How does UK GDPR differ from EU GDPR?

While largely similar, UK GDPR has diverging adequacy requirements, different ICO guidance, and the UK is proposing reforms. Cleo tracks both regimes and highlights divergences.

What is the FCA Consumer Duty?

The Consumer Duty requires firms to deliver good outcomes for retail customers. Cleo maps its requirements alongside MiFID II and other financial regulations.

🇬🇧United Kingdom

EU AI Act compliance in the UK

The UK has chosen a pro-innovation, sector-specific approach to AI regulation rather than adopting the EU AI Act. Existing regulators (FCA, Ofcom, CMA, ICO) apply AI principles within their domains.

Start free scan

Enforcement authority

DSIT (Department for Science, Innovation and Technology) coordinates; FCA, ICO, Ofcom, CMA, MHRA enforce in their sectors

Maximum sanctions

No unified AI penalty framework. Sanctions depend on the sector regulator and existing legislation (e.g., GDPR fines from ICO, FCA enforcement actions).

Key obligations

What EU AI Act requires from organizations operating in the UK.

Follow sector-specific AI guidance from relevant regulators (FCA, ICO, Ofcom, CMA, MHRA)

Comply with the 5 cross-sector AI principles: safety, transparency, fairness, accountability, contestability

Implement AI-specific risk assessments where required by sector regulators

Follow ICO guidance on AI and data protection (impact assessments for automated decisions)

Local context in the UK

The UK AI Safety Institute (AISI) conducts frontier AI evaluations. Companies operating in both UK and EU markets must comply with both the UK sector-specific framework and the EU AI Act — a significant dual compliance burden.

EU AI Act by industry in the UK

Retail & Consumer Goods HealthTech Insurance Energy & Utilities Cosmetics & Personal Care Electronics & Connected Devices

Frequently asked questions

How does EU AI Act apply in the UK?

The UK has chosen a pro-innovation, sector-specific approach to AI regulation rather than adopting the EU AI Act. Existing regulators (FCA, Ofcom, CMA, ICO) apply AI principles within their domains.

Who enforces EU AI Act in the UK?

DSIT (Department for Science, Innovation and Technology) coordinates; FCA, ICO, Ofcom, CMA, MHRA enforce in their sectors

What are the penalties for EU AI Act non-compliance?

No unified AI penalty framework. Sanctions depend on the sector regulator and existing legislation (e.g., GDPR fines from ICO, FCA enforcement actions).

Read our complete EU AI Act compliance guide

EU AI Act in other jurisdictions

🇪🇺European Union 🇫🇷France 🇩🇪Germany 🇺🇸United States 🇧🇷Brazil 🇦🇺Australia 🇮🇳India

Check your EU AI Act compliance now

Start free scan to see your risk score and applicable obligations.

Start free scan

Key obligations

What EU AI Act requires from organizations operating in the UK.

Follow sector-specific AI guidance from relevant regulators (FCA, ICO, Ofcom, CMA, MHRA)

Comply with the 5 cross-sector AI principles: safety, transparency, fairness, accountability, contestability

Implement AI-specific risk assessments where required by sector regulators

Follow ICO guidance on AI and data protection (impact assessments for automated decisions)

Frequently asked questions

How does EU AI Act apply in the UK?

The UK has chosen a pro-innovation, sector-specific approach to AI regulation rather than adopting the EU AI Act. Existing regulators (FCA, Ofcom, CMA, ICO) apply AI principles within their domains.

Who enforces EU AI Act in the UK?

DSIT (Department for Science, Innovation and Technology) coordinates; FCA, ICO, Ofcom, CMA, MHRA enforce in their sectors

What are the penalties for EU AI Act non-compliance?

No unified AI penalty framework. Sanctions depend on the sector regulator and existing legislation (e.g., GDPR fines from ICO, FCA enforcement actions).