Background
AI is useful. Unmanaged AI use creates data, security, legal, and quality risks — sometimes all at once. There's also a growing regulatory layer: the EU AI Act phases in through 2025–2027 and applies to any UK business selling AI services into the EU. The UK's own AI regulation is more sector-specific but tightening. Most SME use of AI is low-risk; if you're using AI in hiring, lending, healthcare, or anything safety-related, get advice.
Questions to ask yourself
- Are staff putting company data into AI tools?
- Are they using AI to write code, contracts, reports, or policies?
- Are AI-generated answers being checked before they go out?
- Could AI expose confidential customer or supplier data?
- Do we have a short, usable AI policy?
- Could the EU AI Act apply to anything we sell?
What you can do today
Get AI under control without banning it
Three actions.
- 01Send one email to all staff: “What AI tools are you using for work, and what data have you put in?”
- 02For each AI tool, check its data retention setting. Free tiers usually do train on your input by default.
- 03Write a single A4 page: “What's OK and not OK to put into AI.”