What the EU AI Act means for UK businesses (and why the deadline extension matters)
The EU just pushed its AI compliance deadlines back. Here is what UK businesses with EU customers need to know.
The EU AI Act has been generating headlines since it was passed in 2024, and a fresh wave of coverage arrived in March 2026 when the European Parliament approved the AI Omnibus package, a significant simplification of the original rules. New deadlines have been set. Some obligations have been reduced. And for most UK small businesses, the answer to "does this affect me?" is still: probably not much, but it is worth knowing the basics.
This is not legal advice. It is a plain-English summary of where things stand.
What the EU AI Act actually is
The EU AI Act is the world's first comprehensive legal framework for artificial intelligence. It came into force in August 2024, and it applies a risk-based approach: the higher the risk of an AI system, the stricter the rules around it.
The Act categorises AI into four risk tiers:
Unacceptable risk: AI that is banned outright. This includes social scoring systems, certain types of biometric surveillance, and AI designed to manipulate people without their knowledge.
High risk: AI used in critical areas like healthcare, hiring, credit scoring, education, law enforcement, and essential services. These systems face the strictest compliance requirements.
Limited risk: Systems like chatbots, where there are transparency obligations (the user must know they are talking to an AI).
Minimal risk: Most AI applications fall here. Spam filters, recommendation engines, AI writing tools used internally. Minimal obligations.
What the Omnibus changes mean
The AI Omnibus package, approved by the European Parliament in March 2026, made three significant changes:
Reduced obligations for smaller businesses. The original Act placed substantial compliance burdens on companies developing or deploying high-risk AI. The Omnibus package scales these requirements based on company size, with lighter-touch rules for SMEs and start-ups.
Simplified general-purpose AI rules. The rules around large AI models like GPT and Claude have been simplified. Providers with smaller models and limited reach now face less onerous obligations.
Extended deadlines. This is the change most businesses need to know about. The key dates are now:
- December 2027: Deadline for compliance with high-risk AI obligations under Annex I (AI embedded in regulated products like medical devices and machinery)
- August 2028: Deadline for compliance with high-risk AI obligations under Annex III (AI used in employment, education, and access to essential services)
These extensions give businesses significantly more time to assess and adapt their AI use.
Who this applies to
The EU AI Act applies to you if:
You develop or sell AI systems to EU customers. Even as a UK business post-Brexit, if you are selling AI-powered products or services to customers in EU member states, the Act is relevant to you. The EU applies its rules to any business that affects EU citizens, regardless of where that business is based.
You use third-party AI in ways that touch high-risk categories. If you use AI in hiring decisions, credit assessments, or in a regulated sector like healthcare or financial services, the rules become relevant even if you are not building AI yourself.
You are a large enterprise with significant AI deployment. The simplified SME provisions in the Omnibus package mean smaller businesses get more flexibility, but this does not mean zero obligations.
What it means in practice for most UK small businesses
Here is the honest answer for the majority of small UK businesses using tools like ChatGPT, Claude, or Gemini for marketing, admin, and customer service:
You are almost certainly in the minimal risk category, and you face minimal obligations.
Using an AI tool to write social media posts, draft emails, or summarise documents does not put you anywhere near high-risk AI territory. The Act is not designed to regulate a sole trader who uses ChatGPT to write blog content or a small retailer who uses an AI chatbot on their website.
Where you do need to pay attention:
- If you are using AI to screen job applications or make employment decisions
- If you are in financial services and using AI for credit-related decisions
- If you are building and selling AI-powered products to EU customers
- If you are in healthcare, education, or another regulated sector
In those cases, it is worth getting proper advice from someone who specialises in technology law, particularly if you have customers in EU member states.
The UK position
The UK is not subject to the EU AI Act as a matter of law. Post-Brexit, the UK is developing its own approach to AI regulation, which has so far been lighter-touch and sector-based rather than a single comprehensive framework.
However, UK businesses selling to EU customers, or operating in sectors that trade closely with the EU, need to understand the Act regardless. If your customers are in France, Germany, or anywhere else in the EU, their regulators can hold you accountable for the AI systems you deploy when serving them.
The practical implication is that any UK business with meaningful EU customer relationships should have a basic understanding of where their AI use sits on the risk spectrum.
What to do now
For most small businesses, the answer is: not much urgently.
Document what AI tools you use and what you use them for. This takes an hour and gives you a clear picture of your own AI footprint. If any of your use cases touch high-risk categories as defined by the Act, flag them for proper review. If you are developing AI products for the EU market, start conversations with a technology lawyer now rather than in 2027.
The deadline extensions give businesses breathing room. Use it to understand the rules rather than to ignore them. The Act is not going away, and the businesses that get ahead of it will be in a stronger position than those that wait for regulatory pressure to force the issue.
The AI landscape is changing fast. The regulatory landscape is catching up, just more slowly. For now, use the tools, understand the categories, and know where to look when the rules tighten.
Explore more on AdaHQ
Everything you need to start using AI in your business.