Most UK tech businesses assume the EU AI Act is a Brussels problem. It is not.
If your AI tool is used by customers in the EU, or your product touches EU users in any meaningful way, the Act can apply to you directly. Turnover size and head office location do not exempt you.
For scaling tech companies building or embedding AI features, this is a legal framework worth understanding now, not after a customer contract asks you to confirm compliance.
Why this matters for UK businesses
The EU AI Act sets rules based on how an AI system is used, not where the company selling it is based.
If you sell into the EU market, integrate AI into a product used by EU customers, or provide AI as a service to EU based clients, the obligations can reach your business even without a European office.
This is increasingly showing up in due diligence. Investors and enterprise customers are starting to ask direct questions about AI risk classification and compliance position before signing.
What actually changes for your business
The Act does not treat all AI the same way. Obligations scale with risk.
- Some AI uses are banned outright, such as certain manipulative or exploitative systems
- High risk AI systems carry the heaviest obligations, including documentation, risk assessment and human oversight
- Limited risk systems mainly require transparency, such as telling users they are interacting with AI
- Minimal risk systems carry light or no additional obligations
The first step for any business using or building AI is working out which category applies. Many businesses assume they sit in a lower risk category without actually checking.
Where the commercial risk sits
The legal obligations matter, but the practical risk usually shows up somewhere else first.
- Enterprise customers asking for written confirmation of your AI compliance position before signing
- Investors raising AI governance as a due diligence point during fundraising
- Contracts with AI vendors that do not clearly state who is responsible for compliance
- Product features built on third party AI models with no clarity on how that model was trained or classified
- No internal record of what AI tools are actually in use across the business
None of these show up as an obvious legal problem on day one. They show up during a funding round, a procurement review, or a customer's legal team asking a question your team cannot answer confidently.
What to check now
- Map every AI tool used in your product and internally across the business
- Identify which risk category each use case is likely to fall into
- Check vendor contracts for AI tools to confirm who carries compliance responsibility
- Review customer facing terms to ensure AI use is disclosed appropriately
- Put a simple internal record in place, even a basic one, showing what AI is used and why
Summary
The EU AI Act is not just a regulatory box to tick. It is becoming a standard question in customer contracts, investor due diligence and supplier negotiations, even for UK businesses with no EU office.
Getting ahead of this now is far easier than answering it under pressure during a live deal.