AboutBlogBusiness First AIFounder FreedomBook a conversation

Designing AI systems with risk assessment built in from day one

May 18, 2026
A person reviewing a printed document at a well-lit desk with papers spread around them
TL;DR

For a small UK services firm, designing AI with risk assessment built in from day one means classifying every use case by risk level before deployment, running a proportionate impact assessment, using enterprise rather than consumer accounts, keeping humans in the loop for significant decisions, and reviewing the whole setup annually. The ICO and Government Digital Service both treat this as the expected standard, not an optional extra.

Key takeaways

- The ICO requires a data protection impact assessment before deploying AI in ways likely to create high risk to individuals, including automated decisions and large-scale personal data processing. - A three-tier risk classification (high, medium, low) is the practical starting point: no tool should be deployed until its use case has been assigned a tier and documented. - The three most common AI risks for small services firms are data leakage through consumer-tier tools, inaccurate outputs treated as fact, and bias in AI-driven client decisions. - Enterprise accounts from providers like Microsoft and OpenAI include contractual data protections that consumer tiers do not. The difference is material for UK GDPR compliance. - Human oversight is mandatory for high-risk AI decisions. A named reviewer and a documented audit trail are the minimum controls regulators and clients will expect.

A founder at a fifteen-person services firm discovered his AI risk problem by accident. One of his team had been using the free tier of a generative AI tool to draft client reports for three months. The outputs were good. The problem was that client financial data, including identifiable individuals, had been processed by a US-based model on terms the firm had never read. He found out when a client asked whether their data had been used to train any third-party models. He had no documented answer.

He’d designed his AI workflow for speed and output quality. Risk hadn’t been part of the brief.

What does risk-first AI design actually mean?

Risk-first AI design means assessing the potential harms of a tool before deploying it, not after something goes wrong. For a small firm, this means three questions upfront: what data will the AI see, what decisions will it shape, and who is responsible if something fails. The ICO and Government Digital Service both treat this as an expected starting point now. You can document the basics in an afternoon.

The Government Digital Service published its AI Playbook for the UK Government in December 2024, setting out ten principles for safe AI deployment. Principle two requires teams to understand and manage AI risks from the start of a project, with documented review processes and clear escalation routes. While you’re not a government department, the standard reflects what UK regulators expect from private-sector firms using AI in client-facing or decision-influencing workflows.

For a small services firm, the practical starting point is a three-tier classification applied before adopting any tool. Mark every AI use case as high-risk (affecting client decisions, employment, credit, or vulnerable individuals), medium-risk (internal drafting tools where a human signs off before output reaches a client), or low-risk (experimentation on non-personal or public data with no external impact). Nothing gets deployed until it has a tier assigned and a brief risk note to accompany it.

Why does this matter for your business right now?

UK regulators are already treating AI under existing legal frameworks, and pressure is growing. The ICO requires a formal data protection impact assessment before using AI in ways likely to result in high risk to individuals, including automated decision-making and large-scale processing of personal data. The EU AI Act adds a parallel requirement for a documented risk management system throughout an AI system’s lifecycle, applying wherever you serve EU clients.

Research published by IBM in 2023 found that 51% of surveyed organisations had implemented AI governance policies, but 69% reported difficulty actually managing AI risks, particularly around data security and compliance. That gap between having a policy and acting on it is where small firms are most exposed. A written policy nobody follows is not a defence if the ICO or a client comes asking.

The UK Government’s 2024 to 2025 AI Regulation Update confirmed that UK regulators, including the ICO, FCA, and CMA, are expected to embed AI risk principles into their sector guidance without waiting for new primary legislation. If your firm uses AI in a regulated sector, such as financial services or professional advice, the risk register you need is already implied by existing rules. Outside regulated sectors, ICO data protection requirements still apply wherever you process personal data through an AI tool.

Where will AI risk actually show up in your business?

Three categories of AI risk come up repeatedly for small services firms using AI in client work: data leakage through consumer-tier tools, inaccurate outputs treated as reliable, and bias in AI-driven decisions. Each has a real enforcement or litigation history behind it in the UK and further afield, and each can be designed against from the outset with proportionate controls.

