UK's Data (Use and Access) Act 2025 reshapes regulation of AI and automated decision-making
By
Dr. Nathalie Moreno
Summary
This article provides a comprehensive analysis of recent UK legal and regulatory developments concerning AI and automated decision-making (ADM), with a primary focus on the Data (Use and Access) Act 2025 (DUA Act). It explains how the DUA Act replaces the former Article 22 of the UK GDPR with new Articles 22A-22D, shifting the UK's approach to regulating automated decisions that affect individuals. The piece covers the legal definition of ADM, the new framework's requirements for meaningful human involvement, transparency obligations, and the broader implications for organisations deploying AI systems that classify, rank, or make recommendations about people.
Source
Key quotes
· 3 pulledAutomated decision-making (ADM) is now one of the central legal issues in AI regulation.
The Data (Use and Access) Act 2025 (the DUA Act) introduced the most important change to ADM since the GDPR took effect in the UK.
By substituting new Articles 22A to 22D into the UK GDPR, UK law moves away from the former Article 22 of the EU GDPR
You might also wanna read
Digital Omnibus on AI: What's changed in the EU AI Act and why it matters for companies

Preparing Your Data Lakehouse for the EU AI Act: Auditable Lineage and Data Provenance
Connecticut Enacts New AI Law: What Employers Need To Know

How New US Regulations Are Reshaping Global AI Access
EU Draft Proposals Seek to Weaken GDPR Privacy Rules for AI Industry Development
The article reveals that EU officials are drafting proposals to weaken GDPR privacy protections to accommodate the AI industry's data needs.


Comments
Sign in to join the conversation.
No comments yet. Be the first.