The UK doesn’t have an AI Act. It doesn’t want one. And if you’re a multinational trying to figure out your obligations across London, Brussels, and Sacramento, that gap in the regulatory architecture is about as comfortable as it sounds.

What’s emerged instead is something the British like to call a “pro-innovation approach to AI governance” — a sector-by-sector framework built on five principles: safety and security, transparency, fairness, accountability, and contestability. Five principles, five different regulators trying to enforce them. The FCA. The ICO. The CMA. Ofcom. The MHRA. Each owns their slice, and none of them is clearly in charge.

This inverts the EU model’s logic entirely. Where Brussels passed one law with annexes and enforcement dates and penalty schedules, Westminster passed a white paper and went home. The assumption — charitable framing — is that existing regulators already have the expertise and statutory reach to handle AI risks within their domains. The less charitable reading is that the government found omnibus legislation politically toxic and decided to hope the problem distributes itself.

The CMA just published two papers that actually matter

In March 2026, the Competition and Markets Authority released a research paper and guidance document that are worth reading even if you normally ignore regulator publications. The research paper is an honest assessment of what “agentic AI” — systems that act on your behalf rather than just respond to prompts — could do to consumer markets. It describes AI searching across services, recommending products, handling complaints, processing refunds, and in some cases executing transactions. The CMA’s word for that is not “exciting.” Their word is “in scope.”

The accompanying guidance made explicit something that many companies deploying AI agents seem to have hoped wasn’t true: existing consumer protection law doesn’t stop applying just because an AI system is doing the interaction. Amazon, Google, Microsoft — all three are building agentic AI products for UK consumers, and the CMA has let them know in writing that they are watching.

The financial regulators are beginning to treat frontier AI as systemic

In May 2026, the FCA and Bank of England issued a joint statement on frontier AI models and cyber resilience. That’s not a warning to consumers — that’s a signal to boardrooms. The UK financial regulators are framing advanced AI deployment not as an operational efficiency question but as a systemic risk question. Under the Senior Managers and Certification Regime, that framing creates direct accountability for senior executives at firms deploying or relying on frontier AI systems. If something goes wrong, it goes wrong at the board level.

The ICO and Ofcom also put out a joint statement in early 2026 clarifying age assurance obligations under the Online Safety Act. The key expansion: these obligations now explicitly cover AI chatbots, not just the established digital services regulators had been focused on previously. If you’re building any AI service a UK child could access, your compliance obligations just got a layer more complicated.

The hidden problem is coordination

Here’s what makes the UK approach genuinely difficult to navigate. When the EU enforces, national authorities coordinate through the European AI Board. When something goes wrong in the UK AI landscape, you might find yourself responding to the FCA, the ICO, and the CMA simultaneously, with three different frameworks, three different penalty regimes, and — critically — three different definitions of what “fair” and “accountable” actually mean in practice. There’s no UK equivalent of the AI Office doing the cross-regulator coordination work.

For a US company trying to go-to-market in the UK, this means hiring regulatory affairs people you’ve never needed before. For a UK startup trying to scale to the EU, it means mapping your product against two completely different compliance universes. Neither is comfortable. The UK approach rewards companies with legal teams large enough to play regulatory whack-a-mole. That’s not obviously pro-innovation. It’s pro-incumbent.

Whether the UK’s approach produces better outcomes than the EU’s command-and-control model is a genuine empirical question. Five years from now we’ll know. Right now, the honest answer is nobody does.