ISITC TALKTIME: UK AI Compliance & Online Safety
TalkTime Podcast: UK AI Compliance & Online Safety
UK AI Compliance, Online Safety, and the New Data Landscape — What Firms Need to Know
In this compelling episode of the ISITC Europe AI Podcast Series, Gary Wright sits down with AIRTA (former GenBounty) CEO Bob Morel to unpack one of the most pressing regulatory shifts facing UK organisations today: compliance obligations under the Online Safety Act (OSA) and the Data Use and Access Act (DUA).
Morrell opens by clarifying how these two frameworks work in tandem, noting that “the Online Safety Act and the Data Use and Access Act… are designed to work together, to ensure the safety of AI consumers.” The OSA, often associated with social media harms and deepfake legislation, goes much further than many realise — even covering AI chatbots that retrieve information from the open web. As Morrel explains, “you need to ensure that the material produced is not harmful… particularly [to] minors.”
The conversation then dives into the DUA, which modernises the UK’s data environment by loosening certain GDPR constraints to enable AI innovation. This shift is already driving major investment in UK data‑centre capacity, as the country prepares for the computational demands of deepfake detection, content safety scanning, and real‑time AI monitoring.
The episode also explores the societal tension between safety and digital literacy. With rapid moves toward under‑16 social media bans, Morrel warns that “regulation… is stunting development among the next generation,” raising questions about how to balance protection with preparedness.
For businesses, the message is clear: governance must start with discovery. Shadow AI use, unmanaged tools, and department‑level experimentation all pose risks. Firms need structured frameworks — such as NIST‑aligned AI governance models — to map exposure, enforce controls, and align cybersecurity, risk, and compliance functions.
Whether you’re a financial institution, tech leader, policymaker, or risk professional, this episode offers essential clarity on the fast‑evolving regulatory landscape shaping AI adoption in the UK.
Tune in and stay ahead of the curve.
Viewing time: 11 mins
Bob Morel is the CEO of AIRTA Systems (formerly Genbounty), an AI Risk Management platform designed to facilitate market access for AI-driven applications within the European Union. Specializing in the EU AI Act and Enterprise Architecture, Bob helps AI teams classified as manufacturers under new regulations to navigate complex compliance landscapes. Through Genbounty, he delivers end-to-end product risk management, offering services that range from litigation defense and consumer safety to accreditation for CE Marking.
With a robust background in technical leadership, Bob previously served as the Head of Application Security at Centrica and the Application Security Lead at CoinFLEX, where he oversaw secure development lifecycles and ISO 27001 compliance. He is an active contributor to the cybersecurity community as an author for Infosec, creating learning paths on topics such as HTML5 security and the use of ChatGPT for offensive security. His expertise is supported by a B.Sc. in Computer Science, an ongoing MBA in Cybersecurity, and industry certifications including the (ISC)² CISSP, Security+, and SecAI+.
Leave a Reply
You must be logged in to post a comment.