UK Compliancedone properly.Delivered safely. Within the hour.

The EU AI Act is the first comprehensive law governing artificial intelligence. Although the UK has left the EU, the Act applies extraterritorially to any UK business whose AI outputs are used inside the EU, or who places AI systems on the EU market. In practice, this captures most UK SMEs with EU customers, users, or staff.

Full enforcement of the AI Act begins. Provisions covering general-purpose AI, high-risk systems, governance, and penalties become enforceable. Fines can reach €35 million or 7% of global turnover, whichever is higher.

Our packs are drafted to the structure required by the relevant UK and EU regulations and are tailored to your declared business circumstances. They are designed to evidence your compliance obligations, not to constitute legal advice. We recommend any business with complex circumstances has its pack reviewed by a solicitor.

Templates are generic. Our packs are generated from your declared sector, headcount, AI tools, and high-risk use cases, then assembled with the correct policy clauses, register entries, and signatures already populated. A regulator or auditor expects a document that reflects your actual operations — not a placeholder PDF.

Whenever the ICO, EHRC, or EU AI Office publishes new guidance that affects your pack, we re-issue an updated version automatically. Subscription is £149 per year and is included free for all packs purchased before 1 August 2026.

If document generation fails on our side and we cannot deliver your pack, you will receive a full refund automatically. If generation succeeds and your documents are delivered, the service has been performed and we do not offer refunds as standard — however if something is genuinely wrong with your documents, contact us at support@clausely.co.uk and we will regenerate or correct them at no charge. See our full Refund Policy for details.

The Digital Omnibus political agreement reached in May 2026 narrowed and clarified scope in several places, eased some technical compliance burdens for general-purpose AI providers, and pushed the substantive obligations for most Annex III high-risk AI systems to December 2027. What it did not change: the Article 4 AI literacy obligations, the Article 50 transparency obligations, the prohibited-use rules, and the governance and documentation expectations that bite from 2 August 2026. For UK SMEs deploying AI tools, the baseline policy framework you need is essentially unchanged — only the deadline for high-risk system technical conformity has moved.

Yes — the political agreement pushes the substantive technical and conformity obligations for most Annex III high-risk AI systems to December 2027, giving providers more time to complete conformity assessments and CE marking. However, transparency obligations (Article 50), AI literacy obligations (Article 4), prohibited-use rules, governance structures, and the documentation expected of deployers all remain due from 2 August 2026. In practice the policy framework — Acceptable Use, AI Literacy, Article 50 disclosures, oversight SOPs, vendor registers — must be in place before August 2026 even if you are also a high-risk system provider with a 2027 conformity deadline.

No. The Omnibus extended one specific deadline — substantive conformity for most Annex III high-risk systems — to December 2027. It did not extend the 2 August 2026 enforcement date for transparency, literacy, governance, or deployer documentation. If your business uses AI tools (ChatGPT, Copilot, an internal copilot, an AI chatbot, AI-assisted recruitment or marketing), the obligations that apply to you almost certainly bite in August 2026, not 2027. Waiting risks both regulatory exposure and PI questionnaire failure at renewal.

Annex III lists categories of AI systems treated as high-risk because of where they are used, not because of the underlying technology. These include AI used in: biometric identification and categorisation; critical infrastructure (water, gas, electricity, transport); education and vocational training (admissions, grading, proctoring); employment (recruitment, CV screening, performance evaluation, task allocation, termination); access to essential private and public services (credit scoring, insurance pricing, benefits eligibility, emergency dispatch); law enforcement, migration and border control; and administration of justice and democratic processes. If your AI sits in any of these workflows — even if it only assists a human decision — you are likely a high-risk deployer.

Yes. The Act applies extraterritorially. A UK business is in scope if it places an AI system on the EU market, if the output of its AI system is used in the EU, or if it employs or serves people in the EU or EEA. Brexit did not remove EU regulatory reach over UK businesses whose AI touches EU users, staff, or customers — much as UK GDPR continues to interact with EU data protection law for cross-border processing.

Enforcement begins immediately on 2 August 2026 — there is no grace period for transparency, literacy, governance, and deployer obligations. National regulators (in the UK, the ICO and sector regulators acting in cooperation with EU authorities) can investigate, request your documentation, and refer matters for fines. Penalties reach €15 million or 3% of global annual turnover (whichever is higher) for breaches of deployer and transparency obligations, and €35 million or 7% of global turnover for the most serious prohibited-use breaches. PI insurers are already asking for documented AI policies at renewal; missing the deadline can affect cover as well as expose you to enforcement.