Data leakage is the most immediate concern for firms whose staff use free or consumer-tier AI accounts. In 2023, Samsung restricted employee use of generative AI tools after staff pasted proprietary source code and meeting notes into ChatGPT, where it became part of OpenAI’s training data. The NCSC’s guidance on using public generative AI safely is explicit: prompts sent to a public AI service should be treated as data going to a third party, not as a private conversation with a tool.

Inaccurate outputs create a different category of exposure. In a 2023 federal court case in New York, a lawyer submitted a legal brief citing cases fabricated by ChatGPT. The cases did not exist. The lawyers were sanctioned and fined. The same exposure applies to any professional services firm where AI outputs are used without a verification step. Hallucinations are a structural feature of how language models work, not a temporary bug awaiting a fix.

Bias and discrimination round out the picture. The ICO fined Clearview AI £7.5 million in 2022 for unlawful facial recognition processing, partly on grounds of unfair and intrusive handling of personal data at scale. The FCA has since signalled it will scrutinise AI-driven decisions in financial services wherever they affect creditworthiness, insurance pricing, or vulnerable customers. Any firm using AI to score or profile clients needs to ask whether the training data underpinning that model is fair.

When do you actually need a formal risk assessment?

A formal risk assessment is required whenever your AI use case is high-risk: it affects client decisions, involves personal data about identifiable individuals, or relies on outputs where a significant error causes real harm. The ICO requires a data protection impact assessment in these situations, and provides an AI risk toolkit that covers purpose, data, model, and deployment risks. For a typical small-firm use case, working through it takes two to three hours.

For medium-risk use cases, a shorter check suffices. Document the purpose, confirm what data the AI will see, verify there are no special-category personal data flows, and record who will review outputs before they reach a client. That might be a two-page note rather than a full assessment. What matters is that it exists and is signed off by a named person.

Low-risk use cases, such as using AI to summarise public information or draft marketing copy on non-client data, need only a brief note confirming they are genuinely low-risk. The value of writing anything down is that it forces the question. Firms that document nothing tend to find that low-risk has quietly crept into medium-risk over time as the tooling changes and staff find new ways to use it.

What does a practical risk-from-day-one approach look like?

The sequence that works for a firm of five to fifty staff has five steps, and none requires specialist legal knowledge or a dedicated compliance hire. Classify your use cases by risk tier before buying any tool, run the proportionate assessment before deploying it, confirm you are using enterprise accounts, keep humans in the loop for significant outputs, and review the setup every twelve months.

On enterprise accounts: providers including Microsoft and OpenAI offer terms that commit them contractually not to use your content for model training, which consumer tiers typically do not. Moving a team from consumer to enterprise accounts is a one-afternoon change that immediately closes a material data protection gap. The EU AI Act requires meaningful human oversight for high-risk AI systems, specifically the ability to understand, override, and intervene. The Government Digital Service’s playbook says the same: a human must validate high-risk AI decisions, and there must be a plan to act if the AI produces a harmful output. A named reviewer and a documented sign-off step are the minimum.

Every twelve months, re-run the risk assessment for each tool in active use. Check whether vendor terms have changed, whether use cases have crept into higher-risk territory, and whether the controls you put in place are still being followed. The NCSC’s guidelines for secure AI system development recommend monitoring AI components with the same rigour you’d apply to any software. Annual reviews are not bureaucracy. They are the difference between a compliance record that helps you and a paper trail that doesn’t.

