Case Studies


1. Data protection and consumer law for businesses supporting SMEs to deploy AI

CASE STUDY: Data protection and consumer law for businesses supporting SMEs to deploy AI

Business A is a B2B service that helps SMEs harness the power of AI by connecting them with foundation models. The query to the Hub sought clarification on Business A’s role in the supply chain, particularly when engaging with foundation model suppliers outside the UK. The response from the ICO and CMA highlights key requirements related to controllership, international transfers, transparency, and Business A’s responsibilities to SMEs and consumers.

2. Managing the impact of third party software defects on resilience

Business B operates a digital solution which uses AI to support business IT and cybersecurity by enhancing their operational resilience and preventing disruptions and outages caused by third-party software flaws. The query to the Hub sought clarification on whether the risk management framework for operational third-party software defects should align with that for security vulnerabilities. The response from CMA, FCA, ICO and Ofcom explains how resilience is an important part of maintaining financial stability and electronic communications networks and services, and digital infrastructure in the UK. It also sets out some considerations companies should be aware of in respect of data protection and consumer law.

3. Advertising financial promotions

CASE STUDY: Advertising financial promotions

Business C operates an AI powered compliance platform to automate the analysis and review of marketing content. The query to the hub sought clarification on ensuring consistent compliance standards when the same financial promotion is distributed through both digital channels (under FCA regulation) and broadcast media (under Ofcom regulation) and the expectations from both regulators on the use of AI for compliance decision-making. The response from FCA and Ofcom highlights key requirements related to advertising and financial promotions within Ofcom’s and the FCA’s respective remits, how the rules intersect and how the regulators take into account the use of AI when considering compliance.

4. AI and Online Forums: Navigating Data Protection, Online Safety, and Consumer Law in Health Discussion Forums

CASE STUDY: AI and Online Forums: Navigating Data Protection, Online Safety, and Consumer Law in Health Discussion Forums

Business D is a start-up offering a discussion forum where users with specific health issues can find and share their experiences with other individuals. As Business A incorporates AI and third-party data analytics as part of the service, it will need to ensure compliance with relevant regulations. The response from the CMA, ICO and Ofcom highlights key requirements related to advertising, AI, and online safety.

5. Perimeter guidance and data considerations for AI-enabled compliance tool

CASE STUDY: Perimeter guidance and data considerations for AI-enabled compliance tool

Business E is a B2B service that enables financial advisors to be more efficient in fulfilling their compliance obligations. The query sought clarification on whether their software product requires FCA authorisation, including the type, timing, and application process. They also requested guidance on complying with data protection law. The response from the FCA and ICO provides information on perimeter guidance, details on how to get authorised, and key data protection considerations.

Back to top