AI, the law, and your data.
Should I use AI?
There's a lot of noise about the EU AI Act, the Data (Use and Access) Act, and GDPR right now. Most of it is louder than it needs to be.
So here's a calmer way to look at it. Build the sentence for what you're about to do, and see what actually applies: the three big laws when they're relevant, and the other things that matter more often than people think, like confidentiality and where your data ends up.
No jargon, no score, no scare. I'll add more situations over time.
If there's a situation you'd like me to add, or you have any feedback, email me.
This is absolutely not legal advice, and I'm not a lawyer. It's only my reading, as an architect, of what you should and shouldn't do, meant to help you think it through, not to tell you what's allowed.
Change any of the blue words and watch the cards respond.
Working draft · v0.1 · current to June 2026
A note on what this is
This is a plain-English orientation, not legal advice. I'm not a lawyer, I'm a Sovereign AI architect. It's here to help you work out which of these things are even worth your attention, and which you can stop worrying about. For anything that turns on your regulator or your contracts, your own adviser is the right next stop.
If you'd like a proper look at how your organisation is using AI and where the real exposure sits, a Sovereign AI Discovery is where I'd start. peter@peterbrady.co.uk