Sources

- ICO (2024). Guidance on AI and data protection. Sets out when a DPIA is required for AI processing and the lawful basis obligations under UK GDPR. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/guidance-on-ai-and-data-protection/ - European Parliament (2024). Consolidated text of the EU Artificial Intelligence Act. Defines the risk-based taxonomy, high-risk system requirements, and lifecycle risk management obligations for providers and deployers. https://www.europarl.europa.eu/doceo/document/TA-9-2024-0138_EN.html - UK Government (2025). A pro-innovation approach to AI regulation: 2024 to 2025 update. Confirms that ICO, FCA, and CMA are expected to embed AI risk principles in sector guidance without new primary legislation. https://www.gov.uk/government/publications/ai-regulation-a-pro-innovation-approach-policy-update - Government Digital Service (2024). AI Playbook for the UK Government. Sets out ten principles for safe, effective AI in the public sector, including risk management and human oversight from the start of a project. https://assets.publishing.service.gov.uk/media/67aca2f7e400ae62338324bd/AI_Playbook_for_the_UK_Government__12_02_.pdf - NCSC (2024). Using public generative AI safely. Covers data leakage risks from consumer-grade AI tools and the controls organisations should apply to prompts and outputs. https://www.ncsc.gov.uk/collection/generative-ai/using-public-generative-ai-safely - NCSC (2023). Guidelines for secure AI system development. Recommends secure design, data provenance, authentication, and monitoring for AI components, including prompt injection and data poisoning risks. https://www.ncsc.gov.uk/whitepaper/guidelines-secure-ai-system-development - ICO (2024). AI and data protection risk toolkit. Structured questions covering purpose, data, model, and deployment risks, designed to support DPIAs for AI projects in any size of organisation. https://ico.org.uk/for-organisations/ai-and-data-protection-risk-toolkit/ - ICO (2022). ICO fines Clearview AI Inc £7.5m for using images of people in the UK. Enforcement action citing unlawful scraping, lack of lawful basis, and intrusive biometric processing at scale. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/05/ico-fines-clearview-ai-inc-7-5m/ - FCA (2022). DP5/22: Artificial intelligence and machine learning. Sets out FCA expectations on board accountability, data quality, and model risk management for AI in regulated financial services. https://www.fca.org.uk/publication/discussion/dp5-22.pdf - IBM (2023). Global AI Adoption Index 2023. Reports that 51% of surveyed organisations had implemented AI governance policies, but 69% reported difficulty managing AI risks in practice. https://www.ibm.com/downloads/cas/1VZ7E3XK

Frequently asked questions

Does the ICO's guidance on AI apply to small businesses, not just large enterprises?

Yes. The ICO's data protection impact assessment requirement applies to any organisation processing personal data in ways likely to result in high risk, regardless of size. If you use AI for profiling, automated decisions, or large-scale personal data processing, a formal assessment is expected before you start. The ICO's AI risk toolkit is designed for organisations without large in-house compliance teams and takes a few hours to complete.

What is the difference between a DPIA and an AI risk assessment?

A data protection impact assessment is a legal requirement under UK GDPR when AI processing creates high risk to individuals. An AI risk assessment is a broader internal exercise covering data, accuracy, bias, security, and governance. For a small firm, the practical approach is to run both together using the ICO's AI risk toolkit, which addresses the DPIA requirements alongside the wider risk questions in a single structured process.

Do UK firms need to worry about the EU AI Act?

If you place AI-enabled services on the EU market or use AI tools that process EU residents' data, yes. The Act has extraterritorial reach and applies to providers and deployers whose AI outputs are used in the EU, regardless of where the firm is based. UK firms serving EU clients should treat high-risk AI Act provisions as directly relevant, because the core risk principles currently converge with UK regulatory expectations.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

A business professional sitting at a desk reviewing documents on a laptop, with client folders stacked to one side

How to stop staff using ChatGPT with client and confidential data

Your team's ChatGPT habit is likely moving client data outside your legal control, and this post covers the UK GDPR obligations, practical policy, and safer alternatives to get ahead of it.

A business owner looking at documents on a meeting room table with a laptop open beside them

Does your business actually need formal AI governance?

A decision guide for owner-managed businesses on when formal AI governance is genuinely required and when lighter controls are adequate.

Person reviewing a printed document at a wooden desk with a pen, natural light from a window

UK AI copyright rules explained for business owners

What UK copyright law actually says about AI tools and outputs, and where owner-managed businesses carry the real risk.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd