How does UK GDPR differ from EU GDPR?

While largely similar, UK GDPR has diverging adequacy requirements, different ICO guidance, and the UK is proposing reforms. Cleo tracks both regimes and highlights divergences.

What is the FCA Consumer Duty?

The Consumer Duty requires firms to deliver good outcomes for retail customers. Cleo maps its requirements alongside MiFID II and other financial regulations.

🇬🇧United Kingdom

EU AI Act compliance in United Kingdom

The UK has chosen a pro-innovation, sector-specific approach to AI regulation rather than adopting the EU AI Act. Existing regulators (FCA, Ofcom, CMA, ICO) apply AI principles within their domains.

Run a Free Scan

Enforcement authority

DSIT (Department for Science, Innovation and Technology) coordinates; FCA, ICO, Ofcom, CMA, MHRA enforce in their sectors

Maximum sanctions

No unified AI penalty framework. Sanctions depend on the sector regulator and existing legislation (e.g., GDPR fines from ICO, FCA enforcement actions).

Key obligations

What EU AI Act requires from organizations operating in United Kingdom.

Follow sector-specific AI guidance from relevant regulators (FCA, ICO, Ofcom, CMA, MHRA)

Comply with the 5 cross-sector AI principles: safety, transparency, fairness, accountability, contestability

Implement AI-specific risk assessments where required by sector regulators

Follow ICO guidance on AI and data protection (impact assessments for automated decisions)

Local context in United Kingdom

The UK AI Safety Institute (AISI) conducts frontier AI evaluations. Companies operating in both UK and EU markets must comply with both the UK sector-specific framework and the EU AI Act — a significant dual compliance burden.

EU AI Act by industry in United Kingdom

Retail & Consumer Goods Real Estate FinTech HealthTech Insurance Energy & Utilities Sustainability & ESG

Frequently asked questions

How does EU AI Act apply in United Kingdom?

The UK has chosen a pro-innovation, sector-specific approach to AI regulation rather than adopting the EU AI Act. Existing regulators (FCA, Ofcom, CMA, ICO) apply AI principles within their domains.

Who enforces EU AI Act in United Kingdom?

DSIT (Department for Science, Innovation and Technology) coordinates; FCA, ICO, Ofcom, CMA, MHRA enforce in their sectors

What are the penalties for EU AI Act non-compliance?

No unified AI penalty framework. Sanctions depend on the sector regulator and existing legislation (e.g., GDPR fines from ICO, FCA enforcement actions).

Read our complete EU AI Act compliance guide

EU AI Act in other jurisdictions

🇪🇺European Union 🇫🇷France 🇩🇪Germany 🇺🇸United States 🇧🇷Brazil 🇦🇺Australia 🇮🇳India

Check your EU AI Act compliance now

Run a free scan to see your risk score and applicable obligations.

Run a Free Scan

Key obligations

What EU AI Act requires from organizations operating in United Kingdom.

Follow sector-specific AI guidance from relevant regulators (FCA, ICO, Ofcom, CMA, MHRA)

Comply with the 5 cross-sector AI principles: safety, transparency, fairness, accountability, contestability

Implement AI-specific risk assessments where required by sector regulators

Follow ICO guidance on AI and data protection (impact assessments for automated decisions)

Frequently asked questions

How does EU AI Act apply in United Kingdom?

The UK has chosen a pro-innovation, sector-specific approach to AI regulation rather than adopting the EU AI Act. Existing regulators (FCA, Ofcom, CMA, ICO) apply AI principles within their domains.

Who enforces EU AI Act in United Kingdom?

DSIT (Department for Science, Innovation and Technology) coordinates; FCA, ICO, Ofcom, CMA, MHRA enforce in their sectors

What are the penalties for EU AI Act non-compliance?

No unified AI penalty framework. Sanctions depend on the sector regulator and existing legislation (e.g., GDPR fines from ICO, FCA enforcement actions).