More Delays, More Questions – What’s Really Happening with the UK Data Bill?

In a significant turn of events for the UK’s data governance landscape, the House of Lords has delivered a powerful rebuke to the government’s ongoing attempts to relax rules for artificial intelligence companies. Peers backed an amendment to the Data Use and Access Bill (DUA Bill) that would require AI developers to disclose which copyright-protected materials they have used to train their models. 

This legislative pushback is not only a victory for creators and rights holders, but also a necessary check against opaque AI development practices that clash with the fundamental transparency and accountability principles enshrined in UK GDPR. 

While this debate may appear niche, it’s about far more than copyright. It’s about direction, principle, and pace. The government finds itself caught between wanting to move fast on digital reform and the growing public and professional concern that it’s leaving too many critical rights and safeguards behind. 

The UK Data Bill – More than a technicality 

This is the second time peers have tried to build stronger protections into the UK data bill, and the concern is clear: that certain sectors in this case, the UK’s creative industries are being asked to sacrifice their intellectual property without proper consultation, clarity, or compensation.  

The amendment, passed in the House of Lords on 12 May 2025 and led by Baroness Beeban Kidron, requires AI developers to declare which copyrighted content has been used during the training of their large language models (LLMs) or generative AI systems.  

For AI providers, this requirement introduces several new burdens: 

• Model provenance tracking – AI companies will now be expected to identify and document source materials with precision. 

• Copyright rights-holder mapping – The relationship between copyright and personal data may overlap, requiring hybrid legal assessments. 

• Further legislative delays – The amendment sends the bill back to the Commons and sets up a likely back-and-forth (“ping-pong”) between chambers. 

Tightening the Definition of Scientific Research: Why Amendment 43B Matters 

Another key flashpoint in the Lords’ debate was the definition of “scientific research”. Critics have feared that overly vague language could allow companies to justify data processing under the loose guise of research, blurring the line between genuine science and commercial experimentation. 

To address this, Amendment 43B, tabled by Viscount Colville, proposes a more structured approach. It defines scientific research using the internationally recognised OECD Frascati Manual and requires that such activity adhere to appropriate ethical, legal, and professional frameworks. 

Supporters say this brings much-needed clarity and protects public trust, particularly in sensitive areas like health and AI. But others warn it could impose unnecessary red tape. Critics, including the government, argue that most researchers already work under existing ethical standards, and that formalising these requirements in legislation could add bureaucratic burdens without clear benefits. 

As the Minister put it, this might risk “chilling basic and curiosity-driven research”, especially in universities and early-stage innovation. The question is whether this safeguard enhances public interest, or simply slows scientific progress without fixing a clearly defined problem. 

Meanwhile, the clock is ticking 

There’s another reason this matters. The current data adequacy agreement with the European Union, the legal basis that allows personal data to flow freely from the EU to the UK, expires at the end of 2025. It may seem far away, but in regulatory terms, that’s the blink of an eye. 

If the EU concludes that the UK’s new data regime no longer offers “essential equivalence” to GDPR, there’s a real risk the adequacy decision won’t be renewed. This would be a major headache for businesses that operate across borders, especially SMEs that don’t have the resources to manage complex legal workarounds. 

The EU has made clear that it’s watching UK reforms closely. Every amendment, every concession, every consultation outcome will be weighed against the EU’s high bar for data protection. And right now, it’s not entirely clear where the UK will land. 

So where does that leave us? 

For now, the UK data bill returns to the Commons. The government can either accept the Lords’ changes or try to remove them, which would trigger another confrontation in the upper house. That back-and-forth could mean more delays, and more uncertainty for businesses trying to plan ahead. 

It’s a frustrating situation. The UK does need a modern, responsive data regime. But reform without clarity, trust, and proper engagement will only slow things down further. 

At this point, we urge organisations not to wait on the sidelines. Review your data flows, understand where your EU connections lie, and keep a close eye on how the adequacy conversation develops over the next 6–12 months. The decisions made in Parliament today could have serious operational and legal implications tomorrow. 

As ever, our team is here to help clients navigate this shifting landscape. Check out our podcast on the DUA Bill here