to establish regulatory sandboxes — controlled environments where AI systems can be tested against the Act’s requirements before going to market. It’s a concession to industry that the rules are complex and genuinely novel, and that companies need somewhere to figure out what compliance actually looks like in practice.

The UK isn’t bound by that requirement, of course. But the thinking in Westminster appears to be: if Europe is building sandboxes out of necessity, Britain can build them out of ambition. The FCA has already run sandbox programmes for financial technology. The Department for Science, Innovation and Technology has been talking about something similar for AI more broadly — a cross-sectoral sandbox where startups and established companies alike can test AI systems in real conditions against emerging regulatory expectations.

Scotland’s five-year AI strategy, published this week, adds another layer to this picture. It’s a relatively modest document by the standards of major policy commitments, but it signals that AI governance isn’t just a Westminster preoccupation. The Scottish approach appears to lean heavily on public sector adoption and ethics frameworks — more pragmatic than ambitious, but with the emphasis on implementation rather than legislation that characterises the broader UK posture.

Pro-Innovation or Just Permissive?

The genuine tension in the UK’s approach is this: it’s hard to tell the difference between “pro-innovation regulation” and “very light regulation with better branding.”

The argument for a permissive approach goes like this: AI is moving fast, rigid rules will be obsolete before they’re implemented, and the countries that attract AI development will set the global standards. Britain has genuine strengths in AI research (DeepMind’s London roots, strong university programmes, a financial sector that’s an early adopter). Competing for that investment is rational.

The argument against is equally coherent: “regulatory agility” has historically meant regulatory capture — incumbents shaping rules in their favour, while the harms land on the people least equipped to bear them. Algorithmic bias, automated decision-making in benefits systems, surveillance tools deployed without adequate assessment — these are real harms that some version of mandatory guardrails might have caught earlier.

The UK government has consistently resisted the kind of binding horizontal AI law that the EU built. Its preferred model is sector regulators — the FCA for financial AI, the ICO for data protection, the CMA for competition — applying existing frameworks to new technology. Critics argue that doesn’t add up to adequate oversight of genuinely novel risks.

What Britain’s Actually Doing

Concrete actions are thin on the ground, it has to be said. The AI Safety Institute, established after the Bletchley Park summit, is the most tangible commitment — and its focus is specifically on frontier AI risks, not the broad run of AI deployment. It’s a narrow bet: that the existential risks from superintelligent systems are the ones worth focusing on, and that domestic regulatory infrastructure for the everyday risks of AI is someone else’s problem.

Whether that bet pays off depends on how you weigh the scenarios. If the biggest risks from AI over the next decade are frontier model accidents, Britain’s approach is defensible. If the biggest risks are the prosaic ones — discrimination in hiring algorithms, poor-quality decisions in benefits assessments, inadequate transparency in consumer AI — then Britain is underinvesting in the oversight that would catch those harms.

Scotland’s strategy this week is a reminder that AI governance isn’t just a Westminster story. The devolved administrations don’t have full control over the regulatory levers that matter most, but they can set priorities, fund research, and shape how AI is adopted in public services. That matters for the overall picture even if it’s not the headline policy.

The honest assessment: Britain has a coherent argument for why it wants to be a different kind of AI governance jurisdiction than Europe. Whether it has the institutions, the capacity, and the political will to make that argument actually mean something — rather than just meaning well while the harms accumulate — is the question the next few years should start to answer.

Analysis post for 2026-04-03. Sources: UK Government DSIT, European Parliament AI Act.