The Bank of England and PRA set out plans for safe AI innovation: What firms need to know

The PRA has highlighted AI adoption in its 2026 supervisory priorities, meaning it will be a key topic in supervisory dialogues with firms. Firms should expect direct questions on governance, model risk management, and oversight frameworks.

The BoE and PRA will continue to apply their technology-agnostic, outcomes-focused regulatory framework to AI. Most participants in the PRA's recent industry roundtables did not see the need yet for detailed AI-specific regulatory guidance or rules, and most couldn't see a case for a BoE or PRA AI sandbox at this time. But the position is under active review. The FCA's Supercharged Sandbox and AI Live Testing initiatives were seen as providing sufficient testing infrastructure for firms looking to innovate with AI in a regulatory context. Firms seeking to test AI innovations should engage with these existing FCA mechanisms.

The AI Consortium, established in May 2025, is examining concentration risks including from third-party model providers as a primary workstream. This mirrors questions raised by the FCA in its February 2026 Mills Review about the UK retail financial services market’s dependency on a small number of dominant AI infrastructure providers. Firms with significant reliance on third-party AI models should review their outsourcing and third-party risk management frameworks accordingly.

‍

The AI Consortium is specifically examining explainability and transparency in generative AI, the evolution of AI "edge cases" as adoption moves into areas more relevant to financial stability such as credit risk assessment and trading, and AI-accelerated contagion in financial markets. Firms using generative AI in regulated activities should ensure they can articulate how outputs are generated and validated and should monitor the AI Consortium's forthcoming report for emerging expectations in these areas.

The rise of agentic AI is already a topic of discussion within the AI Consortium. No expectations have been set yet, but supervisory attention is likely to follow.

The G20 Financial Stability Board, chaired by BoE Governor Andrew Bailey, is prioritising work with international standard-setters on sound practices for AI adoption, use and innovation by financial institutions. The PRA co-chairs the International Association of Insurance Supervisors' (IAIS) AI workstreams, and the BoE is working with the G7 on managing AI-related cybersecurity risks.

‍

Its work will focus on developing a better understanding of the potential financial stability risks involving frontier AI agents. It will also continue to support the Cross Market Operational Resilience Group (CMORG)’s AI taskforce, whose AI Baseline Guidance Review provides guidance to firms on government and regulatory approaches, risk management principles and frameworks, technical implementation, third party and legal considerations, and education and awareness.

It intends to achieve this via its annual Business Plan and Annual Report. This creates a new accountability mechanism that firms and stakeholders can use to track regulatory developments and assess the PRA's progress in supporting responsible AI adoption over time.

Whilst this letter sets out the BoE and PRA's plans, dual-regulated firms should remain aware of the FCA’s own AI workstreams, including through the joint AI Consortium, the Supercharged Sandbox, and its broader data and technology strategy. Dual-regulated firms should ensure they are tracking developments from both regulators and considering how their AI governance frameworks address the expectations of each.