Skip to main content
GBQA-approved launch pageindex after QA

GeraCompliance in United Kingdom

GeraCompliance offers UK SaaS businesses a two-week fixed-scope compliance sprint covering AI Act risk classification, GDPR/DPA 2018 obligations, and ICO accountability requirements. Delivery is fully remote from London, with a flat service fee payable by UK invoice or Stripe Checkout.

Request compliance sprintView plans and pricingView Gera Services

Rollout tier

active-remote-b2b

Content depth

deep-local

City focus

London

Gap score

100

Readiness score

100

Payment readiness

verified

Proof Gate

London gate: 5 paying B2B customers or 10 paid job postings. Payment: Stripe UK live; invoice or Checkout link acceptable. Legal: Gera Services Ltd terms, UK GDPR, and service scope already primary operating basis.

Legal review is required. Current status: approved.

Use Cases

  • A London-based 50-person SaaS preparing for the EU AI Act August 2026 general-purpose AI model obligations and needing a dual AI Act and UK GDPR gap analysis before enforcement.
  • A UK fintech using GPT-4 for customer credit decisions requiring an AI Act risk classification and a Data Protection Act 2018 data minimisation review to satisfy ICO accountability expectations.
  • A Manchester-headquartered HR tech vendor supplying AI-assisted CV screening to EU employers, seeking a compliant-by-design report ahead of the first national regulator audit cycles.
  • A Series-A healthtech startup processing special-category data under Article 9 UK GDPR and requiring a documented legitimate-interest assessment plus an AI risk register before its next investment round.
  • A remote-first SaaS team with no in-house legal resource that needs a structured DPIA template, a model-risk log, and a plain-English ICO transparency notice within a two-week sprint window.

Country FAQ

Which UK regulations does GeraCompliance cover?

The sprint covers obligations under the UK Data Protection Act 2018 (which incorporates UK GDPR after Brexit), ICO accountability and transparency guidance, and Regulation (EU) 2024/1689 (the EU AI Act) in so far as it applies to UK companies placing AI systems on the EU market. The Equality Act 2010 bias-risk framing is included where the AI system makes decisions affecting protected characteristics.

Does the EU AI Act apply to UK companies after Brexit?

Yes. Regulation (EU) 2024/1689 has extraterritorial reach: any provider placing an AI system on the EU market, or a deployer using AI output to affect EU-based individuals, must comply regardless of where the company is incorporated. UK SaaS businesses with EU customers or EU-based users are directly in scope from the August 2026 general-purpose AI and high-risk system deadlines.

What does the two-week sprint deliver?

The sprint delivers a scoped AI Act risk classification for your AI features, a UK GDPR/DPA 2018 gap report, a Data Protection Impact Assessment (DPIA) template where required, a model risk register, ICO-facing transparency notice drafts, and a remediation road map with prioritised action items. All output is provided as editable documents suitable for board sign-off.

How is pricing structured for UK customers?

Pricing is a flat fee in GBP, invoiced by Gera Services Ltd (a UK company). Payment is accepted via Stripe Checkout (Visa/Mastercard/BACS) or a 30-day invoice for qualifying businesses. No subscription is required; the sprint is a one-time engagement with optional quarterly refresh add-ons.

What is the ICO's role and when must companies notify it?

The Information Commissioner's Office (ICO) is the UK's data protection supervisory authority under the DPA 2018. Companies must notify the ICO when processing is likely to result in high risk to individuals (Article 36 UK GDPR equivalent) before processing begins. The sprint identifies whether your AI use cases trigger mandatory prior consultation and produces the documentation the ICO expects to see during an inquiry.

Can a UK company be fined under the EU AI Act?

Yes. Non-compliant providers placing high-risk AI systems on the EU market face fines of up to EUR 30 million or 6% of global annual turnover under Regulation (EU) 2024/1689, whichever is higher. UK companies are not shielded by Brexit from these penalties when their systems affect EU individuals or are marketed in the EU.

Is a DPIA mandatory for AI systems under UK GDPR?

A Data Protection Impact Assessment is mandatory under Article 35 UK GDPR for processing that is likely to result in high risk, including systematic automated decision-making, large-scale processing of special-category data, and systematic monitoring of a publicly accessible area. Most AI systems that make or assist decisions about individuals will require one. The sprint determines whether your system meets the threshold and prepares the DPIA documentation.

How is delivery handled for UK-based teams?

Delivery is fully remote. Initial scoping is a one-hour video call; interim review is mid-sprint via asynchronous document review; final handover is a one-hour walkthrough. UK business hours (GMT/BST) are the default timezone. On-site London visits are available for an additional travel fee on request.

Evidence

  • ceo/strategy/market-gap-rollout-2026-04-24.md
  • config/gtm/lean-market-gap-rollout-2026.json
  • config/countries/GB.json
  • https://stripe.com/global
  • legal/AI_OUTPUT_REVIEW_POLICY.md
  • legal/EU_COMPLIANCE_LEGAL_REQS.md