EU AI Act Compliance Checklist for UK Businesses (August 2026)

A step-by-step EU AI Act compliance checklist for UK businesses with EU customers. Complete before the August 2026 enforcement deadline.

·6 min read
UK businesses subject to the EU AI Act need to complete five steps before August 2026: (1) inventory all AI systems that affect EU individuals, (2) classify each by risk category, (3) for high-risk systems — create technical documentation, implement human oversight, and register with EU authorities, (4) publish transparency disclosures where required, (5) designate an EU representative if you have no EU establishment. Most UK SMEs using AI internally have limited obligations.

Step 1: Inventory your AI systems

List every AI tool used in your organisation. Include both IT-managed tools and shadow AI discovered through OAuth audits. For each tool, document: what it does, what data it accesses, and whether it affects EU individuals.

Step 2: Classify by risk category

For each AI system, determine its risk classification: prohibited, high-risk, limited, or minimal. Most SME tools are minimal risk.

Step 3: Address high-risk requirements

For any high-risk systems: create technical documentation, implement a risk management system, ensure meaningful human oversight, conduct data governance measures, and register with the relevant EU authority.

Step 4: Publish transparency disclosures

For limited-risk AI (chatbots, AI-generated content facing EU users): clearly disclose that AI is being used. Label AI-generated content appropriately.

Step 5: Designate an EU representative

If your business has no EU establishment but deploys AI affecting EU individuals, you must appoint an authorised representative based in an EU member state.

Timeline

  • August 2024: Act entered into force
  • February 2025: AI literacy requirements apply
  • August 2025: Prohibited practices banned
  • August 2026: Full enforcement — all provisions apply

When does the EU AI Act take full effect?

Full enforcement begins 2 August 2026.

Does it apply to UK-only businesses?

Only if your AI systems affect EU individuals.

What happens if I don't comply?

Penalties up to €35 million or 7% of global turnover.

Do I need an EU representative?

Yes, if you deploy AI in the EU with no EU establishment.