AI

Should I Stay or Should I Go ?

Asitha Rodrigo

4 min read
Should I Stay or Should I Go ?

First - A Confession

Ok - I confess, I'm getting bored of the usual AI generated LinkedIn posts. You know - the ones about 200 AI tools that will blow you away, regrow your hair, ensure your unicorn herd doubles in size and let you make cost efficiencies turning your hockey stick projections into gold bars. So I am taking a new approach. My next few posts will be in the style of a famous person. First person to guess who it the mystery "writer" is gets coffee and cake on me in London when we next meet! This one shouldn't be too hard..

And so on to the EU AI Act.

The Clash asked the eternal question in their 1982 hit: "Should I Stay or Should I Go?" For British businesses using AI, Brussels has made that choice for you. The EU AI Act, published in July 2024, is the world's first comprehensive AI regulation, and like an unwelcome ex that won't take the hint, it follows you everywhere – even after Brexit.

Brussels Overreach Knows No Borders

Let me be crystal clear about something that might shock you: despite Brexit, UK companies that operate in the EU or serve EU customers must comply with this regulation. The Brussels bureaucrats have given themselves extraterritorial powers that would make any self-respecting sovereign nation wince.

The Act applies to providers which place AI systems on the EU market, deployers of AI systems located in the EU, and crucially, providers and deployers in third countries if the output produced by the AI system is being used in the EU. In plain English: the Act applies to providers and deployers in or outside the EU where the AI output is used in the EU.

What Exactly Are They Up To?

The EU has created a typically bureaucratic four-tier risk system that would make Orwell proud:

🚫 Unacceptable Risk - Banned Outright
Using prohibited AI practices can result in fines of up to €35 million or 7% of worldwide annual turnover – whichever is higher. We're talking about systems that manipulate human behavior, social scoring, and real-time remote biometric identification is heavily restricted - permitted only in narrowly defined serious cases with prior authorisation.

⚠️ High-Risk AI Systems
These require the full Brussels treatment: conformity assessments, risk management systems, data governance, technical documentation, and human oversight. Think AI used in hiring, credit scoring, healthcare, or law enforcement.

📊 Limited Risk
Transparency obligations apply here – humans should know when they're interacting with AI. Chatbots must declare themselves, and AI-generated content needs clear labeling.

✅ Minimal Risk
The vast majority of AI systems fall here with no specific obligations. For now.

The Money Trap: Penalties That Would Make a Chancellor Weep

Here's where Brussels shows its true colors. The penalty structure is designed to extract maximum revenue: up to €35 million or 7% of global annual turnover for prohibited AI uses, €15 million or 3% for other violations, and €7.5 million or 1% for providing incorrect information.

These aren't just regulatory slaps on the wrist – they're potentially business-ending fines that make GDPR look like a parking ticket. And just like GDPR, they can be imposed on any company anywhere in the world if their AI systems affect EU citizens.

Timeline: When the Hammer Falls

The regulatory timeline shows typical EU bureaucratic planning:

  • February 2025: Prohibitions and AI literacy obligations take effect
  • August 2025: GPAI model obligations and governance rules apply
  • August 2026: Most high-risk AI system requirements become mandatory
  • August 2027: Extended deadline for certain product-embedded AI systems

Several penalty provisions become enforceable alongside later phases (e.g., GPAI-related penalties from 2 Aug 2025/26 depending on the obligation. Missing these deadlines can lead to major fines, enforcement action, lost reputation and lost business opportunities.

Practical Steps for British Businesses

Right, enough doom and gloom. Here's what you actually need to do:

🔍 Immediate Assessment

  • Map every AI system you use or provide
  • Identify which serve EU customers or process EU data
  • Classify them according to the EU's risk categories
  • Review your supplier contracts for AI components

📋 Documentation and Governance

  • Establish proper record-keeping for AI system decisions and impacts
  • Create risk management processes for high-risk systems
  • Implement human oversight where required
  • Prepare technical documentation that would satisfy Brussels bureaucrats

🤝 Contractual Protection

  • Update customer contracts to clarify AI Act compliance responsibilities
  • Ensure suppliers provide necessary compliance documentation
  • Include indemnification clauses for non-compliance penalties
  • Consider data processing agreements that account for AI use

🛡️ Risk Mitigation

  • Implement bias testing and fairness assessments for high-risk AI
  • Establish incident reporting procedures
  • Create transparency mechanisms for AI decision-making
  • Train staff on AI literacy requirements

The Bottom Line

This is regulatory imperialism. Brussels has created a system extending EU law beyond EU borders, forcing global businesses to comply with their AI vision. It's GDPR on steroids, designed to cement European regulatory dominance.

For British businesses, the choice is stark: comply with Brussels' demands or risk market exclusion. The penalties are severe enough to destroy companies.

Take this seriously and act quickly. While we left the EU, Brussels bureaucrats ensure we can never truly escape their influence. Start compliance planning now – ignorance won't defend against business-ending fines.

Key Takeaways:

  • The EU AI Act applies to UK businesses serving EU markets
  • Penalties reach €35 million or 7% of global turnover
  • Implementation phases begin February 2025
  • Immediate compliance planning is essential
  • British businesses cannot ignore EU regulatory overreach

Read the full official EU AI Act text: Regulation (EU) 2024/1689 on EUR-Lex