EU AI Act: What UK Financial Services Firms Need to Know

The EU AI Act came into force in February 2025, establishing the world’s first comprehensive regulatory framework for artificial intelligence. For UK financial services firms with EU operations or clients, understanding these requirements is essential.

Key Requirements for High-Risk AI Systems

The Act classifies AI systems into risk tiers: prohibited, high-risk, limited-risk, and minimal-risk. Financial services AI applications frequently fall into the high-risk category, requiring conformity assessments, technical documentation, and comprehensive audit trails.

What This Means for UK Firms

Even post-Brexit, UK firms serving EU clients or operating EU subsidiaries must comply. The extraterritorial reach of the Act means that AI systems whose outputs affect EU citizens are within scope regardless of where the system is deployed.

Penalties for non-compliance reach up to EUR 30 million or 6% of global annual revenue, whichever is higher.

Practical Next Steps

Firms should begin by conducting a comprehensive inventory of all AI systems currently deployed or in development, classifying each against the EU AI Act risk tiers, and identifying gaps in their current governance documentation.