United Kingdom vs Australia

Dimension

United Kingdom

Australia

Status

In Effect (no dedicated AI Act)

Voluntary framework

Max penalty

Up to GBP £17.5M or 4% of global turnover (ICO, under UK GDPR/DPA 2018)

No AI-specific penalty; Privacy Act 1988 up to A$50M, 3× benefit, or 30% of adjusted turnover for serious breaches

Key deadline

Rolling implementation

Rolling / voluntary

# of instruments

4

4

Headline rule

Pro-innovation AI regulation framework (2023 White Paper)

Australia's AI Ethics Principles (2019, voluntary)

What it requires

The UK has deliberately not enacted an EU-style AI Act. Instead, five non-statutory principles are applied by existing sector regulators — the ICO for data protection, the FCA for financial services, Ofcom for online safety. The AI Security Institute (renamed from the AI Safety Institute in February 2025) oversees frontier-model risk, and the Data (Use and Access) Act 2025 reformed the rules on automated decision-making. A comprehensive government AI Bill has been signalled for 2026 but is not yet before Parliament.

Australia has chosen not to enact a standalone AI Act. As of 2026, AI-specific obligations are voluntary — businesses are encouraged to follow the Voluntary AI Safety Standard's ten guardrails (governance, transparency, human oversight, testing, record-keeping). A 2024 proposal for mandatory guardrails on high-risk AI remains unlegislated; the December 2025 National AI Plan reaffirmed reliance on existing laws and sector regulators. The main statutory exposure for AI is the Privacy Act 1988, where serious breaches now risk penalties up to A$50 million.