Anacruses Associates Ltd
← Back to News
2026-06-09

What the EU AI Act Means for UK Businesses in 2026

The EU AI Act came into full force in August 2024 and its obligations are now binding. For UK businesses operating entirely domestically, the Act has no direct legal effect. But for any organisation that sells to EU customers, procures from EU suppliers, or processes data involving EU citizens, the implications are very real.

What the EU AI Act requires

The Act categorises AI systems by risk level — from minimal risk (such as spam filters) through to prohibited applications (such as real-time biometric surveillance in public spaces). High-risk AI systems, which include those used in employment decisions, credit scoring, and critical infrastructure management, face significant compliance obligations: mandatory risk assessments, human oversight requirements, and registration in the EU's AI database.

How ISO 42001 fits in

ISO 42001:2023 — the international standard for AI Management Systems — is not legally mandated by the EU AI Act, but it is widely recognised as a practical framework for demonstrating compliance with many of the Act's requirements. Organisations that have implemented ISO 42001 will find that their risk assessment processes, documentation practices, and governance structures map closely to what the Act requires.

For UK businesses seeking to demonstrate trustworthy AI governance to EU customers or partners, ISO 42001 certification is becoming an increasingly credible signal — much as ISO 27001 became the de facto proof of information security competence in the years following GDPR.

What to do now

If your business develops, deploys or procures AI systems that interact with EU customers or markets, the steps to take are:

  1. Identify which AI systems you use or develop, and assess their risk category under the Act
  2. Review whether any of those systems interact with EU customers or are embedded in EU supply chains
  3. Consider whether ISO 42001 implementation would provide a practical compliance framework and a credible differentiator

Anacruses has been working with ISO 42001 since its publication and is actively involved in the BSI BridgeAI standards community. If you would like to understand what ISO 42001 implementation would involve for your business, get in touch for a free initial conversation.

Questions about how this affects your business? Get in touch for a free conversation.

Book a Free Consultation