Skip to content
Archived content. You are viewing v1 of SME Digital Advisor — the original multi-section site (risks, scenarios, policies, OWASP, flashcards). Go to current site →

Safe and productive AI adoption

Is AI creating hidden risk inside your business?

Background

AI is useful. Unmanaged AI use creates data, security, legal, and quality risks — sometimes all at once. There's also a growing regulatory layer: the EU AI Act phases in through 2025–2027 and applies to any UK business selling AI services into the EU. The UK's own AI regulation is more sector-specific but tightening. Most SME use of AI is low-risk; if you're using AI in hiring, lending, healthcare, or anything safety-related, get advice.

Questions to ask yourself

  • Are staff putting company data into AI tools?
  • Are they using AI to write code, contracts, reports, or policies?
  • Are AI-generated answers being checked before they go out?
  • Could AI expose confidential customer or supplier data?
  • Do we have a short, usable AI policy?
  • Could the EU AI Act apply to anything we sell?

What you can do today

Get AI under control without banning it

Three actions.

  • 01Send one email to all staff: “What AI tools are you using for work, and what data have you put in?”
  • 02For each AI tool, check its data retention setting. Free tiers usually do train on your input by default.
  • 03Write a single A4 page: “What's OK and not OK to put into AI.”