Regulatory Recalibration: Diverging Approaches to AI in the EU & UK
TL;DR:
The EU is easing AI Act compliance through extended deadlines, simplified obligations, and exemptions for SMEs, while the UK is relying upon sector-specific regulators to enforce a principles-based framework, rather than introducing a single statute. For insurers, the divergence creates a more complex compliance landscape that will shape underwriting, create potential coverage caps, and impact policy wording responding to regulatory fines across jurisdictions.
The Details:
EU
Recent adjustments to the European Union’s landmark AI Act are a response to warnings of economic stagnation and global competition, providing breathing room to businesses and simplifying compliance.
While the AI Act formally entered into force on 1 August 2024 and introduced penalties up to 7% of worldwide annual turnover, its requirements were intended to be introduced in phases. Prohibitions on unacceptable AI systems (social scoring and manipulative AI) took effect in February 2025 and the majority of other rules were due to come into force in August 2026; however, the EU recently agreed a Digital Omnibus on AI, setting out draft guidelines for providers and deployers of high-risk AI systems, and delaying the next phase of compliance deadlines to December 2027 for stand-alone high-risk AI systems (used in biometrics, critical infrastructure, education, employment, migration, asylum and border control), and to August 2028 for safety-component AI systems.
Following sustained pressure from industry and policymakers concerned that the original legislation was unclear and risked outpacing technical standards and practical compliance readiness, the omnibus also simplifies certain obligations, introduces exemptions for SMEs, and reduces registration burdens for limited-risk tasks. The overlapping compliance obligations between the AI Act and EU product safety laws, in particular the Machinery Regulation, are also resolved, by exempting AI systems integrated in machinery from direct compliance with the AI Act.
These changes acknowledge that, while robust safeguards remain essential, regulation must also provide legal certainty to the sector, if Europe is to remain competitive in the global AI market.
European business groups have welcomed the amendments, but some say they don’t go far enough, while European privacy rights groups argue certain changes “weaken enforcement, undermine legal certainty, and ultimately erode the protection of fundamental rights that the AI Act is designed to guarantee”.
UK
In contrast, the United Kingdom takes a more hands-off approach, positioning itself as the middle ground between the more prescriptive EU model and the lighter-touch, market-led approach emerging in the United States.
Rather than introducing a comprehensive AI statute enforced by a single AI regulator, the UK is relying upon a pro-innovation, principles-based framework enforced through existing sector regulators (ICO for data, FCA for finance, MHRA for medicines and healthcare products, etc.), aiming to provide oversight without constraining innovation. We predict this sector-specific model will present compliance challenges when individual sector mandates for compliance and enforcement do not align.
The UK government also has proposed an AI Growth Lab, designed to operate regulatory sandboxes to enable developers to test innovative AI systems, products, and services in real-world conditions under
regulatory supervision with streamlined approval for products that perform well in the sandbox environment. This stands in deliberate contrast to the EU’s approach requiring conformity before access to markets.
Finally, the UK government recently published its Report on Copyright and Artificial Intelligence, announcing it was pausing proposed reform to UK copyright legislation to address AI training and outputs to gather more evidence, and (apparently in response to overwhelming opposition from the creative industries) abandoning its proposed exception to copyright infringement for commercial text and data mining (TDM) or AI training, leaving the market (at least for now) to rely on licensing and litigation to fill the gap. The decision to abandon the proposed TDM exception is consequential for AI developers operating in the UK. Without this safe harbour for training on copyrighted material, UK-based AI companies will face a legal environment where the boundaries of permissible use are set case-by-case through licensing negotiations and litigation, which we expect will be a slower, less predictable process than a legislative carve-out. For insurers, this creates professional indemnity and IP infringement claim exposure arising from AI outputs that inadvertently reproduce or derive from protected works.
These changes demonstrate the tension between balancing AI innovation with public safety and accountability, while also creating a patchwork quilt of regulation. For underwriters and brokers, the practical question is how to price and structure coverage when the regulatory landscape differs fundamentally depending on where your insured operates.
What do you think?
· Are EU AI Omnibus changes likely to reduce administrative burdens on business in any material way?
· Does the UK’s sector-specific approach risk creating a chaotic framework of rules and regulations, making compliance highly complex and difficult to navigate?
· For underwriters and brokers writing coverage, how do you assess AI risk for insureds operating in the UK and/or the EU subject to different compliance and enforcement timelines? How does this divergence affect the way you structure policy terms, define regulatory exclusions, and assess exposure?
#AIRegulation #EUAIAct #UKLaw #InsuranceLaw #ProfessionalLiability #LondonMarket #Insurtech #AtheriaLaw
A version of this article also appeared on LinkedIn on May 26, 2026.
