The EU AI Act: what it means for businesses in the UK

The EU AI Act (EU AIA) has been passed by the EU Parliament and will regulate Artificial Intelligence (AI) in the EU by 2026. Its reach will extend beyond the EU, however, and affect more than just tech companies. Businesses in the UK that develop or deploy an AI system that is used in the EU will need to comply with the EU AI Act.

So, what are the requirements of the EU AIA?

The EU AIA takes a tiered risk approach, with each tier subject to differing levels of regulation, from transparency notices to human oversight and technical provisions. (See chart below for details of each tier).

The EU’s newly established AI Office will oversee the implementation of the EU AIA, respond to complaints, and evaluate general purpose models’ compliance. Much of the intricacies of how the EU AIA will be interpreted will become clear as different EU agencies initiate the implementation of the Act.

How does this compare to the UK’s AI regulation?

In contrast to the EU’s risk classification system and legal framework, the UK aims for a ‘light touch approach’ to AI regulation, which supports the capacity of existing regulators withouth establishing a super-regulator. The CBI has encouraged this pro-innovation approach—numerous CBI asks were included in the Government’s AI White Paper consultation response.

The government acknowledges, however, the eventual need for legislative framework for AI regulation, particularly for highly capable general-purpose AI.

What steps can you take to prepare for AI regulation in the EU and UK?

Find out what you need: Businesses can perform a gap analysis to understand what regulatory regimes and regulations are relevant, what skills the organisation will need to comply, and who should be responsible for coordinating compliance.

Access support: Compliance with UK AI regulation depends on regulations set out by individual regulators and will be supported by the government’s ‘central function’ (to be established summer 2024) to coordinate among regulators.

• Each regulator in the UK published their strategic approach to AI regulation in response to the AI Regulation White Paper consultation response: Regulators’ strategic approaches to AI
• Businesses can apply for support and guidance for specific regulatory compliance in the UK through the The Digital Regulation Cooperation Forum (DRCF)’s AI & Digital Hub

Next steps for CBI members:

The CBI is continuing to feed member perspectives into our engagement with government and opposition on developing AI regulation. The primary priorities we are speaking to government on are:

1. Further resources and mechanisms to help businesses comply with regulation
2. International interoperability of AI regulation.

For more details of the CBI’s asks on AI regulation in the UK, see the full consultation response.

The CBI’s AI & Data Protection Working Group helps shape the priorities we present to government. 50 members joined the last meeting to hear from Arcangelo Leone De Castris of the Alan Turing Institute on the details and implications of the EU AIA on businesses in the UK, and shared their insights and feedback on the EU AIA and AI regulation in the UK.

At the next meeting in June members will feed into CBI’s response to the government’s call for views on the cyber security of AI. To get involved in the Working Group and other engagement on AI regulation, please contact Melissa McLaughlin.