🚀 Launch offer: Sign up free and get 60 days full Pro access — no credit card needed. Claim it →
The EU AI Act is now in force — the world's first comprehensive AI regulation. For UK businesses, it's more relevant than it may first appear: if you deploy AI-powered tools to EU customers, serve EU residents, or use AI systems that interact with EU data, the Act likely applies to you. And with the UK developing its own AI framework, understanding the EU's approach is essential groundwork.
The EU AI Act entered into force on 1 August 2024. Phased implementation means most obligations apply from August 2026, but high-risk AI provisions and the AI literacy requirement began applying earlier. Don't assume you have unlimited time.
The Act takes a risk-based approach, classifying AI systems into four tiers:
For most UK SMEs, AI tools they use or deploy will fall into the "limited risk" or "minimal risk" category. However, if you use AI in HR processes (CV screening, performance assessment), credit decisions, or certain customer-facing interactions, high-risk provisions may apply.
The EU AI Act has explicit extra-territorial reach, similar to GDPR. It applies to you if:
If your SaaS product, marketing automation, or customer-facing AI tool is used by EU customers, the Act reaches you.
Post-Brexit, the UK is not subject to the EU AI Act domestically — but UK businesses targeting EU markets must comply with it for those markets, just as with EU GDPR. Many UK companies operating across both markets will need to align with both frameworks.
The Act distinguishes between providers (who develop or place AI systems on the market) and deployers (who use AI systems in their business). Most UK SMEs are deployers — using AI tools built by others.
Article 4 of the EU AI Act requires all providers and deployers to ensure a sufficient level of AI literacy among staff. This applies from 2 February 2025 — one of the earliest provisions to take effect.
For practical purposes, this means organisations need to provide AI awareness training to staff who use, build, or make decisions based on AI tools. The requirement is proportionate to context and size, but it is a mandatory baseline, not a recommendation.
AlgoGrass's GDPR Training module includes AI literacy content aligned with Article 4 obligations — covering what AI is, how it makes decisions, risks to watch for, and how staff should apply human oversight. Explore the training module →
Most AI systems process personal data, which means GDPR applies alongside the AI Act. The two frameworks reinforce each other but have distinct requirements:
Run a GDPR compliance scan to check whether your AI-related data processing disclosures are in order before the EU AI Act's transparency obligations bite further. Free scan →
Fines under the EU AI Act are substantial — up to €35 million or 7% of global annual turnover for deploying prohibited AI systems; up to €15 million or 3% for other violations. EU member states are establishing national enforcement authorities. The European AI Office (established February 2024) oversees general-purpose AI models.
For UK businesses operating in EU markets, the risk is real — particularly for those in regulated sectors where AI is used in consequential decisions.
Check your GDPR and AI compliance position
AlgoGrass scans your website for GDPR risks and generates the documentation you need — including for AI Act-related transparency obligations. Start with a free scan.
Scan my website free →