The Information Commissioner’s Office (ICO) has set out how it intends to support the Government’s ambition of enabling organisations to adopt AI safely and drive ‘AI-powered innovation’.

Responding to a letter sent by the Government to 19 regulators earlier this year seeking information on the role that they will each play in supporting safe AI adoption by businesses, the ICO said that it is focused on three areas: (1) Helping businesses and public services benefit from AI opportunities; (2) Creating clarity on the standards and safeguards that should be in place around AI development and adoption; and (3) Ensuring transparency and control for the public in how their personal information is processed in AI systems or when significant automated decisions about them are made using AI.

More specifically, the ICO points to its recent work on automated decision-making (including its recent consultation on new guidance (discussed here)), and its two overarching objectives for the year ahead of:

1. ensuring that the UK public feel confident that they understand how AI systems process their personal data, and that they have appropriate agency, choice, and control over how that data is used in AI applications and services; and
2. ensuring that the ICO is clear what data protection law requires when organisations deploy AI systems, including AI agents and agentic systems.

To that end, the ICO sets out concrete steps it intends to take in the next year, including:

• Developing an AI and Automated Decision-Making statutory code of practice;
• Working with the public and tech companies to address concerns about the increasing personalisation of consumer-facing AI services;
• Producing a “how to” guide for the public on taking informed decisions about the use of personal data by online AI tools and services;
• Publishing resources so that organisations can undertake appropriate data protection due diligence when procuring off-the-shelf cloud-based AI tools and services; and
• Publishing guidance on how to ensure agentic systems comply with UK GDPR.

More information on this work will be provided in the ICO’s AI workplan, expected in the coming months. In the meantime, the letter can be read in full here.