Guidelines for using generative artificial intelligence if you’re a software developer
Find out the expectations for good use of generative artificial intelligence (AI) in commercial software products that help customers submit information to HMRC.
HMRC recognises the opportunities that generative artificial intelligence (AI) offers software developers and encourages innovative use of AI in tax software products.
If you are a software developer, this guidance sets out HMRC’s expectations for what good use of generative AI — sometimes know as ‘Gen AI’ — looks like in commercial software products. This could be for products that help customers with their taxes, like when submitting tax returns or other information to HMRC.
Where software products use generative AI, it is expected that they:
- are transparent
- consider HMRC guidance and only use reliable source data — this should be in line with the relevant legislation
- are designed with human oversight and control
- include strong data-security and privacy measures
- are ethical
HMRC does not endorse or approve any software developer or product. Software developers must not suggest or imply that they are acting on behalf of HMRC.
Using generative AI with transparency
You are responsible for making sure that any AI model you use when building your software has strong controls, so users are aware that the software is enhanced by generative AI. You should be transparent about how human review is applied to the results from the model and clearly communicate the capabilities and limitations.
Users should be able to:
- identify the source data used
- understand how the source data is processed
- understand the limitations of the model and raise issues identified with its results
- be aware of the possibilities of bias and inaccuracies — an example of the latter being called ‘hallucinations’, where the generative AI system produces information that appears to make sense but is factually incorrect or made up
This transparency will build trust and allow users to make better-informed decisions.
Using reliable source data
HMRC expects any software enhanced by generative AI to:
- support the production of tax returns and related information
- produce results that comply with tax legislation and case law to support users to submit an accurate return
It’s important the data sources used by generative AI models are high quality, reliant and reliable. These data sources are expected to come from materials, such as:
- official HMRC publications
- legislation
- established case law
HMRC expects you to implement strong testing and deployment processes in your software. These should cover the continuous monitoring, version control and timely updating of the underlying code and all relevant data sources. This proactive management is essential to reflect changes in tax legislation, case law and HMRC guidance as they happen.
Designing with human oversight and control
Generative AI-enhanced software that helps customers with their tax should be designed with strong human oversight and control built in at appropriate stages. It should support, not replace, human judgment. Where needed, it should actively prompt users to check the results themselves and allow them to correct any errors or raise any issues with the software.
If your software identifies areas involving nuanced tax rules, complex scenarios or specific guidance, it should clearly flag this to the user. It should identify the need to investigate further or recommend seeking advice from a qualified tax professional.
Your software should clearly remind users that it is their responsibility to make sure their tax returns are accurate.
Including strong data-security and privacy measures
It is important that generative AI-enhanced software that helps customers with their tax includes Secure Software Development Lifecycle (SSDLC) best practices by:
- complying with UK General Data Protection Regulations (GDPR)
- embedding privacy by design
- building in strong security measures
This is important because some of these tools handle highly sensitive personal, commercial and financial data, and must operate without compromising privacy. Users should be able to see how their information is processed.
Using generative AI ethically
If you are building generative AI-enhanced software, HMRC expects you to operate in a way that:
- makes sure all software outputs fully comply with legal requirements
- uses diverse and representative training data — and where personal data is involved, makes sure its use is fully compliant with UK GDPR
- implements continuous auditing to prevent the development of harmful, biased, or discriminatory models
- makes sure the AI system is fair and trustworthy, fully accountable, and demonstrably serving the public good