AboutBlogBusiness First AIFounder FreedomBook a conversation

When to buy AI software and when to build custom

May 17, 2026
A person at a desk comparing two printed documents with a laptop and coffee beside them
TL;DR

For the typical UK SME, buying off-the-shelf AI software is the right default. Subscriptions at £20 to £900 per month deliver working capability in days without an engineering team. Custom builds at £15,000 to £80,000 make sense in three situations: genuinely non-standard workflows that drive competitive advantage, data sensitivity or regulatory constraints that rule out public SaaS, or integration and workaround costs that have already exceeded what a custom solution would cost.

Key takeaways

- The right default for the typical UK SME is to buy off-the-shelf AI first and build only when you have a clear, specific reason to do so. - Three conditions justify commissioning a custom build: non-standard workflows at the centre of your competitive advantage, data or regulatory constraints that rule out public SaaS, or integration costs that have crossed the build threshold. - Around 70% of AI projects fail in year two when firms scale from pilot to production without a staged adoption plan, making sequencing the most important risk management decision. - When buying SaaS AI, you remain the UK GDPR data controller. The ICO expects controller-processor contracts and Data Protection Impact Assessments for high-risk processing. - Before committing budget to either path, name how standard your use case is, how many existing systems the AI needs to connect to, and whether you have internal engineering capacity to own a custom build.

A professional services firm owner sat down for a call with a list: her team was running five separate AI subscriptions, none of them connected. Her operations director had spent the previous afternoon manually re-exporting data between tools that should have fed each other automatically. She wanted to know whether she should cancel everything and commission something custom instead.

The answer, in her situation, was no. Not yet. But the question is worth asking properly, because the answer depends on where you are in your AI adoption and what your workflows actually need.

The choice you’re facing

Off-the-shelf AI software means a licensed SaaS product your team can configure without writing code. The vendor handles updates, security, and model improvements, and charges a subscription fee. Building custom means commissioning bespoke development work you own and maintain. Your default should almost always be: buy first, build later, and have a clear trigger before you switch.

The subscription market for UK SMEs now runs from around £20 per user per month for embedded AI tools to £900 per month for specialist platforms. API services let you wire third-party AI models into workflows without a full custom build. No-code builders like Zapier or Microsoft Power Platform sit in between: faster than custom, more configurable than pure SaaS. Many SMEs will use some combination of all three, and the practical question is which one matches your use case, your data constraints, and your capacity to maintain what you buy.

When is buying AI software the right call?

UK SME consultants recommend buying off-the-shelf for general use cases: content generation, email drafting, document summarisation, and admin automation. SaaS AI tools run from roughly £20 to £900 per month. For standard processes, a subscription delivers working capability in days or weeks, without engineering resource or infrastructure, with the vendor carrying maintenance and model updates.

Buying makes sense when any of three conditions apply. Your use case is common and well-served by existing products. You have no internal AI engineering capacity to own and maintain a custom system. You want to test the value of AI in a workflow before committing capital to a bespoke build. UK AI consultancy Red Eagle Tech puts it directly: jumping to custom development before you have proven the business case is one of the more expensive mistakes an SME can make.

The data protection angle matters here too. When you buy SaaS AI, you remain the data controller under UK GDPR, and the vendor becomes your data processor. The ICO expects you to have a formal controller-processor contract, clarity on where your data is stored and whether it is used for model training, and a Data Protection Impact Assessment where the processing is high-risk. None of this stops you buying, but it means treating the vendor’s data processing terms as a document worth reading, not signing blind.

When does commissioning a custom build make sense?

Custom AI development makes sense in a narrower set of circumstances than many founders think. UK AI developers put SME-scale custom automation projects at £15,000 to £80,000 for production-ready work, and industry analysis suggests only around 5 to 10% of firms have requirements genuinely unique enough to justify building proprietary AI over buying. Three conditions make the case.

First: your workflows are genuinely non-standard and drive competitive advantage. A logistics firm training route-optimisation models on years of its own telematics data cannot buy that capability from a vendor. A specialist consultancy encoding its own analytical frameworks into a retrieval system creates something no SaaS subscription replicates. The test is simple: could a competitor subscribe to the same tool and get the same result? If yes, buying is almost certainly right.

Second: data sensitivity or regulatory constraints rule out public SaaS. The NCSC recommends treating externally hosted AI tools as untrusted services and assessing where sensitive data is sent and stored. For firms handling client financials, health records, or legally privileged information, ICO guidance on AI and data protection stresses the need for strong controls on third-party access. In regulated financial services, FCA policy on operational resilience raises further questions about single-vendor dependency for AI-assisted decisions.

Third: your integration and workaround costs have crossed the build threshold. When you are spending more on patching tools together than on the subscriptions themselves, a custom solution tends to be cheaper over three to five years. Innovate UK grant competitions can reduce that build cost significantly for eligible SMEs, which changes the financial comparison further.

What does it cost to get this wrong?

Industry research drawing on Gartner and McKinsey data suggests around 70% of AI projects fail in year two, when costs spike as firms try to scale from pilot to production. The two failure modes run in opposite directions: building too early, before the use case is proven, and staying with subscriptions too long, until workaround costs exceed what a custom build would have cost.

The build-too-early failure looks like a scoped project that expands during development, overrunning both time and budget before it ships anything useful. Loose scope and no proven use case is the combination that turns a modest build into an expensive, unusable prototype.

The subscription-accumulation failure is quieter but just as costly. Multiple tools, growing monthly spend, and an operations team spending significant time on manual data transfers that should be automatic. When the total subscription cost reaches several hundred pounds per month and the tools still aren’t connecting properly, the economics of a custom build look different.

There is a third pattern: stretching no-code platforms beyond what they were designed to do. UK AI developer Softomate Solutions warns that firms often pile workarounds onto these platforms until they end up with a fragile, expensive system that costs more to maintain than a custom solution would have from the start. The platform is still charging per task; the integrations are breaking; and a developer is now needed to untangle it.

The staged approach is the consistent mitigation. Organisations that moved from off-the-shelf tools to a hybrid model and then to custom builds in sequence achieved sustainable AI return on investment materially faster than those that committed to a custom build from the outset. The sequencing reduces risk and preserves learning.

What to ask before you commit

Before committing to buy or build, two facts shape the analysis more than any others: how standard your use case is, and whether you have internal engineering capacity to own what you build. If the use case is common and you have no AI engineers, the answer is almost always buy. The questions below push you to name those facts clearly before you spend anything.

Start with use case coverage. How many vendors offer a working demo of what you need? If you can name three, the use case is well-served and buying is the right starting point. What percentage of your actual workflow does the best vendor handle? If the gap is in genuinely proprietary logic, a thin custom build on top may be worth evaluating. If the gap is just inconvenience, it probably isn’t.

Then think about systems and cost. How many of your existing platforms does this AI need to connect to? When the number reaches three or more with proprietary logic between them, a custom build starts to look more attractive than subscription-plus-workaround. What is the three to five year total cost of ownership for each path, including integration work, maintenance, and the risk of vendor price increases?

Assess your capacity to own a custom build. A bespoke system needs someone who can manage dependency updates, API changes, and security patches. If that person does not exist internally, factor ongoing maintenance into the build budget from day one, or the cheaper custom solution will not stay cheaper for long.

Consider vendor exit too. If the platform you choose is acquired, raises prices significantly, or suffers a prolonged outage, can you export your data and move? Vendor lock-in on a workflow your business depends on is a different category of risk from lock-in on a peripheral tool. The CMA has flagged competition and interoperability in AI markets as an area of active scrutiny.

The decision isn’t irreversible. Starting with off-the-shelf tools and migrating workloads to custom builds as your needs clarify is the approach that industry evidence suggests produces the most sustainable AI return on investment.

