The Data Protection Act 2018 (Code of Practice on Artificial Intelligence and Automated Decision-Making) Regulations 2026

These Regulations require the Information Commissioner (“the Commissioner”) to prepare a code of practice on the processing of personal data under relevant data protection legislation in relation to developing and using artificial intelligence and automated decision-making. Relevant data protection legislation is defined in regulation 2 as the UK GDPR and the Data Protection Act 2018 (“the 2018 Act”), except Part 4 (intelligence services processing).

Last fetched 16 May 2026 · legislation.gov.uk

Lifecycle

Department

Made

16 Apr 2026

—

In force

12 May 2026

Enabling power

The Secretary of State makes these Regulations in exercise of the powers conferred by section 124A(1) and (2) and section 124B(11) of the Data Protection Act 2018. In accordance with section 182(2) of that Act, the Secretary of State has consulted the Commissioner and such other persons as the Secretary of State considers appropriate.

DocumentsOpen on legislation.gov.uk →

Explanatory Memorandum

UK Explanatory Memorandum

application/pdf · 21 Apr 2026 · 52 KB

Instrument PDF

application/pdf · 21 Apr 2026 · 181 KB

Browse Statutory InstrumentsSI 2026/425

SIin_forceSI 2026/425 · regulation