Public Policy & Governance
Top Line
Scotland's SNP national council has passed a motion for a full moratorium on new datacentres, directly threatening the UK government's AI infrastructure strategy at a moment when the flagship Stargate UK investment is already paused — creating a constitutional and economic flashpoint between Holyrood and Westminster.
A Guardian investigation has found that the Lanarkshire AI growth zone — a centrepiece of the UK's AI infrastructure ambitions — misrepresented its renewable energy commitments, with government and developers privately acknowledging a fundamental power provision problem, exposing the gap between political announcements and deliverable projects.
The FCA's Mills Review has formally recommended that ministers strengthen the regulator's statutory powers to address AI-driven risks in financial services, marking a concrete legislative ask from an independent regulator — a step beyond voluntary guidance into enforceable mandate territory.
Australia's federal health department has issued a regulatory warning over AI scribes in GP surgeries, with the health regulator actively assessing whether formal safeguards are required — a pattern of reactive governance emerging across jurisdictions as clinical AI deployment outpaces rulemaking.
The NHS has confirmed deployment of AI triage on its app reaching 200,000 patients in England over the next year, representing one of the largest public-sector AI rollouts in the UK health system, with governance frameworks for liability and clinical accountability still underdeveloped.
Key Developments
UK AI Infrastructure Under Simultaneous Pressure from Devolution and Investor Credibility Failures
The SNP's national council vote to freeze all new datacentres in Scotland — now formally referred to the Scottish government for consideration — is not merely a symbolic motion. Scotland hosts a disproportionate share of planned UK datacentre capacity, partly due to cooler climate and proximity to offshore renewables. A Holyrood moratorium, if legislated, would require the UK government to either negotiate a carve-out for nationally significant infrastructure or face a direct conflict under the Scotland Act's devolved planning and energy consenting powers. The Scottish government has not yet adopted the motion, but the political dynamics within the SNP make outright rejection difficult. The Guardian
This lands simultaneously with a Guardian investigation revealing that the Lanarkshire datacentre — designated an AI growth zone and publicly presented as renewable-powered and job-creating by 2030 — was privately acknowledged by government officials and developers to have an unresolved power provision problem. The term 'smoke and mirrors' used by local sources reflects a broader pattern in the UK's AI growth zone programme: planning designations and political announcements made ahead of technical due diligence. The Stargate UK situation compounds this: the £30bn figure cited by ministers included £20bn that was 'potential' investment, and OpenAI's failure to conduct site visits before the announcement raises questions about the rigour of the investment case. The Guardian The Guardian The Guardian
FCA Mills Review: A Concrete Legislative Ask on AI in Financial Services
The FCA's Mills Review represents a materially different type of policy output from the guidance documents and voluntary frameworks that have dominated UK AI governance to date. It is a regulator formally recommending that Parliament expand its statutory powers — specifically to address AI-amplified risks in financial services including cyber-crime, fraud, and the systemic displacement of human-led oversight. The review's framing — that companies are already shifting from human-led to AI-enabled operations — signals that the FCA is not treating this as a future risk but as a present enforcement gap. The ask for expanded powers implies the FCA believes its existing mandate under the Financial Services and Markets Act is insufficient to capture AI-specific harms. The Guardian
This sits within a broader UK regulatory architecture that has so far relied on sector-by-sector guidance rather than a horizontal AI Act equivalent. The FCA's move is significant because it comes from a regulator with enforcement teeth and a proven track record of using them — unlike some of the softer advisory bodies that have produced AI guidance. The political question is whether Treasury ministers will act on the recommendation in the Financial Services Bill pipeline or treat it as a long-term consultation item. Given the government's simultaneous pro-investment AI messaging, there is a real tension between expanding regulatory powers and maintaining the permissive environment it has been signalling to US tech investors.
