The Data Use and Access Act

On June 19th, the Data Use and Access Act (DUAA) became law, marking a shift in how UK businesses handle, manage, and safeguard data. The new legislation was brought in to improve data transparency and interoperability, helping to supercharge technology-driven innovation alongside other initiatives such as the Government’s AI action plan and partnership with OpenAI. These changes stand to deliver a major economic impact, with wider data mobility estimated to increase GDP by £27.8 billion per year.

 

Over the coming months, consultations and new guidance will be announced to help organisations meet the requirements of the DUAA and reap the rewards of data-driven insights. For many, this will mean a major shift in the way they gather, connect and share data across their business.

 

 

Mind the compliance gap

The DUAA will introduce guidelines to make data sharing easier both internally and across industries. Data interoperability – the ability for systems to exchange and use information consistently – is at the core. Without this capability, data remains siloed and relies on manual processes, which limits context and increases the risk of human error. However, only 14% of businesses that handle digitised data share it outside their organisation, so many will be sailing in uncharted waters when trying to meet compliance demands.

 

Taking steps to improve data interoperability and mobility will unlock new efficiencies, laying the foundations for wider use of automated decision-making in industries such as finance and customer service. However, under the DUAA, firms must also be able to explain how automated decisions are made. To comply, they will require insight into which data AI uses to inform its decisions and where it came from, as well as the rules that it was following at the time. This audit trail is missing in many organisations.

 

A lack of transparency will erode public acceptance for the use of their data to power AI decisions. There are already warning signs that some are moving too quickly, without establishing the right guardrails. The Financial Reporting Council found that six of the UK’s largest accounting firms do not monitor how AI affects audit quality. Without this oversight, the reliability of audits is weakened, along with confidence in the wider financial system. Findings like this underline that organisations urgently need visibility into AI systems and their use of data.

 

 

Laying the groundwork

To ensure compliance with the DUAA, organisations need to ensure AI capabilities are underpinned by a robust data infrastructure. Every system must be connected, interoperable, and capable of sharing information. A mature API strategy is pivotal to this, enabling applications to exchange data seamlessly and securely. When implemented effectively, APIs break down silos between data and enable it to move between systems without friction.

 

However, APIs are also the top software attack vector, so organisations should ensure robust security and privacy practices are part of their data management strategy. Forgotten or ‘zombie’ APIs – those that remain active but are no longer used, maintained or protected, are a prime target for cybercriminals. Robust security begins with creating a central view of every API across the business, so it’s easier to manage their lifecycle and decommission any that are no longer used. Encrypted communication and strong authentication measures further bolster security, ensuring APIs never become a compliance liability.

 

Beyond securing their API connections, organisations will need a robust data framework to guarantee the accuracy of AI-driven decisions. That means building data sets that are auditable, context-aware, bias-resistant - and most crucially for DUAA compliance, are observable and transparent by design. To achieve that, organisations will need a system that can ingest, aggregate, deduplicate, validate and govern data across different frequencies and sources. The result is a clean and reliable source of data that ensures AI systems are making decisions based on trustworthy data that can be fully explained.

 

 

Staying ahead of the curve

The DUAA is still in its early stages, but waiting for enforcement before taking action would be a mistake. Organisations that act now will avoid the last-minute rush to get their systems and data in check. Upgrading data infrastructure doesn’t just tick a compliance box. It’s about building a future-proofed strategy that supports resilience, accountability and regulatory openness from day one. Firms that do so will be one step ahead and ready to lead in the new era of AI-driven autonomy that the DUAA is shaping. 

 

---

 

Ann Maya is CTO at Boomi

 

Main image courtesy of iStockPhoto.com and Just_Super