Contact Us

EU AI Act: what UK businesses must do

AI Governance

EU AI Act: What UK Businesses Need to Know in 2026

The EU AI Act is law. UK businesses with EU customers or operations face compliance obligations. Here’s what applies, what doesn’t, and what to do now.

Book a Conversation

Where Businesses Get Stuck

The challenges we most commonly see when organisations come to us:

  • You’ve heard about the EU AI Act and don’t know if it applies to your business, what it requires, or what the penalties are.

Our Methodology

The EU AI Act Applicability Framework: risk categories, who it applies to, and the compliance roadmap for UK businesses.

What Starkhorn Brings

Daniel Jacobs: 20+ years in technology and security, 15+ of them in leadership roles. VetPartners (BC Partners, GBP1.2bn), Jardine Motors Group (GBP2bn). Published author. PRINCE2, ITIL, IIM Full Member.

Starkhorn does not subcontract or use associate networks. You work directly with Daniel Jacobs from the first conversation through to delivery.

Who This Is For

This service is designed for:

  • CEOs and legal teams at UK businesses with EU exposure or AI products

This is not the right fit for: Consumer businesses without EU operations or AI products.

Frequently Asked Questions

What is an AI policy template, and does my organisation need one?

It is a short document that tells your people which AI tools they may use, what data must never go into them, when AI use should be disclosed, and who is accountable. You almost certainly need one already: surveys show most staff are using AI tools at work whether or not anyone has set rules. Without a policy, your first AI incident, a data leak into a public chatbot for example, happens with no agreed boundary to fall back on.

Is this AI policy template free, and do I keep it?

Yes. The generator is free, the policy is yours to keep, edit and adopt, and Starkhorn takes no ongoing rights over it. We ask for your name, work email and organisation so we can send you the policy and, if you want, talk about putting governance behind it.

Does using this policy make us compliant with the law or with ISO 42001?

No. This is a starting draft, not legal advice and not certification. It is anchored in ISO 42001, NCSC and ICO guidance so it points you in a sensible direction, but compliance with UK data-protection law, the EU AI Act or any standard requires your own review, and certification against ISO 42001 is granted only by accredited bodies after a formal audit. Have a qualified professional review the policy before you rely on it.

Which frameworks and guidance is this based on?

ISO/IEC 42001:2023, the world’s first AI management system standard, which expects an approved AI policy; the NCSC’s guidance on the secure development and use of AI systems; and the ICO’s guidance on AI and data protection under UK GDPR. Where the policy touches transparency for AI-generated content, it reflects the direction of the EU AI Act’s transparency obligations, without claiming legal compliance with them.

What does a typical Starkhorn engagement cost?

Engagements are structured as monthly retainers or fixed-term day-rate assignments. The cost depends on scope and time commitment. We are transparent about pricing from the first conversation and will give you a clear indication on the call.

What experience does Starkhorn bring?

Starkhorn is led by Daniel Jacobs, with 20+ years in technology and security, 15+ of them in leadership roles. He has served as Interim Group Technology Director at VetPartners (BC Partners-backed, GBP1.2bn), accountable for both technology and security, and as CIO and CISO at Jardine Motors Group (GBP2bn turnover). He holds PRINCE2, ITIL Foundation, and is a Full Member of the Institute of Interim Management.

Is AI governance just about compliance?

No. Compliance is the floor, not the ceiling. Effective AI governance helps your board understand the risks and opportunities of AI, ensures accountability for AI-driven decisions, and builds stakeholder trust. It is as much a competitive and reputational issue as a regulatory one.

What is the first step to working with Starkhorn?

Book a no-obligation conversation using the link on this page. In 30 minutes we will understand your situation, tell you honestly whether we are the right fit, and outline what a first engagement would look like. There is no sales process and no pressure.

Next step

Ready to Talk?

Starkhorn works with MDs, CEOs, and boards of growing businesses. If you have a technology leadership gap, a security concern, or a transformation that is not delivering, we can help. Book a 30-minute conversation with no obligation.

Book a Conversation

Related at Starkhorn