TLT's AI Brief: June 2026

United Kingdom

The Bank of England, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience

The Bank of England, FCA and HM Treasury have published a joint statement on the cyber security risks posed by frontier AI models. The statement does not introduce new regulatory obligations but consolidates and reinforces existing operational resilience expectations, signalling that regulators regard AI-driven cyber threats as an immediate and escalating priority for regulated firms and financial market infrastructures (FMIs).

Frontier models are the most advanced AI models available at a given moment, trained on massive datasets to deliver state-of-the-art performance across many tasks, representing the leading edge of AI capability. They typically power advanced reasoning, image and text generation, and agentic workflows.

Key Points

• Elevated Threat: Frontier AI models already exceed what skilled human practitioners can achieve in executing cyber-attacks, at greater speed, scale, and lower cost. Regulators warn that firms underinvesting in core cyber fundamentals face progressively greater exposure as more advanced models emerge.
• Governance: Boards and senior management must understand frontier AI risks well enough to provide effective oversight.
• Investment: Resourcing and insurance arrangements should reflect the escalating threat, with particular focus on end-of-life or unsupported systems.
• Vulnerability management: Firms must triage and remediate vulnerabilities more quickly and at scale, using automation where appropriate.
• Third-party risk: Firms must identify, monitor, and manage frontier AI cyber risks arising from third parties, open-source software, and external services integrated into their networks, including the capacity to respond to vulnerabilities identified by third parties at scale.
• Defences: Firms should consider automated and AI-enabled defences capable of operating at the speed of AI-driven attacks.

Read more here.

ICO sets out plans for statutory AI code of practice and procurement guidance

The Information Commissioner’s Office (ICO) has outlined plans to strengthen its approach to artificial intelligence regulation through a new statutory code of practice on AI and automated decision-making, alongside additional practical guidance for organisations. Announced in a letter from ICO CEO Paul Arnold, the initiative forms part of a broader AI work plan aimed at supporting both organisations and the public in understanding how AI systems use personal data and the associated legal obligations.

A key focus of the plan is helping organisations, particularly SMEs and public bodies, carry out appropriate data protection due diligence when procuring AI tools. To support this, the ICO intends to publish a “transparency resource” addressing risks linked to the use of off-the-shelf and cloud-based AI services. The ICO will also issue specific guidance on ensuring that emerging agentic AI systems comply with UK GDPR, with an emphasis on embedding privacy and user trust into system design and deployment.

The statutory AI and automated decision-making code aims to provide greater regulatory clarity, and to simplify access to its innovation support services by streamlining and rebranding its existing Sandbox offering. Further details are expected in the coming months.

Read the letter here.

“Regulating for Growth Bill” announced in the King’s Speech

Announced in the King’s Speech on Wednesday 13 May 2026, the Regulating for Growth Bill is the UK Government's legislative response to a regulatory system it considers too slow, risk-averse, and poorly suited to modern technological innovation. The Bill builds on the 2025 Regulation Action Plan, aiming to modernise the UK's regulatory framework so that it actively supports growth and innovation whilst maintaining essential consumer, worker, and environmental protections.

On AI specifically, the Bill identifies AI as a central focus. It acknowledges that AI alone contributed an estimated £11.8 billion to UK GDP in 2025, with over £1 billion in venture funding raised in Q1 alone, yet nearly one third of UK AI startup leaders are reportedly considering relocating overseas due to regulatory complexity. This underscores the Bill's urgency.

The Bill's primary mechanism for supporting AI will be the introduction of cross-economy sandboxing powers, i.e. legal powers allowing existing rules to be temporarily relaxed under strict controls to test new technologies in real-world settings. Specifically, the Bill proposes exploring cross-cutting AI sandboxes enabling responsible testing and adoption of AI-enabled products and services across multiple sectors where existing regulatory frameworks currently slow innovation.

AI in healthcare is highlighted as a particularly pressing use case. With nearly 750,000 patient imaging cases unreported within four weeks annually, and evidence that AI outperforms 78–90% of radiologists on certain diagnostic tasks, the Bill would enable controlled testing of AI-powered medical devices to accelerate patient access.

Throughout, the Government emphasises this is not deregulation; safeguards, accountability, and regulatory oversight remain central to all proposed sandbox trials.

Read the update here.

Europe

Digital Markets Act: Cloud Services and AI in Focus

The European Commission has concluded its first review of the Digital Markets Act (DMA), finding that the legislation has broadly achieved its objective of making EU digital markets fairer and more contestable, and does not currently require revision. However, the review has firmly identified cloud services and AI as the two key regulatory priorities going forward.

On cloud services, the Commission is focused on three ongoing market investigations launched last November - two examining whether Microsoft Azure and Amazon Web Services should be designated as gatekeepers, and a third assessing whether existing DMA obligations are sufficient to address concerns such as interoperability, data access, tying and bundling, and imbalanced contractual terms. The outcome of these investigations may yet prompt updates to DMA obligations for cloud providers. This mirrors the approach taken by the UK's Competition and Markets Authority, which has similarly targeted cloud market practices, with an SMS investigation into Microsoft's business software ecosystem commencing this month.

On AI, the Commission acknowledges widespread debate about whether the DMA is fit for purpose in the AI age. It has identified common themes (interoperability, self-preferencing, data access, and cloud dependencies) and is monitoring ongoing issues, including whether Google's AI Overviews comply with the DMA. Rather than immediately expanding the DMA, the Commission intends to use existing tools first, while leaving open the possibility of designating AI services as virtual assistants or introducing a new category of obligations if required.

The Commission has made its position clear: cloud infrastructure and AI are at the heart of Europe's digital sovereignty agenda, and some form of regulatory action in both areas appears to be a question of when, not if.

EU lawmakers reach agreement on AI Act amendments

On 7 May 2026, the European Parliament and Council reached a provisional agreement on updates to the EU AI Act, known as the “Digital Omnibus”. These amendments aim to simplify parts of the regime and make it easier for businesses and regulators to implement in practice. While not yet formally adopted, they give a strong indication of the EU’s more pragmatic approach.

The most important change is extra time to comply with rules for high‑risk AI systems. Under the proposals:

• Stand‑alone high‑risk systems would now need to comply by 2 December 2027
• High‑risk AI embedded in products (e.g. machinery or medical devices) by 2 August 2028

These extensions (up to 16 months in some cases) reflect the reality that key technical standards and compliance tools are still being developed.

The amendments also introduce some targeted clarifications and easing measures. For example:

• Some exemptions are extended to SMEs and smaller mid-sized companies
• Transparency rules for AI‑generated content are delayed until December 2026
• There is a new ban on AI systems that generate non‑consensual intimate content or child sexual abuse material

There are also efforts to reduce overlap with existing laws. In certain sectors (such as machinery), companies may be able to rely more on existing product safety regimes rather than complying with overlapping AI Act requirements.

Importantly, providers who do not classify their systems high risk may still need to register them on an EU database, maintaining a level of regulatory oversight.

The agreement now needs formal approval, expected in the coming weeks.

In practical terms, these changes give businesses more breathing space and clearer rules, but organisations should continue preparing for compliance and keep a close eye on further developments.

Read more here.

EU Commission shares first draft of Transparency Guidelines for the EU AI Act

On 8 May 2026, the European Commission published draft guidelines clarifying the transparency obligations for AI systems under Articles 50(1)-(4) of the AI Act (the Draft Guidelines). The Draft Guidelines sit alongside the Code of Practice on transparency of AI-generated content (the TCoP), which is a voluntary code that providers and deployers can use to demonstrate compliance with the marking and labelling obligations in Art. 50(2) and 50(4).

The Draft Guidelines, among other things:

• Confirm that entities merely distributing AI-generated content are not considered ‘deployers’.
• Introduce an exemption from the machine‑readable marking requirement in Article 50(2) for certain business‑to‑business systems.
• Clarify that content generated and made available before 2 August 2026 will not require labelling.

However, there are some potentially unhelpful points:

• Prescriptive requirements for machine-readable marking and detection: Providers must adopt a multi-layered approach to marking and provide detection mechanisms for AI-generated or manipulated content.
• Broad definition of ‘deep fake’: which covers persons, events, etc. that merely resemble something that “can exist or could have existed” (not just specific real people or things).
• Prescriptive requirements for ‘clear and distinguishable disclosures’: Disclosures hidden under menu options will not be compliant and must be easily understood by a broad audience (including e.g. children), implying obtrusive disclosures.
• Broad requirement to mark public interest text content: Labelling applies broadly to content “accessible by an indeterminate, fairly large number of unrelated, potential readers”.
• Narrow exemption for human review: Superficial or procedural checks will not suffice, nor will the mere existence of an editorial policy.
• Negative implications for not signing TCoP: Non-signatories can expect more RFIs and will need to provide more detailed explanations of their compliance measures.

Read more here.

