What Is the EU AI Act? A Plain English Guide for UK SMEs

If you’ve been hearing about the EU AI Act and aren’t sure what it means for your business, you’re not alone. Most UK small business owners haven’t had time to read a 144-page EU regulation. This guide covers everything you need to know in plain English.

The EU AI Act is a law passed by the European Union that regulates how artificial intelligence is used. Think of it like GDPR — but for AI instead of personal data. It sets out rules for how AI can be used, what documentation businesses need to keep, and what’s banned outright.

It came into law in 2024 and becomes fully enforceable on 2 August 2026.

Possibly — and this surprises a lot of people. The Act has extraterritorial reach, meaning it applies to businesses outside the EU if their AI affects people inside the EU.

You’re likely affected if:

• You have any customers in Europe.
• You have staff based in EU countries.
• Your website or app is used by people in the EU.
• You use AI tools that process data about EU individuals.

If you use ChatGPT, Copilot, automated marketing tools, AI hiring software, or AI customer service chatbots — and any of those touch EU individuals — you are in scope.

It depends on how you use AI. The Act uses a risk-based approach:

• Minimal risk — most businesses using AI for things like spam filters or recommendation engines. Light obligations, mostly transparency.
• Limited risk — businesses using AI chatbots or AI-generated content. Must tell people they’re interacting with AI.
• High risk — businesses using AI in hiring, healthcare, education, credit scoring, or law enforcement. Significant documentation requirements.
• Unacceptable risk — banned outright. Social scoring, manipulative AI, real-time biometric surveillance.

For most UK SMEs, the minimum is:

• AI Acceptable Use Policy — what AI your business uses and how.
• AI Literacy records — evidence your staff understand the AI they work with.
• Transparency disclosures — telling customers when AI is involved in decisions that affect them.

Fines of up to €35 million or 7% of global turnover. And unlike some regulations, the EU has a track record of actually enforcing these things — GDPR fines have been issued against businesses of all sizes across Europe.

That’s exactly what our free compliance risk check is for. Answer 8 quick questions about your business and we’ll tell you exactly where you stand at clausely.co.uk/compliance-checker.

Already know you need to get compliant? Our packs are generated within the hour from £399. See our compliance packs at clausely.co.uk/pricing.