Ai / Business | UK MPs are backing an amendment that would give ministers last-resort powers to shut down AI systems or data centres in a catastrophic emergency. The proposal is not law yet, but it signals a tougher compliance environment for AI startups serving critical sectors.
British lawmakers are testing a harder line on AI safety: give ministers emergency powers to shut down dangerous systems when catastrophic risk is on the table.
The UK’s AI debate has moved from principles to power switches. A group of MPs is backing an amendment to the Cyber Security and Resilience Bill that would let the Secretary of State order the shutdown of data centres, or AI systems running inside them, during an AI security or operational emergency.
That is a serious escalation. For years, governments have talked about model evaluations, voluntary commitments and safety institutes. This proposal asks a more direct question: if an AI system is being used to attack critical infrastructure, or if an autonomous system begins causing harm faster than normal regulation can respond, who can stop it?
According to Computer Weekly, the amendment was brought by Labour and Co-operative MP Alex Sobel and has support from 11 MPs, including Labour’s John McDonnell and Dawn Butler, former Conservative science and technology minister George Freeman and Conservative MP Desmond Swayne. It is also backed by Control AI, the campaign group calling for stricter controls on advanced artificial intelligence.
The government has not endorsed the amendment, and Parliament has not yet decided on it. That matters. This is not law. But it is still a useful signal for founders and investors, because regulation often moves first through amendments, hearings and pressure campaigns before it becomes a compliance checklist.
The amendment uses the language of last-resort powers. It would allow ministers to direct the shutdown of data centres or AI systems used or deployed by a data centre during an AI security or operational emergency. The trigger would not be ordinary product failure. The test is much higher: large-scale disruption to critical infrastructure or essential services, serious degradation of UK national security, defence or intelligence capabilities, or severe large-scale harm to human life.
The text also defines an AI system widely. It covers machine-based systems that can generate predictions, digital content, recommendations, decisions or other outputs, or influence a physical or virtual environment to achieve an objective. That definition is important because it reaches beyond chatbots. Agentic cyber tools, automated decision systems and AI infrastructure attached to essential services could all come into scope if the other conditions are met.
Data centre operators would not simply wait for an emergency call. The proposal points toward technical infrastructure, secure communication channels for government directions, incident reporting, mitigation measures and regular emergency exercises. After a shutdown, operators could be required to monitor the incident and prevent recurrence before systems are allowed to resume.
There is also a legal backstop. The amendment says operators should be told the reasons for action as soon as reasonably practicable and should have the right to apply to the High Court for relief. The court could confirm, vary or cancel the requirements, impose additional requirements or order compensation. That makes the power less like a casual off switch and more like an emergency state intervention with judicial review attached.
Startups should read this as a compliance warning
For AI startups, the immediate risk is not that a minister will shut down a product next week. The practical risk is that infrastructure-level obligations become part of the cost of serving regulated customers. If a company sells agentic AI into energy, finance, healthcare, telecoms, defence or public services, customers may start asking whether the product can be isolated, paused, audited and recovered under emergency conditions.
That changes product design. A serious AI company can no longer treat shutdown controls as an internal engineering convenience. It may need operational logs, human override points, permissions that cannot be altered by the AI system itself, independent monitoring and contracts that explain who is liable if a shutdown causes losses. These are not glamorous features. They are the sort of things that decide whether a regulated buyer can sign.
The proposal also exposes a technical weakness in the phrase kill switch. Modern AI applications are rarely contained in one building. A single product may depend on a foundation model hosted in one country, a cloud region in another, a vector database, third-party APIs and customer-side integrations. Turning off one UK data centre may stop one workload, but it may not stop a distributed system that can fail over elsewhere.
That does not make the idea useless. It means the real implementation would have to be procedural as much as physical. A credible emergency shutdown regime would need to identify model providers, cloud operators, data centre operators and downstream deployers before the crisis starts. Otherwise the government could have legal authority but no practical route to the system causing the damage.
The UK is also trying to hold two positions at once. Ministers want the country to be a serious AI economy, with AI growth zones, national compute capacity and a more flexible approach than the European Union’s AI Act. At the same time, Parliament is showing that flexibility may not mean light-touch forever. If the UK creates infrastructure shutdown powers while the EU builds risk categories and product obligations, cross-border startups could face two different compliance cultures.
That fragmentation is not just a lawyer’s problem. It affects where companies host models, how they write customer contracts and whether they can run the same architecture across markets. A UK deployment might need emergency shutdown procedures tied to data centre rules, while an EU deployment may need conformity assessments, risk management files and transparency obligations. The product is the same. The regulatory shape around it is not.
The proposal may fail, soften or return in another form. But the direction is clear enough. AI safety is moving from abstract concern to operational control, and the companies best placed for that world will be the ones that can prove not only what their systems can do, but how they can be stopped when something goes wrong.
Also read: Leaked GPT-5.6 screenshots hint at a cleaner OpenAI interface • Palantir’s NHS data row is becoming a wider UK public sector test • Grab and RSM join Singapore drive to lift 12,000 SMEs into AI and cyber readiness