What The EU AI Framework And UK’s Approach Mean For Your Agreements

Key takeaways

• EU AI Act: A new, comprehensive legal framework with a risk-based approach. AI systems are categorised from unacceptable risk (banned) to low risk (no binding rules), with specific obligations for each tier.

• UK's Approach: The UK is taking a different, "pro-innovation" path. It uses a principles-based, non-statutory framework that relies on existing regulators to apply core principles like safety and transparency, rather than creating a new, overarching law.

• Business Impact: Despite the different regulatory models, the main takeaway for businesses is the need for a robust, internal AI governance framework.

• Docusign's Role: Docusign Intelligent Agreement Management (IAM) can help businesses navigate these challenges. It can centralise AI-related contracts, use AI to flag risks in agreements, and provide a secure, auditable trail for compliance documentation.

From automating routine tasks to powering sophisticated decision-making, AI is transforming operations at a rapid pace. But with this speed and innovation comes a critical need for governance and a unified approach to regulation.

For businesses operating in the UK and the rest of Europe, understanding the new rules of engagement is no longer optional. It's an imperative for maintaining compliance, managing risk, and building trust with customers and partners.

Understanding the European artificial intelligence act

What is the new EU regulation on AI?

At its core, the EU AI is a regulatory framework, or AI Act, that aims to create a world-first, harmonised legal framework for the development, placement and use of AI systems. Its primary goal is to ensure AI systems used in the European market foster innovation and investment, while protecting health, safety and the environment.

What are the four levels of the EU AI Act?

The framework operates on a risk-based approach, categorising AI systems into four tiers:

• Unacceptable Risk: AI that manipulates human behaviour or social scoring, which is banned.

• High Risk: AI used in critical sectors like healthcare, law enforcement, education, and human resources. These systems face strict requirements and compliance checks.

• Limited Risk: AI systems with specific transparency obligations, such as chatbots that must disclose they are not human.

• Minimal/Low Risk: The vast majority of AI systems, such as spam filters, which have no binding obligations.

The high-risk category is highly relevant for most companies where you have a lot of stuff to do. Using or deploying a high-risk AI system will require robust risk management, technical documentation and human oversight, all of which must be auditable.

The Journey to the AI Act UK with the European Commission (EC EU)

The EU AI Act's journey has been a multi-year process. The European Commission first published its proposal for a regulation on AI in April 2021. The final text was approved by the European Parliament in March and by the EU Council in May 2024. The regulation officially entered into force on August 1, 2024, with a phased implementation schedule. Prohibitions on unacceptable risk AI systems became applicable in February 2025, with full compliance for all EU AI Act provisions not required until August 2026.

The UK’s "Pro-Innovation" Approach to AI

The UK is taking a different approach to AI regulation compared to the EU. Instead of a broad, horizontal framework like the EU AI Act, the UK is focusing on a sector-specific, principles-based approach, relying on existing regulators to adapt regulations to their respective domains. This aims to be more agile and adaptable to the evolving AI landscape.

The UK government is pursuing a more "pro-innovation" approach based on a set of core principles rather than a single new law. These principles, including safety, transparency, and accountability, are designed to be implemented and enforced by existing regulators (like the Information Commissioner’s Office for data privacy or the Competition and Markets Authority for consumer protection). This approach aims to provide greater flexibility and avoid stifling innovation, while still ensuring the UK's AI ecosystem aligns with global standards.

The Impact on Your Business and Agreements

AI and the law

Regardless of the regulatory approach, the message for businesses that procure and use AI is clear: you must now establish a robust AI governance framework.

Regulation in Europe

While AI regulations are the laws you must follow, AI governance is the proactive, internal system you build to ensure compliance and mitigate risk. Every new AI tool you procure, every vendor you partner with, and every internal policy you establish creates a new set of agreements that need to be managed with precision.

This presents a new set of challenges:

• New Vendor Contracts: How do you ensure your AI vendors are compliant and their contracts include the necessary clauses to appropriately apportion and mitigate your company’s liability? And also manage data governance, which allows you (the deployer) to meet your obligations under the EU AI Act?

• Proof of Compliance: How do you securely document the risk assessments, technical specifications, and human oversight required for high-risk AI systems?

• Internal Policies: How do you ensure swift and auditable acknowledgement and agreement from employees on new AI usage policies?

Docusign's Role: Partnering for AI Governance

At Docusign, we understand that effective AI governance requires more than just a new policy; it requires a robust, end-to-end process. Docusign is dedicated to promoting transparency, trust, and safety in our AI practices. We are continually working to align our platform with the guiding laws and frameworks, such as the EU AI Act, and other applicable AI regulations and guidance.

High level summary

Here’s how Docusign Intelligent Agreement Management (IAM) can help you navigate this new landscape:

• Centralised Management: Use Docusign IAM to centrally store and manage all contracts related to AI vendors, ensuring they are easily searchable and auditable for regulatory scrutiny.

• Proactive Risk Mitigation: Leverage AI-Assisted Review to automatically flag and redline clauses in AI vendor contracts.

• Secure Collaboration: Use Workspaces to securely collaborate on and document your AI risk assessments with legal, IT, and compliance teams, creating a single source of truth for all governance documentation.

• Consent based approach to AI: Our AI engine, Docusign Iris, is built with trust at its core. We understand that you need to be in control of your data. That's why we take a consent-based approach to our AI datasets, putting you in the driver's seat. You decide whether or not your information is used for training our AI models. And to protect your data, we prioritise anonymisation and aggregation, so your sensitive information remains private while we work to make our AI smarter and more effective for everyone.

• Consent trail: By using Docusign eSignature in tandem with our advanced Identity Verification to ensure an auditable consent trail that meets stringent data privacy regulations like General Data Protection Regulation (GDPR).

AI adoption and AI compliance

In an era of rapid AI adoption, Docusign is committed to helping you turn AI compliance from a bottleneck into a business enabler. By creating a secure and auditable foundation for all your AI-related agreements, we ensure your journey to the future is not just innovative, but also safe and transparent.

DISCLAIMER: The information in this article is for general information purposes only and is not intended to serve as legal advice. Laws governing the subject matter may change quickly, so Docusign cannot guarantee that all the information on this site is current or correct. Should you have specific legal questions about any of the information on this site, you should consult with a licensed attorney in your area.