United Kingdom: Data (Use and Access) Act 2025 (Commencement No. 1) Regulations 2025 including data protection regulation were adopted by Minister of State

On 21 July 2025, the Minister of State at the Department for Science, Innovation and Technology made the Data (Use and Access) Act 2025 (Commencement No. 1) Regulations 2025 (S.I. 2025 No. 904 (C. 40)), bringing into force on 20 August 2025 a set of provisions forming Stage 1 of the government's four-stage implementation plan for the Data (Use and Access) Act 2025, which received Royal Assent on 19 June 2025. Stage 1 commences technical provisions clarifying the legal framework for data processing, statutory duties for the Information Commissioner’s Office in the exercise of its functions, and reporting obligations relating to the use of copyright works in artificial intelligence systems. The Act establishes a legal basis for the access, sharing, and protection of customer and business data, empowers the Secretary of State and the Treasury to make regulations for data access requests by customers or authorised persons, and defines business data to include goods, services, digital content, customer feedback, and usage patterns. It further introduces a statutory framework for digital verification services, the creation of a register of identity verification providers, and mandates the development of the National Underground Asset Register. The Act also includes provisions on the processing of special categories of personal data, automated decision-making, and data subject rights under the UK General Data Protection Regulation and the Data Protection Act 2018.