US

US Federal AI Legislation Proposed

On 27 April 2026, California Representatives introduced the American Leadership in AI Act, a wide-ranging federal bill consolidating over 20 prior bipartisan proposals from the Bipartisan Artificial Intelligence Task Force they co-chaired.

The Bill covers a broad range of AI-related matters, including standards and testing, research infrastructure, federal governance and procurement, worker protections, safeguards against harmful deepfakes, and AI education and literacy.

A notable feature is the role assigned to the National Institute of Standards and Technology, which would help shape AI standards to ensure US systems can compete globally. The Bill also proposes multiple pilot programmes and innovation challenges aimed at advancing AI use within federal agencies.

On public-sector accountability, the Bill includes measures to support government procurement of AI and an "accountability" provision specifically addressing flawed, inaccurate, or biased AI-driven decisions that affect individuals.

The Bill has not yet been passed by the House of Representatives and would subsequently need to clear the Senate before becoming law, meaning its path to enactment remains at an early stage.

US Senate Judiciary Committee Advances the GUARD Act

On 30 April 2026, the US Senate Judiciary Committee unanimously approved (22-0) the Guidelines for User Age-verification and Responsible Dialogue (GUARD) Act, targeting children's access to AI "companion" chatbots. AI companions are defined as AI chatbots that simulate a sustained interpersonal relationship or emotional interaction through certain types of responses.

Key Provisions

• Age verification: under 18s would be prohibited from accessing AI companion chatbots.
• Criminal penalties for chatbots designed to generate sexual content with minors, or to promote violence or self-harm.
• Chatbots must regularly remind users they are not human.
• Professional impersonation ban: chatbots cannot claim to be therapists, lawyers, or other professionals.

The unanimous committee vote reflects growing political momentum to regulate AI interactions with minors in the US, though the Bill's final form remains uncertain.

Florida sues OpenAI and Sam Altman

Florida has filed a landmark lawsuit against OpenAI and CEO Sam Altman, alleging the company knowingly released addictive and unsafe chatbot technology. The state claims ChatGPT has caused a “litany of harms”, particularly to children, including alleged encouragement of self-harm, facilitation of violent acts, and the creation of dependency through human-like interactions that collect data without adequate parental oversight. The complaint seeks restrictions on data collection from under-13s and signals potential further legal action against other AI developers. OpenAI rejects the claims, emphasising its safety measures and protections for minors.

What distinguishes the OpenAI case is its focus on generative AI’s interactive and persuasive qualities. Whereas social media amplifies peer content, AI tools simulate conversation and empathy, potentially deepening user attachment and influence. This raises more acute concerns about manipulation, misinformation, and mental health impacts, especially for minors.

The case may mark a turning point for generative AI, which appears to be following a similar path to social media: rapid growth, followed by mounting scrutiny, litigation, and ultimately statutory constraints centred on safety and protection.

Read more here.

Global

China launches AI enforcement campaign

China has launched its 2026 'Qinglang' (Clear and Bright) enforcement campaign targeting the misuse of artificial intelligence, co-ordinated by the Cyberspace Administration of China (CAC) alongside the Ministry of Public Security. The campaign follows the 2025 edition, which ran for three months, resulting in over 3,500 AI products taken down, more than 960,000 pieces of illegal content removed, and over 3,700 accounts shut down or penalised.

The 2026 campaign targets four principal categories:

• AI-enabled fraud and deepfake impersonation (including voice-cloning and the non-consensual use of deceased persons' likenesses);
• AI-generated disinformation and co-ordinated inauthentic behaviour via social bot networks;
• non-compliance with China's mandatory LLM filing and registration requirements; and
• unlawful use of training data infringing intellectual property or privacy rights.

Read more here.

Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems

Cybersecurity authorities in five countries (UK, US, Canada, Australia and New Zealand) issued joint guidance on the secure use of agentic AI systems (those being AI that can independently plan tasks, access tools and data, and take actions with limited human input). While these systems offer significant benefits, the guidance stresses they introduce more complex and higher-impact security risks than standard AI tools.

Key risks highlighted include:

• Excessive access (privilege risk): broad system access increases the impact of compromise
• Design/configuration issues: third‑party components may introduce hidden vulnerabilities
• Unpredictable behaviour: systems may act in unintended or misaligned ways
• Reduced oversight: autonomous actions can limit visibility and control
• Accountability gaps: it may be difficult to explain or trace decisions

The guidance also notes that existing large language model risks (such as prompt injection and manipulation) can be amplified when AI can act on external systems.