Sources

Information Commissioner's Office (2024). Guidance on AI and data protection, including generative AI. The UK GDPR controller-processor obligations and DPIA requirements for firms buying or building AI when personal data is involved. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/ Information Commissioner's Office (2023). Explaining decisions made with AI. Fairness, accountability and explainability obligations when AI assists or makes decisions about individuals. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/explaining-decisions-made-with-ai/ National Cyber Security Centre (2024). Using AI safely and securely. Guidance on treating externally hosted AI tools as untrusted services and assessing data residency, access, and supply chain risk. https://www.ncsc.gov.uk/collection/artificial-intelligence Digital Regulation Cooperation Forum (2024). Joint statement on the co-ordinated regulatory response to AI. Published April 2024 by ICO, CMA, FCA and Ofcom, signalling increasing oversight and coordination around AI across UK sectors. https://www.drcf.org.uk/publications/joint-statement-on-the-coordinated-regulatory-response-to-ai Financial Conduct Authority (2021, updated 2023). PS21/3: Building operational resilience. Policy on outsourcing and third-party dependency applicable to FCA-regulated firms considering vendor-dependent AI decisions. https://www.fca.org.uk/publication/policy/ps21-3.pdf European Commission (2024). Artificial Intelligence Act policy overview. Extra-territorial scope and obligations for UK SMEs supplying or deploying AI in EU markets. https://digital-strategy.ec.europa.eu/en/policies/european-approach-artificial-intelligence Competition and Markets Authority (2024). AI foundation models initial review. CMA work on competition and interoperability in AI markets, relevant to vendor lock-in risk for SMEs. https://www.gov.uk/government/publications/ai-foundation-models-initial-review Innovate UK (2024). Innovation funding for UK businesses. Grant competitions covering AI and digital innovation, available to SMEs to offset custom build costs. https://www.ukri.org/councils/innovate-uk/ Red Eagle Tech (2024). Custom AI vs off-the-shelf: when UK SMEs should build bespoke. UK consultancy analysis of staged adoption, year-two failure rates, and cost benchmarks for SaaS AI tools and custom builds. https://redeagle.tech/blog/custom-ai-solutions-uk-smes Softomate Solutions (2024). No-code AI tools vs custom AI development. UK AI developer benchmarks for SME-scale custom automation projects and analysis of the risks of stretching no-code platforms beyond their design limits. https://www.softomatesolutions.com/blog/no-code-ai-tools-vs-custom-ai-development/

Frequently asked questions

How do I know if my use case is standard enough to buy off the shelf?

Check whether three or more vendors offer a working demo of what you need. If they do, your use case is well-served and buying is almost certainly the right starting point. The question becomes relevant when the best vendor covers roughly 70% of your workflow but the remaining 30% sits in genuinely proprietary or competitive logic, and the gap is worth building around.

What does a custom AI build typically cost for a UK SME?

Production-ready custom AI automation projects for UK SMEs typically run from £15,000 to £80,000, depending on data complexity, the number of systems involved, and whether the build includes model training on proprietary data. That figure can look different if you qualify for an Innovate UK grant competition, which can cover a significant share of eligible development costs for SMEs.

Does buying SaaS AI create data protection risks?

Buying SaaS AI does not remove your UK GDPR obligations. You remain the data controller and the vendor is your data processor, so you need a formal controller-processor contract, clarity on where your data is stored and whether it is used for model training, and a Data Protection Impact Assessment if the processing is high-risk. The ICO's guidance on AI and data protection covers what that due diligence should include.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

Business owner at a desk reviewing content on a laptop with a notepad open beside them

Is AI worth the time and cost for a small firm?

A decision guide for owner-managers on when AI is worth the investment, when to hold back, and what to ask before committing.

Two people in a business discussion at a meeting table, reviewing documents together

When it makes sense to bring in an AI consultant

How to tell whether your AI project needs external consultancy, when to keep it internal, and what to ask before you make the call.

Business owner seated at a desk reviewing a printed contract document with a pen in hand

How to select the right AI supplier for your business

Three supplier shapes, five due diligence questions, and what UK law says about your accountability when you hand data to an AI vendor.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd