Legal development

AI in rail – harnessing AI today for the railways of tomorrow

21 January 2025

Share Share
train passing station
Share

    The UK rail AI conversation

    Ashurst started the UK rail AI conversation in earnest on 24 October 2024 with a group of 20 industry leaders, including from the DfT and RSSB. The lively discussion addressed the unique opportunities presented by AI, as well as the risks it poses to the rail industry. It took place against the backdrop of the DfT's forthcoming AI strategy and the EU AI Act entering into force.

    Key takeaways

    • Effective AI adoption requires accuracy, explainability and clear regulatory objectives. Assurance is critical to ensure AI systems function as intended and to mitigate potential risks.
    • Proactive risk management is essential for safety and compliance purposes and for building trust in AI applications. The rail industry can use existing frameworks, and develop new ones, to address the new and evolving risks that AI presents.
    • Superb examples of rail AI currently in use include advisory tools with the capacity to detect animals on or near the track and remote condition monitoring to prevent infrastructure failures. AI systems should focus on providing solutions to existing problems, rather than creating solutions to problems that may not exist, whilst exploring in parallel the benefits of new innovative AI systems, to improve customer experience and business performance.
    • Rail AI applications already in use and those under development could serve as test cases for regulators to consider whether/how to regulate specifically for rail AI, to supplement existing ROGS and RIR requirements.
    • AI has not yet been adopted in fundamental/critical safety/operational applications in the rail sector. Without a clear understanding of AI related risks, and how these can be managed, further adoption may be hampered.
    • There is a strong industry-wide appeal for feedback and collaboration on AI experiences with the aim of achieving targeted optimisation of rail AI to increase efficiencies and value for consumers and avoid overregulation, without compromising on safety.

    Regulatory landscape

    The UK has no rail-specific AI regulations at present. However:

    • UK companies supplying to or operating within Europe may need to comply with the EU AI Act, which includes rail-specific provisions.
    • The UK Government’s AI White Paper outlines five core principles for regulators to consider when addressing sector-specific AI regulations (see below).
    • The Government is likely to introduce targeted legislation only for the most powerful AI models (that is, developers of LLM's).
    • Regulators are eager to consult the rail industry to help identify areas where AI regulation might be required.
    • A key question is whether existing rail safety and operational regulations, such as ROGS and RIR (which already apply to AI systems as they do to other software) are sufficient to deal with AI-specific challenges.
    • AI intersects with multiple regulatory areas, including ethics, data protection, intellectual property and cybersecurity, all of which could influence how future AI systems are governed.
    • Rail AI obligations are use-dependent and take account of factors such as the system’s application, the deployment context and the role of the party in the AI supply chain.

    EU AI Act

    The EU AI Act provides a comprehensive regulatory framework governing how AI systems in the EU are deployed and used.

    An AI System:

    • is machine-based;
    • is autonomous;
    • may learn and adapt;
    • responds to input; and
    • "infers" how to generate output.

    The risk categories for AI Systems and related obligations are based on risk to health, safety and fundamental legal rights of individuals. High-risk systems are subject to stringent compliance requirements, including conformity assessments, quality management systems and post-market monitoring.

    AI systems for rail are likely to be high risk where they relate to safety and where the risk is significant enough to warrant a third-party conformity assessment under the Interoperability Directive.

    Read more in our Global AI Regulation Guide.

    UK AI transport strategy's direction of travel

    The backdrop to the UK's regulatory approach to rail AI is the Government's AI "innovation over regulation" White Paper, which outlines five key principles for regulating AI. The Government's aim is to foster innovation while ensuring AI is developed and deployed responsibly, in a way that prioritises public trust and safety. Sector regulators (rather than the UK Government) are expected to decide where and how to regulate AI use in their sectors by applying these five principles:

    • Safety, security and robustnessAI systems must be secure, resilient and function as intended, thereby minimising risk to individuals/society. AI systems should be assessed, tested and monitored to ensure they have no vulnerabilities and can handle unexpected scenarios.
    • Appropriate transparency and explainabilitythis relates to AI system transparency in terms of operations and decisions. Organisations must provide clear, understandable explanations of how AI systems work and why specific decisions are made.
    • FairnessAI systems must be used fairly and must not discriminate unlawfully. Developers should implement mechanisms to detect and mitigate bias, ensuring outcomes do not disproportionately harm or disadvantage any group.
    • Accountability and governanceclear accountability for AI development and usage is required: organisations must assign responsibility for AI systems and their outcomes and ensure proper oversight, compliance, and governance structures.
    • Contestability and redress - harmful or unfair outcomes caused by AI must be capable of challenge/remedy.

    DfT has identified three priorities to bear in mind when approaching rail AI in particular, and transport systems more generally:

    • growing the economy by enhancing the transport network, on time and on budget;
    • improving transport users' experience by ensuring that the network is safe, reliable and accessible; and
    • reducing environmental impacts by tackling climate change and improving air quality by decarbonising transport.

