In many cases, yes. Brexit did not exempt UK businesses from the EU AI Act. The regulation applies to any business — wherever it is based — where AI system outputs are used by people in the EU.
The EU AI Act applies to UK businesses where AI system outputs are used by people in the EU. This is established directly in Article 2(1)(c) of the regulation, which explicitly covers providers and deployers established in third countries — including the UK — where the output produced by the AI system is used in the Union.
Brexit removed the UK from the EU’s regulatory framework as a member state. It did not exempt UK businesses from EU regulations that apply based on where outputs are used. The relevant question is not where your business is based — it is where your AI outputs are used.
Unlike some extraterritorial claims that rest on analogy or interpretation, the EU AI Act’s reach to UK businesses is stated explicitly in the text of the regulation.
“This Regulation applies to: … (c) providers and deployers of AI systems that have their place of establishment or are located in a third country, where the output produced by the AI system is used in the Union.”
The UK is a third country under EU law following Brexit. A UK business that uses AI systems in a professional context — as a deployer — falls within Article 2(1)(c) where the outputs of those systems are used in the EU. The trigger is output use, not the location of the business.
The precise trigger under Article 2(1)(c) is that the output produced by the AI system is used in the Union. This is more specific than saying the regulation applies whenever a UK business has EU customers.
A UK business using AI purely internally, with no EU-facing outputs and no EU customers or employees, has a reasonable argument that it falls outside the scope of Article 2(1)(c). A UK business whose AI outputs are used by EU customers, EU-based employees, or EU users is clearly within scope.
The questions below reflect how the output-use test applies in practice for a typical UK business.
If you answer yes to any of these, the EU AI Act is likely to apply to your business.
If your product includes an AI-powered chatbot, recommendation engine, or any feature that uses AI to generate outputs your EU customers receive — you are in scope.
EU-based employees using AI tools provided or approved by your business are covered. The outputs of those tools are used in the Union.
AI-generated emails, marketing content, personalised recommendations, or automated decisions directed at EU recipients are outputs used in the Union.
This is the clearest case for being outside scope. A UK business using AI purely for internal purposes, with no outputs reaching people in the EU, has the strongest argument that Article 2(1)(c) does not apply.
A UK business that falls within the scope of the EU AI Act faces the same obligations as an EU-based business in the same position. The most immediately relevant obligation for the majority of UK businesses is the AI literacy requirement under Article 4, which has been enforceable since February 2025.
Take measures to support the AI literacy of staff and others dealing with AI systems on the business’s behalf. Demonstrating this involves a written AI usage policy, an AI tools register, per-employee literacy records, a role-based training matrix, and an auditor evidence pack. In force since February 2025.
Applies nowBusinesses using AI in high-risk categories — such as HR and recruitment decisions, credit scoring, healthcare diagnostics, or law enforcement — face significantly stricter obligations including conformity assessments, technical documentation, and EU database registration. Enforceable from 2 December 2027.
Deadline: 2 December 2027Providers of AI systems — businesses that develop and place AI systems on the EU market — must appoint an authorised representative established in the EU before making their system available. This applies to AI system developers, not to most businesses that simply use AI tools built by others.
Providers onlyMost UK businesses fall into the deployer category — they use AI systems built by others in a professional context. A UK agency using ChatGPT for client work is a deployer. A UK e-commerce business using an AI recommendation engine is a deployer.
A UK business is a provider if it develops an AI system and places it on the EU market under its own name. Providers face more extensive obligations, including the authorised representative requirement. For most UK SMEs using off-the-shelf AI tools, the deployer obligations — principally the Article 4 AI literacy requirement — are the relevant ones.
For many UK businesses, the most immediate pressure to address EU AI Act compliance is not regulatory enforcement — it is commercial. EU-based enterprise clients are increasingly adding AI compliance checks to supplier questionnaires. A UK supplier that cannot produce EU AI Act compliance documentation risks losing procurement decisions to competitors who can.
This is particularly relevant for UK agencies and professional services firms with EU clients, UK SaaS businesses with EU customers, and UK suppliers to EU-regulated industries such as financial services, healthcare, and legal.
The EU Digital Omnibus agreement of May 2026 adjusted the wording of the AI literacy obligation from “ensure a sufficient level” of AI literacy to “take measures to support” AI literacy. This softens the standard from proving an outcome to demonstrating the steps taken — and applies equally to UK businesses in scope. The extraterritorial provisions in Article 2(1)(c) were not changed. The Omnibus text is pending formal adoption, expected before August 2026.
No. Brexit removed the UK from EU membership, but it did not exempt UK businesses from EU regulations that apply based on where outputs are used. The EU AI Act’s extraterritorial provisions operate independently of EU membership — they apply to any third-country business whose AI outputs are used in the EU, just as GDPR applied to UK businesses serving EU customers before and after Brexit.
The UK has taken a principles-based, sector-led approach to AI regulation rather than enacting a single comprehensive AI law equivalent to the EU AI Act. UK businesses with EU customers or EU-facing AI outputs therefore face the EU AI Act directly, not through a domestic equivalent. Compliance with the EU AI Act does not automatically satisfy any UK domestic framework, and vice versa.
The EU AI Act’s output-use test does not distinguish between B2B and B2C. If your AI outputs are used by people in the EU — whether those people are consumers or employees of an EU business — the regulation applies. A UK business supplying AI-powered tools or services to EU businesses, where those businesses’ employees interact with the AI outputs, is within scope.
Enforcement against businesses outside the EU is practically more challenging than enforcement against EU-based entities. However, practical enforcement difficulty is not a compliance strategy. EU-based enterprise clients increasingly require AI compliance documentation as part of procurement — a UK business that cannot produce it risks losing contracts regardless of whether a regulator ever investigates. The commercial pressure is the more immediate driver for most UK SMEs.
Technically, Article 2(1)(c) does not specify a threshold — one EU user whose experience involves AI outputs is sufficient to bring your business within the scope of the provision. In practice, proportionality applies: a business with minimal EU exposure faces far lower regulatory and commercial risk than one with substantial EU operations. The obligation to take measures to support AI literacy is also proportionate, meaning the steps required are calibrated to your context. Taking reasonable, documented steps is more defensible than taking none.
Whether you are based in the EU or the UK, if the EU AI Act applies to your business you need to be able to demonstrate it. Our platform generates your complete compliance pack in under 10 minutes — tailored to your business, formatted professionally, and ready to produce on request.
Start your free assessment14-day free trial — no credit card required