How Regulator AI Use Could Affect Businesses
Key contact
The Digital Regulation Cooperation Forum (DRCF) has recently published an article entitled “Innovating with Generative AI in the DRCF Member Regulators”, which offers valuable insights into how UK regulators are actively adopting generative AI.
Although the article primarily focuses on how regulators are using AI internally, it also provides key insights for businesses navigating AI adoption and regulatory risk.
1. How regulators’ use of AI at scale changes the risk landscape
The DRCF brings together key UK regulators, including the Competition and Markets Authority, Financial Conduct Authority, Information Commissioner’s Office and Ofcom, enabling them to take a coordinated approach to digital regulation.
One of the key themes of the article is that generative AI has moved beyond the experimental phase. It is increasingly being used as a core tool to support regulatory analysis, supervision, and enforcement.
From a business perspective, this shift is highly significant. Regulators can now monitor activities on a much greater scale, with fewer human resource constraints. This includes identifying potential consumer harm across digital platforms and analysing practices, such as misleading design or customer journeys.
For businesses, this means:
- Increased visibility of business practices, even for organisations that may not consider themselves “high profile”.
- More proactive identification of risks, rather than reactive investigations.
- Greater scrutiny of digital design, customer experience, and data usage.
The key message is clear: businesses can no longer assume that limited visibility equates to lower regulatory risk. AI is fundamentally changing how regulators observe and assess the market.
2. Regulator use of AI helps provide a benchmark for good practice
A second, equally important takeaway is that the DRCF’s work provides useful benchmarking information for how organisations should use AI responsibly.
The article highlights that regulators are not only adopting AI, but doing so within structured and controlled frameworks. This includes:
- Strong governance processes to ensure accountability and oversight, including policies and systems.
- Clear use cases and training for specific purposes, such as prompt engineering for specific outcomes.
- Ongoing testing and development to evaluate whether AI tools are fit for purpose before scaling, using specific test criteria and scoring mechanisms.
Together, these elements help define what “good” AI deployment looks like in a regulatory context.
For businesses, this is particularly valuable. Organisations often seek guidance on what compliant or responsible AI use should look like in practice. The DRCF’s approach provides a practical answer:
- Build governance structures early.
- Treat AI development as an iterative, tested process.
- Ensure transparency, accountability, and human oversight remain central.
Final thoughts
In short, the way regulators are using AI today is likely to shape the expectations they apply to businesses tomorrow.
For organisations exploring or scaling AI, this is a timely reminder that regulation is evolving alongside technology. The DRCF’s work shows that regulators are not standing still: they are actively innovating, collaborating, and setting standards. This will influence how businesses are monitored and how they need to comply with the ever-increasing list of regulatory laws. It is also an opportunity for businesses to keep pace by learning from these developments and embedding good practice early.