Organisations are advised to adopt agentic AI cautiously, only where necessary, and to manage it within existing cybersecurity frameworks. Human accountability remains essential, with clear responsibilities for oversight, access control, monitoring, and incident response defined before deployment.

Read the update here.

OpenAI Launches Enterprise Deployment Company

OpenAI has announced the launch of its "OpenAI Deployment Company," a consultancy-focused venture aimed at driving large-scale enterprise adoption of its AI technology. The initiative involves acquiring consulting firm Tomoro and building a team of Forward Deployed Engineers to work directly with major organisations. Backing comes from a high-profile coalition including Bain Capital, Goldman Sachs, SoftBank, McKinsey & Company, and Capgemini.

The move signals a deliberate shift away from consumer-facing products, with OpenAI now aiming to help large organisations integrate AI directly into their core operations. A key motivation is revenue growth ahead of a planned IPO, and the move appears designed to counter Anthropic's growing foothold in enterprise markets, including the legal sector.

OpenAI is now competing more directly for enterprise clients, potentially bypassing existing SaaS intermediaries. For law firms and legal tech providers built on OpenAI's models, this raises questions about the future shape of the vendor landscape and where AI deployment relationships will sit.

Read more here.

Anthropic Files for IPO at $1 Trillion Valuation

Anthropic has confidentially filed for an IPO, positioning itself at the front of a wave of potential mega‑listings alongside SpaceX and OpenAI. The IPO is set to value the Claude developer at more than $1tn.

The move signals intensifying competition for capital and market leadership among leading AI companies, with the offering expected to be one of the largest in recent years.

Read more here.

Alphabet Plans $80bn Share Raise to Fund AI Infrastructure

Alphabet announced on Monday (01/06) plans to raise up to $80bn through share sales to finance large‑scale investment in AI infrastructure, including data centres and compute capacity. This includes a $10bn share sale to Berkshire Hathaway, which has been building a position in the Google parent company since the third quarter of 2025.

For a company of Alphabet's scale to be raising capital of this size is a reminder of just how expensive the race to build AI infrastructure has become, and how much is at stake for those competing at the frontier.

Read more here.

OpenAI Foundation Commits $250m to Research on AI's Economic Impact

OpenAI’s foundation has committed $250mn to fund research and programmes focused on AI’s economic effects, including job displacement, labour market shifts, and new models for distributing value.

The initiative highlights growing industry recognition of AI’s societal impact and may shape future policy debates around workforce transition, economic resilience, and regulation.

Read more here.

AI for Good: DISHA and Humanitarian Response‍

DISHA, a UN-led AI initiative, is using advanced tools like mobile phone data and satellite imagery to transform disaster response. It has enabled real-time tracking of population movement in high-risk regions like the Philippines and can now assess building damage within hours rather than days or weeks. In 2025 alone, DISHA-supported tools were used in response planning for 11 major natural disasters affecting tens of millions of people.

This marks a significant improvement in how humanitarian aid is delivered. Faster, more accurate data allows responders to prioritise resources, coordinate more effectively, and reach affected communities sooner. It also shows how large-scale collaboration (between the UN, governments, and tech companies like Google) can turn AI into practical, life-saving tools.

Looking ahead, projects like AI-powered refugee settlement mapping could provide continuously updated insights that simply haven’t been possible before, helping address long-standing gaps in global humanitarian response.

AI helps with conservation efforts in Australia

AI is transforming wildlife conservation in Australia by overcoming a major data bottleneck. Researchers at the University of Queensland have developed a cloud-based AI platform, WildObs, that analyses millions of images from remote wildlife cameras, turning what was previously an unmanageable volume of raw data into fast, actionable insights.

WildObs uses AI models trained on Australian ecosystems to identify species far faster than human reviewers could manage, enabling quicker and more informed decision-making across thousands of monitoring projects. The platform can flag population declines, detect rare or invasive species, and track biodiversity shifts across large geographic areas, helping conservationists direct limited resources to where they are most urgently needed.

This is a great example of AI doing what it does best: making sense of huge volumes of data, so that people on the ground can make better decisions. Here, the technology is ultimately giving conservations a more realistic chance of protecting vulnerable species.

Read more here.

8-12 June 2026 – London Tech Week

10-11 June 2026 – The AI Summit Series: The AI Summit London

29-30 June 2026 – Reuters: Momentum AI London

7-10 July 2026 – UN: AI for Good Global Summit (Geneva)

23-24 September 2026 – Big Data London