%20(1).png?width=205&height=74&name=Data%20Agents%20Logo%20-%20Blue%20PNG%20(208%20x%2070%20px)%20(1).png)
If you think the EU AI Act is just about ChatGPT, think again. The Act, in force since August 2024, is the most comprehensive AI regulation in the world - and it applies to all forms of AI, not just generative systems.
For marketers, this means your entire martech stack is now a compliance liability. Predictive scoring, recommendation engines, automated decision-making - if it’s powered by AI, it’s regulated.
And if you touch EU customers? You’re in scope - even if you’re UK-based, and even if the AI is from a vendor.
The AI Act Regulates All AI - Not Just Generative
The legal definition of AI under the Act is intentionally broad:
“Software that is developed with one or more of the techniques and approaches… and can, for a given set of human-defined objectives, generate outputs such as predictions, recommendations or decisions…”
(AI Act – Article 3(1))
That includes:
-
Generative AI (eg. text/image generation)
-
Predictive analytics (eg. lead scoring)
-
Recommendation engines (eg. product personalization)
-
AI-driven segmentation, targeting, pricing or routing
-
Chatbots, journey automation tools, voice interfaces
If the system learns from data and influences outcomes, it falls under the AI Act. Given that covers most, if not all, of the marketing stack, this is a significant issue for marketers.
Why UK Marketers Should Care
Brexit doesn’t exempt you. The AI Act applies extraterritorially - any brand using AI systems that affect people in the EU must comply. That includes:
-
UK-based businesses selling to EU customers
-
Global brands running EMEA-wide campaigns
-
Marketing teams using AI-enabled platforms that touch EU data
The Martech Risk You Didn’t See Coming
AI should already deeply embedded across your marketing operations:
|
Use Case |
Common AI Application |
|---|---|
|
Content creation |
LLMs for subject lines, headlines, blog copy |
|
Personalisation |
Recommendation engines, real-time UX changes |
|
Lead scoring |
Predictive conversion modelling, predictive lead scoing |
|
Campaign orchestration |
AI-triggered workflows and customer journey management |
|
Chatbots |
NLP and LLM-driven conversation design |
If you’re not actively auditing and classifying these tools, you’re likely to already be non-compliant.
Fines Are Brutal - And They’re Global
The penalties for non-compliance are severe:
-
€35 million or 7% of global turnover for the most serious violations
-
€15 million or 3% for other breaches
-
€7.5 million or 1% for misleading documentation
These apply regardless of where your business is based.
You’re Responsible for Your Vendors’ AI Too
Even if your team doesn’t build AI, you still use it through vendors. That makes you accountable.
You must:
-
Audit third-party platforms for AI use
-
Classify their risk level under the AI Act’s four-tier system
-
Secure data processing agreements to prevent misuse of customer data
-
Establish human oversight on automated decisions impacting customers
-
Maintain documentation of AI usage and governance practices
Minimal Risk ≠ No Risk
Even “minimal” or “limited” risk AI (e.g. chatbots, recommendation engines) triggers obligations:
|
AI Risk Tier |
Examples in Marketing |
Required Action |
|---|---|---|
|
Unacceptable |
Deepfakes, manipulative profiling |
Banned outright |
|
High-risk |
AI in recruitment, credit, health |
Strict governance, audit, registration |
|
Limited |
Chatbots, transparency-required systems |
Disclosure and logging |
|
Minimal |
Content or targeting support tools |
Monitor, document, and stay vigilant |
A system can shift categories depending on usage—today’s “safe” tool could become high-risk in a new context.
What Marketing Leaders Should Do Now
|
Action |
Why It Matters |
|---|---|
|
Audit your AI footprint |
Identify every AI-enabled tool you use |
|
Classify risks |
Apply the EU’s framework to internal and external tools |
|
Map customer touchpoints |
Track where AI influences decisions or experience |
|
Document oversight |
Ensure humans can intervene when needed |
|
Demand compliance from vendors |
Require DPAs and risk disclosures as part of onboarding |
Treat Compliance as a Growth Lever
Compliance isn’t at the glamorous end of the marketing spectrum but it isn't just about avoiding fines, it’s about brand trust.
-
Use transparency as a brand asset
-
Show buyers and regulators you’re in control
-
Turn AI governance into competitive advantage
At Data Agents, we help brands build trust-ready AI marketing systems that are aligned with regulation - and designed to scale. Get in touch if you need advice on your compliance levels.
References
Jul 8, 2025 1:08:30 PM
Comments