The Information Commissioner’s Office (ICO) has set out plans to develop a statutory code of practice on artificial intelligence and automated decision-making, alongside new guidance to help organisations – including public bodies – ensure good data protection practice when procuring AI tools.
In a letter to the Secretary of State for Science, Innovation and Technology, Liz Kendall, the information watchdog's chief executive officer, Paul Arnold, said the move was part of an AI work plan the organisation is currently developing.
He said the plan is partly aimed at helping organisations understand their legal obligations in relation to AI, while also helping the public understand how AI systems process their data.
Among the planned actions, the ICO said it will publish a 'transparency resource' to help organisations – "in particular SMEs and public bodies" – to undertake appropriate data protection due diligence when procuring off-the-shelf cloud-based AI tools and services.
The ICO will also publish guidance on how to ensure agentic systems comply with UK GDPR, the letter added.
Arnold said this would help ensure organisations developing and deploying agentic AI tools and systems understand their data protection obligations and “place consumer trust and privacy at the heart of system design and application development”.
In addition, the ICO intends to develop an AI & Automated Decision Making (ADM) statutory code of practice providing regulatory clarity to organisations developing and deploying AI and ADM systems and tools.
Elsewhere, it said it will "streamline and rebrand" its Innovation and Sandbox services to make them simpler for organisations developing and deploying AI to access and understand.
The ICO said it will publish more details on the work plan “in the coming months”.