Public-Sector AI Deployment Outpacing Governance: NHS and Australian Clinical AI
The NHS AI triage deployment — reaching 200,000 patients in England within a year as part of a £10bn health systems overhaul — is a confirmed operational rollout, not a pilot. The governance gap is significant: the announcement does not specify the regulatory pathway the tool has undergone, whether it holds MHRA software as a medical device (SaMD) classification, or how liability is allocated when AI triage decisions result in adverse outcomes. The NHSE's framing emphasises service efficiency rather than patient safety accountability architecture. This is a pattern seen in other jurisdictions where procurement speed in public health settings has exceeded regulatory readiness. The Guardian
Australia provides a near-simultaneous parallel: AI scribes are now widespread in GP surgeries, and the federal health department's warning — issued without accompanying mandatory requirements — reflects a government catching up to market adoption rather than shaping it. The Australian health regulator is described as 'considering' safeguards, which is pre-consultation language. The privacy risks are concrete: AI scribes record full clinical consultations, creating sensitive data flows that existing privacy frameworks designed for human note-taking do not cleanly govern. Neither jurisdiction has yet produced binding clinical AI governance rules; both are in the warning-issuance phase rather than the enforcement phase. The Guardian
Child Safety AI Governance: NCA and IWF Issue Operational Guidance as Legislative Gap Persists
The joint NCA and Internet Watch Foundation guidance warning parents against public posting of children's images is operationally significant — both organisations have direct law enforcement and content removal authority — but it remains guidance rather than law. The underlying legislative problem is that AI-generated child sexual abuse material (CSAM) occupies a contested space: the creation of synthetic imagery may not meet the threshold of existing offences under the Protection of Children Act 1978 in all configurations, and the Online Safety Act's provisions on CSAM focus on distribution and hosting rather than generation. The NCA's decision to issue public-facing guidance rather than await legislative reform signals an enforcement agency working around a statutory gap. The Guardian
Signals & Trends
The UK's 'Pro-Investment, Light-Touch' AI Positioning Is Producing Measurable Credibility Costs
The Stargate UK episode and the Lanarkshire growth zone investigation reveal a structural problem with the UK government's approach: political announcements have been made on the basis of investment figures and project specifications that were not verified before public commitment. This is not a communications failure — it reflects a policy choice to prioritise announcement speed and investor optics over due diligence. The cost is now visible: OpenAI has paused the project citing regulation and energy costs, the same factors the government said its permissive approach would address. The Scottish moratorium threat then removes the very infrastructure premise the strategy rested on. For senior policy advisors, the signal is that the 'regulatory clarity without regulatory burden' positioning is being stress-tested by real investment decisions, and failing on both the infrastructure delivery and investor confidence dimensions simultaneously. This will complicate the government's positioning at any future international AI governance forum where it claims a credible national delivery record.
Reactive Governance Is Becoming the Default Mode Across Jurisdictions — With Predictable Consequences
Three separate developments this week — NHS triage deployment, Australian clinical AI scribes, and AI-generated CSAM — share a structural pattern: market or institutional adoption has reached operational scale before binding governance frameworks exist, and regulators are responding with warnings, guidance, or 'monitoring' rather than enforceable rules. This is not unique to AI; it mirrors the pattern seen with social media platforms in the 2010s. The relevant lesson from that period is that the regulatory frameworks eventually constructed after major adverse incidents were shaped more by the political conditions of the moment of crisis than by the technical or policy analysis available earlier. Governments that are still in the warning-issuance phase on clinical AI, synthetic CSAM, and public-sector triage tools should treat the current period as a closing window for proactive rulemaking — the alternative is legislating reactively after harm, under conditions that produce poorly designed law.
Devolved and Federal Tensions Over AI Infrastructure Are Emerging as a Structural Governance Problem
The Scotland-Westminster friction over datacentres is not an isolated constitutional curiosity — it reflects a broader problem that federal and quasi-federal systems will increasingly face as AI infrastructure becomes nationally strategic. Planning, energy consenting, and environmental regulation are devolved or state-level competencies in the UK, Australia, the US, Germany, and Canada, while AI strategy is being articulated at the national level. The result is that national AI strategies depend on subnational actors whose political incentives — on energy use, environmental impact, community disruption — may diverge sharply from central government priorities. No jurisdiction has yet developed a coherent intergovernmental framework for AI infrastructure governance. The Scotland case is therefore an early indicator of a systemic problem that will recur across multiple federal systems as datacentre siting decisions become politically contentious.
Explore Other Categories
Read detailed analysis in other strategic domains