Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of risks arising from the overseas processing of data by AI systems used by UK companies; and what steps they are taking to ensure compliance with data protection and cybersecurity requirements.

The Government recognises that UK companies’ use of AI systems often relies on global infrastructure, which can create challenges in how organisations manage transfer risks.

Where personal data is processed in AI systems, in the UK or overseas, it will be subject to the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, which includes maintaining the UK's high data protection standards when transferred internationally.

The Information Commissioner’s Office (ICO) is responsible for monitoring and enforcing compliance with these requirements.