Article
28 May 2026
5 minute read
This article was written by Hector Brito, Partner at Tribeca Lawyers.
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024, laying down harmonised rules on AI (the EU AI Act or the Regulation), has moved from legislative project to operational reality.
The most controversial block – the high-risk regime – was imminent, but a fixed-date delay has now been agreed in EU inter-institutional negotiations. That delay was shaped by the Digital Omnibus on AI (COM(2025) 836 final), a Commission proposal that moved the high-risk application dates and made several other amendments to the Regulation.
That said, many aspects of the Regulation are already in force.
Potential fines, which apply at group level, are up to €35m or 7% of worldwide group turnover for breaches of the prohibitions, and up to €15m or 3% for breaches of the general operator obligations.
For a UK AI company selling into Spain or the wider EU, the Regulation now sets the compliance baseline for operating in the EU. For a UK or international investor looking at a Spanish or European AI target, it’s a material due diligence consideration.
Territorial scope: does the AI Act apply to UK operators?
For a UK reader, the threshold question is whether the Regulation applies at all. Article 2 has two operational hooks that could clearly catch a UK company without an EU establishment or subsidiary.
The first is the placing-on-the-Union-market rule. A provider that places an AI system on the EU market, or places a general-purpose AI model on the Union market, falls within the Regulation regardless of whether it’s established or located in the Union or in a third country. A London SaaS provider that sells an AI-powered product to a Spanish customer would fall within this limb.
The second is the output-used-in-the-Union rule. Providers and deployers established in a third country are within the Regulation where the output produced by their AI system is used in the Union. A UK provider that keeps its AI system entirely on third-country infrastructure and supplies AI-derived outputs to an EU operator under a services contract (for example, analytics, predictions or scoring) is caught. In this scenario, the system isn’t placed on the EU market, but the output is intended to be used in the Union.
There’s also a further potential hook, which is similar to, but distinct from, the placement-on-the-market rule. Article 2.1(e) of the Regulation captures UK product manufacturers that place AI-embedded products on the Union market under their own name or trademark. This may apply to certain medical devices, industrial machinery or vehicles that rely on AI systems.
The risk pyramid
The Regulation classifies AI systems by risk:
- Unacceptable risk: prohibited outright by Article 5
- High risk: substantial obligations under Articles 8 through 15
- Limited risk: transparency obligations under Article 50
- Minimal risk: outside the substantive scope of the Regulation.
For most UK AI products, the practical question is whether they sit in the high risk or limited risk category. That classification is critical, as the obligations under Articles 8 to 15 are substantial, while limited risk obligations are operationally light.
It’s also worth noting that the Article 50 transparency rules only start applying from 2 December 2026.
What is live today?
Outright prohibitions (Article 5)
Article 5 of the Regulation sets out AI practices that are entirely prohibited in the EU. Prohibitions (a) to (h) have applied since 2 February 2025. Prohibition (i) was added by the Digital Omnibus on AI provisional agreement of 7 May 2026 and will apply from 2 December 2026.
Below is a general description of the prohibitions, some of which are subject to limited exceptions.
Category | Description of prohibited practice |
(a) Subliminal or deceptive manipulation | AI systems that deploy subliminal techniques (beyond a person’s consciousness) or purposefully manipulative or deceptive techniques to materially distort behaviour, causing a person to take a decision they wouldn’t otherwise have taken, where this causes or is reasonably likely to cause significant harm to them or others. |
(b) Exploitation of vulnerabilities | AI systems that exploit vulnerabilities of a natural person or group due to age, disability or specific social or economic situation, with the objective or effect of materially distorting behaviour in a manner that causes or is reasonably likely to cause significant harm. |
(c) Social scoring | AI systems used to evaluate or classify individuals or groups over time based on social behaviour or personal or personality characteristics, where the resulting social score leads to detrimental treatment in unrelated social contexts, or treatment that is unjustified or disproportionate to their social behaviour or its gravity |
(d) Predictive criminal profiling | AI systems used to assess or predict the risk of a person committing a criminal offence based solely on profiling or personality traits and characteristics. |
(e) Untargeted facial recognition scraping | AI systems that create or expand facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage. |
(f) Emotion inference at work or school | AI systems that infer the emotions of natural persons in the workplace or educational institutions. |
(g) Biometric categorisation by sensitive attribute | Biometric categorisation systems that categorise individuals based on biometric data to deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation |
(h) Real-time remote biometric identification in public spaces | Use of real-time remote biometric identification in publicly accessible spaces for law enforcement purposes, unless strictly necessary for: Targeted search for victims of abduction, trafficking or sexual exploitation, or missing persons. Prevention of a specific, substantial and imminent threat to life or a terrorist attack. Localisation or identification of a person suspected of a serious criminal offence (carrying a custodial sentence of at least four years, per Annex II), in the context of a criminal investigation or prosecution. |
(i) Non-consensual intimate imagery and CSAM | AI systems whose primary purpose is to generate non-consensual intimate imagery or child sexual abuse material (images, video or audio), including so-called ‘nudifier’ or ‘deepfake’ app |
AI literacy (Article 4)
Every provider and every deployer must take steps to ensure a sufficient level of AI literacy among staff and contractors operating AI systems on their behalf. The requirement is broad and general, and companies will need to take a pragmatic to implementation, while being able to demonstrate that programmes are effective and not a paper exercise.
General-purpose AI (Articles 53 to 55)
Providers of general-purpose AI (GPAI) models – broadly, the foundation-model layer – have been in scope since 2 August 2025. The Commission’s November 2025 scope guidelines place the indicative threshold for being a GPAI provider at around 1023 floating-point operations of training compute.
Above that line sit four core obligations: technical documentation, a downstream developer transparency package, a copyright policy that respects rights reservations under the EU’s text and data mining rules and a public summary of training content.
A higher threshold of 1025 FLOP triggers the systemic-risk tier, which brings additional obligations including model evaluations, adversarial testing, serious incident reporting and cyber security measures. Most UK AI companies aren’t GPAI providers in the foundation sense, but some may have crossed the threshold without realising it.
The high-risk regime
The high-risk regime is not yet applicable. The default application date is 2 August 2026 for most rules and 2 August 2027 for systems embedded in regulated products, though both dates are expected to move once the Digital Omnibus on AI is formally adopted.
The Annex III categories most likely to be relevant for UK AI products are biometrics, education and vocational training, employment and workers’ management, and access to essential private and public services, including creditworthiness scoring and life or health insurance underwriting. These sit alongside product safety embedded systems caught by Annex I.
High-risk subject to stringent product-level obligations, including lifecycle risk management, data governance controls, technical documentation, logging, transparency and instructions for use, human oversight and accuracy, robustness and cyber security. These are supplemented by organisational obligations such as a quality management system, conformity assessment and CE marking, registration in the EU database under Article 49, post-market monitoring, serious incident reporting and an Article 27 fundamental-rights impact assessment for certain public-sector deployers.
Where a non-EU provider places a high-risk AI system on the Union market, Article 22 requires the appointment of an authorised representative established in the Union. For GPAI models, the equivalent obligation (subject to carve-outs) is set out in Article 54.
Provider or deployer: the classification UK companies could get wrong
Most UK founders describe themselves as deployers – users – of OpenAI, Anthropic, Mistral or other third-party models. The Regulation treats them as providers in three scenarios:
- Where a company puts its own brand or trademark on an AI system already on the market. The brand application alone shifts the company from deployer to provider
- Where a company makes a substantial modification, typically by fine-tuning a model on its own data, retraining it or otherwise changing it in ways that affect its compliance posture or intended purpose
- Where a company changes the intended purpose of a system that was not high risk so that the new use is high risk, such as deploying an off-the-shelf chat assistant deployed as a credit decisioning tool.
Two deal patterns are likely to become common:
- A UK start-up that fine-tunes an open-weight model and deploys it under its brand for services like candidate screening becomes the provider of a high-risk system. This means that the full Article 16 compliance bill – quality management, technical documentation, conformity assessment, post-market monitoring – sits on it, not on the upstream lab
- A UK SaaS that builds an agent on top of a foundation model and sells it under its own brand into HR or insurance triggers the same shift, even without modifying the underlying model.
The dividing line between fine-tuning and ordinary use remains unsettled, and operators should expect further guidance.
The Spanish layer
A UK operator entering the Spanish market enters a distinct institutional framework. Spain has already established a dedicated AI supervisory body, the Agencia Española de Supervisión de la Inteligencia Artificial (AESIA), created by Royal Decree Law 729/2023 of 22 August 2023.
AESIA’s formal designation as Spain’s notifying authority and general market surveillance authority under Articles 70 and 74 of the Regulation will follow the enactment of the draft bill on the proper use and governance of AI, approved by the Spanish Council of Ministers on 11 March 2025.
Spain has also established an AI regulatory sandbox under Royal Decreee 817/2023 of 8 November 2023, established a controlled testing environment for high-risk AI systems. AESIA published compliance guides and self-assessment checklists available here.
The Agencia Española de Protección de Datos retains its remit where AI processing involves personal data and has published extensive AI guidance available here.
Transactional implications: diligence and deal documents
The Regulation now features in both due diligence and deal documents.
Red flag due diligence should address at least the following:
- Article 5 clearance: no current, planned or roadmap features within the prohibited practices, including the ninth limb applying from December 2026
- Status of Article 4 AI literacy programme: documented, dated and rolled out
- Provider versus deployer classification under Article 25: each third-party model the target integrates, identifying brand applications, fine-tuning events and changes of intended purpose, and confirming the resulting role allocation
- Training or substantial fine-tuning of models: potential trigger of GPAI obligations
- The need for an authorised representative mandate: applicable for any non-EU group entity selling into the Union
- Any pending or threatened investigations or unreported serious incidents.
As to the deal documents, the focus should be on an adequate representations package covering the absence of prohibited practices (past, present or in roadmap); the AI literacy programme; correct provider or deployer status with no Article 25 recharacterisation triggered; compliance with GPAI where any group entity is a provider; and no unreported incidents or pending or threatened investigation. Where issues are identified, specific indemnities should be used to protect the buyer (for example, Article 5 exposure or Article 25 misclassification).
On a separate note, there’s the question of RWI appetite to cover risks arising from the Regulation. It’s likely that most RWI insurers will adopt a tough stance on AI-specific representations and may decline cover under their standard regulatory non-compliance exclusion.
Takeaways
- The AI Act is now an operational compliance baseline for any company doing AI business in the EU
- The high-risk regime was due to apply from 2 August 2026, but the Digital Omnibus on AI has pushed that deadline back
- Article 5 prohibitions, Article 4 AI literacy and the GPAI obligations under Articles 53 to 55 are already live
- Fines apply at group level: up to €35m or 7% of worldwide group turnover for Article 5 breaches, and up to €15m or 3% for breaches of the general operator obligations
- UK operators and investors should be very mindful of the broad extraterritorial reach of the Regulation, including scenarios where UK companies are caught despite having no EU establishment
- Any M&A process must already factor the Regulation into both legal due diligence and the drafting of transactional documentation.
How can we help you?
Related articles
Article
14 April 2026
6 minute read
Legal consequences of the Middle East conflict: Corporate
Read more
Article
27 March 2026
11 minute read
Iran conflict: key legal considerations for businesses
Read more
Article
11 March 2026
4 minute read
Alternative funds in Australia: legal framework, trends and developments
Read more
Article
11 March 2026
7 minute read
UAE strengthens anti-money laundering and financial crime laws
Read more
Article
14 January 2026
8 minute read
Consolidation in the UK independent education sector
Read more
Article
13 January 2026
6 minute read
Corporate transparency: key considerations after Companies House reforms
Read more
News
5 January 2026
3 minute read
Claire Holford appointed Global Chair of LawExchange International
Read more
Article
3 December 2025
3 minute read
Mexican Supreme Court limits copyright for AI-generated works
Read more