Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, with reference to the report entitled Securing meaningful transparency of public sector use of AI: Comparative approaches across five jurisdictions, published by the Public Law Project in October 2024, what assessment he has made of the potential merits of introducing a requirement on public bodies, when a decision has been taken about an individual that was (a) made and (b) supported by (i) AI, (ii) an algorithmic and (iii) automated tool, to proactively provide an explanation of (A) how and (B) why the decision was reached.

Central government departments and arm’s-length bodies (ALBs) have been working to draft Algorithmic Transparency Recording Standard (ATRS) records since this became mandatory earlier this year. Publication plans were disrupted by the general election, but multiple records are expected to be published soon.

Since the introduction of a mandatory requirement for use of ATRS in cross-government policy, we have seen a significant acceleration in progress towards adopting it, which will be reflected soon in published records. As such, we do not believe that legislation is necessary at this time. We will continue to explore further options for encouraging and enforcing the use of the ATRS, and the need to extend the breadth of the policy beyond central government.

In the UK’s data protection framework, Article 22 of the UK GDPR sets out the rules relating to solely automated decisions that have legal or similarly significant effects on individuals. Under these circumstances, individuals have the right to specific safeguards, including being notified of the decisions, being provided information about the solely automated decision making that has been carried out, and the right to contest those decisions and to obtain human intervention.

These specific safeguards for solely automated decision making complement the wider data protection framework’s existing data subject rights, including the rights to transparency, objection and access. Organisations must also continue to observe the data protection principles to ensure personal data is processed lawfully, fairly and transparently. These rules apply to all organisations, including public bodies.