    The DfT Transport AI strategy will be viewed in the context of these three priorities. The DfT is keen to gather insights from the rail industry to inform its approach to AI.

    Adoption of AI in Rail

    There are some excellent examples of AI being used in the rail sector to date.

    These largely focus on non-safety critical functions, and tend to be advisory, with a human firmly in the loop (at present) – such as predictive maintenance for track and trains/equipment.

    In the generally very risk averse rail industry, operators, suppliers and regulators are all likely to need to feel that they understand AI related risks and challenges more before AI adoption in safety critical situations.

    A clear regulatory direction could therefore assist earlier AI adoption and innovation in the rail sector.

    AI for businesses operating in the rail sector

    Businesses navigating the AI landscape should:

    • identify where rail AI opportunities can really add value, efficiencies and new relevant capabilities;
    • evaluate the potential reach/impact of each AI application, both initially and as it evolves, and establish if safety is affected;
    • understand their role in the AI ecosystem and identify their place in the supply chain;
    • recognise that the new obligations associated with AI applications in the rail sector need to be managed and the risks mitigated; and
    • foster public confidence in AI systems by ensuring transparency, reliability and ethical use.

    Rail AI regulation could:

    • establish clear objectives/requirements for AI applications to provide confidence and clarity;
    • address overlaps with existing health, safety and construction non-rail-specific regulations;
    • apply the AI principles set out in the UK AI White Paper;
    • define assurance requirements and adapt existing regulations to address AI-specific scenarios effectively;
    • clarify the need for human oversight;
    • anticipate AI future advancements and applications in the rail sector; and
    • encourage innovation and adoption of new use cases in the rail sector.

    How do the EU AI Act and UK White Paper interact and co-exist?

    The UK’s hands-off, decentralised regulatory stance could be impacted by the EU's comprehensive regulatory AI framework because (i) the EU AI Act's standards will filter into the UK, for UK businesses supplying to Europe; and (ii) the EU's comprehensive approach may serve as a useful example of best practice in terms of how to manage rail AI risk. The question is whether UK regulators will see fit to follow the EU example.

    Rail AI management, opportunities and risks

    As a predictive tool, AI accuracy and explainability are vital. AI generated results often require human interpretation, and models can sometimes fail to take account of extreme scenarios. If the objectives behind AI regulation are clearly articulated and understood, it is more likely that opportunities will be grasped and related risks managed effectively. In this way, more comprehensive AI regulation could in fact facilitate innovation.

    Understanding the purpose, system function, utility and significance of AI systems while anticipating the impact of potential failures or unintended results is critical to AI assurance. The ability to second-guess the behaviour of AI systems over time is essential in ensuring the integrity and reliability of AI in rail.

    The impact of existing regulations on rail AI is interesting and complex. The Provision and Use of Work Equipment Regulations, Supply of Machinery (Safety) Regulations, and the Construction (Design and Management) Regulations (among others) intersect with rail-specific regulations like RIR and ROGS and already apply to the introduction of AI systems. The question is what more, if anything, is required for regulating rail AI now and in the future.

    Questions for rail businesses

    • When AI systems serve solely as an advisory tool, who ultimately makes the decision and where does liability rest (and will that change once we get used to relying on AI systems)?
    • Will the use of AI for certain functions in the rail sector become an absolute requirement, that is, certain systems won't be considered sufficiently safe without it?

    The self-evolving nature of AI systems cannot be ignored. Robust internal governance frameworks must be established to ensure ongoing compliance with ethical/legal standards; and management of evolving risks in the future (to the extent we are able to predict and future-proof these things).

    Realising the value of rail AI through risk management

    Rail AI has the potential to deliver significant efficiencies and value, but may also bring increased risk. Proactive risk management involves identifying and mapping AI-related risks from an early stage, to improve decision making and more effective AI adoption, streamlining compliance efforts.

    A proactive approach reassures investors and stakeholders that potential risks are being continually and diligently identified and mitigated; stakeholder confidence is essential for investment in rail AI. The resulting focus on transparency and accountability also builds community and customer trust.

    Managing AI risks in the rail sector requires a comprehensive approach across the various risk domains, including regulatory, legal, business continuity, cybersecurity, and safety. Implementing a robust AI governance framework will mean that rail entities can ensure they use AI responsibly, enhance their decision making, and realise the full value of their AI investments.

    AI in Rail key trends

     

    PDF 340 KB
    Download PDF

     

    This publication is a joint publication from Ashurst LLP and Ashurst Risk Advisory LLP, which are part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Risk Advisory LLP is a limited liability partnership registered in England and Wales under number OC442883 and is part of the Ashurst Group . Ashurst Risk Advisory LLP services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. Ashurst Risk Advisory LLP is not regulated by the Solicitors Regulation Authority of England and Wales. The laws and regulations which govern the provision of legal services in other jurisdictions do not apply to the provision of risk advisory services.

    For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    This material is current as at 21 January 2025 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in the law or in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    Key Contacts