If you think the EU AI Act is just about ChatGPT, think again. The Act, in force since August 2024, is the most comprehensive AI regulation in the world - and it applies to all forms of AI, not just generative systems.
For marketers, this means your entire martech stack is now a compliance liability. Predictive scoring, recommendation engines, automated decision-making - if it’s powered by AI, it’s regulated.
And if you touch EU customers? You’re in scope - even if you’re UK-based, and even if the AI is from a vendor.
The legal definition of AI under the Act is intentionally broad:
“Software that is developed with one or more of the techniques and approaches… and can, for a given set of human-defined objectives, generate outputs such as predictions, recommendations or decisions…”
(AI Act – Article 3(1))
That includes:
Generative AI (eg. text/image generation)
Predictive analytics (eg. lead scoring)
Recommendation engines (eg. product personalization)
AI-driven segmentation, targeting, pricing or routing
Chatbots, journey automation tools, voice interfaces
If the system learns from data and influences outcomes, it falls under the AI Act. Given that covers most, if not all, of the marketing stack, this is a significant issue for marketers.
Brexit doesn’t exempt you. The AI Act applies extraterritorially - any brand using AI systems that affect people in the EU must comply. That includes:
UK-based businesses selling to EU customers
Global brands running EMEA-wide campaigns
Marketing teams using AI-enabled platforms that touch EU data
AI should already deeply embedded across your marketing operations:
|
Use Case |
Common AI Application |
|---|---|
|
Content creation |
LLMs for subject lines, headlines, blog copy |
|
Personalisation |
Recommendation engines, real-time UX changes |
|
Lead scoring |
Predictive conversion modelling, predictive lead scoing |
|
Campaign orchestration |
AI-triggered workflows and customer journey management |
|
Chatbots |
NLP and LLM-driven conversation design |
If you’re not actively auditing and classifying these tools, you’re likely to already be non-compliant.
The penalties for non-compliance are severe:
€35 million or 7% of global turnover for the most serious violations
€15 million or 3% for other breaches
€7.5 million or 1% for misleading documentation
These apply regardless of where your business is based.
Even if your team doesn’t build AI, you still use it through vendors. That makes you accountable.
You must:
Audit third-party platforms for AI use
Classify their risk level under the AI Act’s four-tier system
Secure data processing agreements to prevent misuse of customer data
Establish human oversight on automated decisions impacting customers
Maintain documentation of AI usage and governance practices
Even “minimal” or “limited” risk AI (e.g. chatbots, recommendation engines) triggers obligations:
|
AI Risk Tier |
Examples in Marketing |
Required Action |
|---|---|---|
|
Unacceptable |
Deepfakes, manipulative profiling |
Banned outright |
|
High-risk |
AI in recruitment, credit, health |
Strict governance, audit, registration |
|
Limited |
Chatbots, transparency-required systems |
Disclosure and logging |
|
Minimal |
Content or targeting support tools |
Monitor, document, and stay vigilant |
A system can shift categories depending on usage—today’s “safe” tool could become high-risk in a new context.
|
Action |
Why It Matters |
|---|---|
|
Audit your AI footprint |
Identify every AI-enabled tool you use |
|
Classify risks |
Apply the EU’s framework to internal and external tools |
|
Map customer touchpoints |
Track where AI influences decisions or experience |
|
Document oversight |
Ensure humans can intervene when needed |
|
Demand compliance from vendors |
Require DPAs and risk disclosures as part of onboarding |
Compliance isn’t at the glamorous end of the marketing spectrum but it isn't just about avoiding fines, it’s about brand trust.
Use transparency as a brand asset
Show buyers and regulators you’re in control
Turn AI governance into competitive advantage
At Data Agents, we help brands build trust-ready AI marketing systems that are aligned with regulation - and designed to scale. Get in touch if you need advice on your compliance levels.
References