UK AI Compliance Guide

UK Website Compliance Guide for Small Businesses (2026)

Running a website in the UK means following several regulations, even if you’re a one-person business. Here’s what you need to know in plain English.

Privacy Policy (UK GDPR)

If your website collects any personal information (contact forms, email signups, analytics, cookies), you need a privacy policy. This is legally required under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The ICO (Information Commissioner’s Office) enforces this and can fine businesses up to £17.5 million for serious breaches.

Cookie Consent (PECR)

The Privacy and Electronic Communications Regulations (PECR) require you to get permission before setting non-essential cookies. This means you need a cookie consent banner. Since February 2026, the Data Use and Access Act 2025 raised maximum PECR fines to £17.5 million or 4% of global turnover, the same level as UK GDPR fines.

Accessibility (Equality Act 2010)

Under the Equality Act 2010, service providers (including websites) are expected to make reasonable adjustments for disabled users. This includes adding image descriptions (alt text), ensuring proper heading structure, and making your site navigable by keyboard.

AI Disclosure (Online Safety Act)

As of February 2026, if your website uses an AI chatbot that generates responses (not scripted answers), it must disclose this to users. Ofcom can fine up to 10% of global turnover.

ICO Registration

If you process personal data, you likely need to register with the ICO. This costs £40/year for most small businesses.

Scan your website now to see which of these requirements apply to you and get step-by-step instructions to fix any gaps.