Compliance6 min read

Is It Safe to Use AI for Your UK Taxes? (HMRC, Self Assessment)

Yes for general questions, no with your identifiers: never paste your UTR or National Insurance number into a consumer ChatGPT to file UK Self Assessment.

By Pierre de ONYRI

The short answer fits in one line. AI can explain the tax rules, but never hand it your identifiers. A UK tax file holds very sensitive data. Your UTR (Unique Taxpayer Reference). Your National Insurance number (NINO). Your income. Your address. Pasted into a consumer ChatGPT, these identifiers can be retained, reviewed or reused for training. HMRC (HM Revenue & Customs, the UK tax authority) warns against sharing them. Under the UK GDPR, the UK version of the GDPR, they are personal data. There is a clean method: ask your general questions, but anonymise your identifiers before you send.

What a UK tax file lays bare

Self Assessment is the system HMRC uses to collect Income Tax. Some income is not taxed automatically at source. Profits from self-employment. Rent from a property you let. That income has to be reported through Self Assessment. And HMRC can require anyone it chooses to file a return.

To file, you handle precise identifiers. A UTR. A National Insurance number. The detail of your income. Your address. The UTR is issued by HMRC. You can find it in your Personal Tax Account, in the HMRC app, or on tax returns and other HMRC documents. HMRC's own guidance notes a UTR can be 10 or 13 digits long.

The deadlines make this a hot topic every winter. You must tell HMRC by 5 October if you need to file for the previous tax year. The online return and any tax owed are both due by 31 January. Miss these, and penalties and interest kick in. Calendar pressure pushes people to seek help fast. Sometimes from an AI, with the full file in hand.

What HMRC says: keep these numbers to yourself

GOV.UK's official guidance is blunt. To prevent identity fraud, do not share your National Insurance number with anyone who does not need it. It's written plainly in GOV.UK's National Insurance guidance.

GOV.UK also names the limited set of bodies that legitimately need it.

  • HMRC and your employer.
  • The Department for Work and Pensions (DWP), including Jobcentre Plus and the pension and disability services.
  • Your local council and the Electoral Registration Officer.
  • The Student Loans Company, pension and ISA providers, and authorised financial-service providers.

One thing stands out. A consumer AI chatbot appears nowhere on that list. It has no legitimate need for your NINO or your UTR. GOV.UK goes further. It tells you to get these identifiers only from official sources: the Personal Tax Account, the HMRC app, or genuine HMRC documents. These are sensitive credentials, not casual reference numbers.

The law: UTR and NINO are personal data

UK law settles the question. Under the UK GDPR and the Data Protection Act 2018, an identifier like the National Insurance number is personal data. It stays protected information whenever it is processed. Including when you paste it into a third-party AI service.

The Information Commissioner's Office (ICO) is the UK's data protection regulator. Its position is clear. The principles of the UK GDPR apply to the use of personal information in AI systems. The law takes a risk-based approach. Organisations must assess and mitigate the risks their AI use poses to people's rights and freedoms. The ICO even publishes a dedicated resource, the AI and data protection risk toolkit.

In plain terms: pasting a UTR or a NINO into a consumer ChatGPT is not a harmless move. It is processing personal data. And it opens a real risk of tax identity fraud — the very thing HMRC works to prevent.

You assumeThe reality
“My UTR is just a reference number”GOV.UK treats it as a sensitive identifier, sourced only officially
“An AI seeing my NINO is no big deal”HMRC advises against sharing it with anyone who doesn't need it
“These numbers aren't personal data”Under the UK GDPR and the DPA 2018, they are — and stay protected
“A chatbot counts as an authorised service”It's absent from GOV.UK's list of legitimate bodies
The risk isn't talking taxes with an AI — it's the identifiers you leave behind in the prompt.

The fix: anonymise before you send

Good news: AI is still useful for your taxes. It can explain how Self Assessment works. It can clarify a deadline, a deduction, a form. For that, it needs none of your identifiers. Ask the question in general terms. Keep your UTR, your NINO, your amounts and your address out of the prompt.

Two-part diagram: at top, a UK tax form with its UTR and National Insurance number lines in the clear (amber) travels toward an AI card that receives the exposed file, with an amber high-risk alert; at bottom, the same form anonymized shows only cobalt tokens, and the AI receives only tokens with a checkmark.
After GOV.UK's National Insurance and Self Assessment guidance (HMRC) and the ICO's guidance on AI and data protection.

When you really must include a concrete case, anonymise it first. Replace each identifier with a token. The AI reasons about the shape of your situation, without ever seeing the real values. You restore the real values afterwards, locally.

  1. 1Spot the identifiers in your text: UTR, NINO, income, address.
  2. 2Replace them with reversible tokens, in the browser.
  3. 3Send only the anonymized text to the AI.
  4. 4Restore the real values in the reply, locally.

That's what ONYRI Sanitize is for. The engine detects sensitive data — UTR, National Insurance number, amounts, address — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the model. The AI finds only tokens, never your real tax identifiers. You get the help, without the identity-fraud risk that HMRC and the ICO ask you to rule out.

Frequently asked questions

Is it safe to use AI for your UK taxes?
Yes for general questions, no with your identifiers. AI can explain Self Assessment, a deadline or a deduction with no personal data at all. But never paste your UTR, your National Insurance number, your income or your address into a consumer ChatGPT. HMRC advises against sharing these identifiers, and under the UK GDPR they are personal data. Anonymise them before you send.
Can I put my UTR or National Insurance number into ChatGPT?
Better to avoid it. GOV.UK asks you to share your National Insurance number only with bodies that need it, to prevent identity fraud. A consumer AI chatbot is not one of them. The UTR is a sensitive identifier, to be obtained from official sources. If you must describe a case, replace these numbers with tokens before you send.
Can AI help with Self Assessment without my identifiers?
Yes. Self Assessment is HMRC's system for reporting income not taxed at source, such as self-employment or rental income. AI can explain those rules, the deadlines (5 October, 31 January) and the forms in general terms. It never needs your UTR or your NINO to do that.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next