The EU AI Act is European Union legislation that regulates the development, deployment and use of AI systems. It takes a risk-based approach, applying stricter requirements to AI systems considered higher risk, such as those used in recruitment, credit decisions or critical infrastructure, while imposing lighter obligations on lower-risk, general-purpose AI tools.
How the EU AI Act works
The Act classifies AI systems into risk categories, ranging from minimal risk through to unacceptable risk, which are banned outright. High-risk AI systems face requirements including risk assessments, human oversight, technical documentation and transparency about how the system makes decisions. Providers and deployers of AI systems within scope of the Act have different obligations depending on their role, and the requirements are being phased in over several years following the Act's entry into force. This sits alongside broader AI governance frameworks such as ISO 42001 that organisations may use to demonstrate compliance.
The EU AI Act in practice
- A UK software company selling an AI-powered recruitment screening tool into the EU market assesses whether its product falls into the Act's high-risk category and what documentation it needs to provide.
- A business operating across the UK and EU reviews its use of AI in automated decision-making to understand which EU AI Act obligations might apply to its operations.
- A technology supplier updates its product documentation to provide the transparency information required under the Act for AI systems that interact directly with consumers.
- A compliance team incorporates EU AI Act risk categories into its existing data protection and risk management processes rather than treating AI compliance as entirely separate.
How Advantage helps businesses navigate AI regulation
Advantage helps UK SMEs understand their practical exposure to AI regulation including the EU AI Act, and builds sensible AI governance practices into AI adoption projects from the outset, reducing compliance risk as regulation continues to develop.
Frequently asked questions
Does the EU AI Act apply to UK businesses?
The EU AI Act primarily applies within the European Union, but UK businesses that offer AI systems or AI-powered products into the EU market, or whose AI systems affect people located in the EU, may still fall within its scope. UK businesses should assess their EU market exposure rather than assume the Act does not apply to them.
What counts as a high-risk AI system under the EU AI Act?
The Act defines specific categories of high-risk AI use, including AI used in recruitment, credit scoring, certain healthcare applications and critical infrastructure. High-risk systems face stricter requirements around risk assessment, transparency, human oversight and documentation than lower-risk AI applications.
Does using Microsoft Copilot make a business subject to the EU AI Act?
Using a general-purpose AI tool like Microsoft Copilot for everyday productivity tasks is unlikely on its own to trigger the Act's strictest requirements, which focus on specific high-risk use cases. However, how a business deploys and configures AI for higher-risk purposes, such as automated decision-making affecting individuals, is what determines its level of obligation.
