Does the EU AI Act apply to UK businesses?

Key facts

• The Act has extraterritorial reach: where your AI is placed or used decides scope, not where your company sits.
• UK providers selling or supplying AI to EU customers are covered.
• UK businesses whose AI output is used in the EU are covered, even with no EU office.
• Internal-only AI used wholly outside the EU is generally out of scope.
• The UK's own approach is lighter and principles-based, but it does not exempt you from the EU Act.

Why does an EU law reach UK companies?

Article 2 sets the territorial scope. The Act deliberately follows the AI, not the company. If your system is placed on the EU market, or its output is used in the EU, EU law attaches — the same logic that made GDPR apply to many UK firms.

Three situations that put a UK business in scope

You are a provider for the EU market: you develop or supply an AI system that is placed on the market or put into service in the EU.

Your output is used in the EU: even based wholly in the UK, if the results your AI produces are used in the EU, you can be in scope.

You are established or have users in the EU: an EU entity, office or EU-based deployers using your system brings you in.

When are you not in scope?

If your AI is built and used entirely within the UK (or outside the EU), with no EU customers and no output used in the EU, the EU AI Act generally does not apply. UK law and sector rules still do.

Does the UK have its own AI regulation?

The UK has chosen a lighter, principles-based and regulator-led approach rather than a single AI act, so existing regulators apply cross-cutting principles within their remits. This does not remove EU AI Act obligations where your AI touches the EU. See gov.uk for the UK framework.

What should a UK business do now?

Build an AI inventory, identify which systems touch the EU, classify their risk, and assemble the procurement-ready evidence buyers increasingly expect. You can check your exposure in minutes.

Frequently asked questions

Does the EU AI Act apply to UK businesses?

Yes, if you place AI on the EU market, are established in the EU, or your AI's output is used in the EU — regardless of where you are based.

What is the difference between a provider and a deployer?

A provider develops/places an AI system on the market; a deployer uses it under its own authority. Obligations differ for each.

Does the EU AI Act apply to internal AI tools?

It can — using AI under your authority makes you a deployer; high-risk internal use carries obligations even without selling the AI.

Is ChatGPT covered by the EU AI Act?

Yes — as general-purpose AI. The provider has GPAI obligations; your use as a deployer may trigger transparency and (if high-risk) further duties.

What's the first step to EU AI Act compliance?

Build an AI inventory and classify each system by risk — you can't comply with obligations you haven't mapped.

Related pages

• The EU AI Act: the complete guide
• What is the EU AI Act?
• EU AI Act timeline & key deadlines
• What is AI procurement readiness?
• Check your AI Act exposure

Sources

• Regulation (EU) 2024/1689, Article 2 (scope) — EUR-Lex
• UK approach to AI regulation — GOV.UK

Last updated 19 June 2026.