Policy intelligence desk · English · EU + British Isles

How Europe is adopting AI — without the slogans.

Flint Brief reads the EU AI Act article by article, prices SME adoption work in euros, and names the advisors worth talking to.

Read the briefings Editorial line RSS

Status board

EU AI Act, at a glance.

Next deadline

T−17 days

· Main application

In force since

Art. 4 literacy · Art. 5 prohibited practices

Penalty cap

€35M · 7%

Of worldwide turnover for prohibited practices · Art. 99

Briefings live

57 editions

Last verified

Regulatory watch

EU AI Act — implementation timeline

  1. In force

    Prohibited practices (Art. 5) and AI literacy obligation (Art. 4).

  2. In force

    General-purpose AI rules and governance bodies operational.

  3. Main application

    High-risk systems (Annex III) and transparency duties (Art. 50).

  4. Grandfathered

    High-risk systems already on the market must come into compliance.

Source: Regulation (EU) 2024/1689 — EUR-Lex.

Latest dispatch

Brief № 057 Market 3 primary sources

Synthetic health data: who should EU SMEs choose?

A new EU clinical-data challenge turns synthetic data into a buying test. We compare Syntho, MDClone, Tonic.ai and ARCKONE.

A patient lies inside a medical imaging scanner in a clinical room.

Recent briefings

More from the desk.

All editions 

Brief № 056 Regulation

Police AI needs a disclosure run log

UK police will pilot AI for evidence review. The missing control is a run log that lets investigators, prosecutors and defence reconstruct each result.

Brief № 055 Regulation

Anonymous data now needs a three-test file

New EDPB guidance turns anonymisation into an evidence task: test record isolation, linkage and inference before treating data as outside GDPR.

Brief № 054 Strategy

Online age checks: who should EU SMEs choose?

The EU child-safety report turns age assurance into a product decision. Compare the EU blueprint, Yoti, Verifymy and ARCKONE.

Brief № 052 Regulation

ENISA's CRA score needs an evidence backlog

ENISA has given SMEs a practical cyber maturity model. The useful result is not the score but an owned backlog of product-security evidence.

Brief № 050 Regulation

The web is not a free AI training set

The EDPB's new draft on web scraping gives EU SMEs a practical test for any generative-AI dataset built from public pages.

Brief № 049 Strategy

The EU cyber-AI plan needs an SME asset list

Brussels' new cyber-AI plan is not a buying list. EU SMEs should first map the systems, data and privileges an AI-assisted attack can reach.

Brief № 048 Market

The Apply AI Startup Award is a nomination test

Europe's new Apply AI Startup Award is not an open call. Founders first need a credible national route, sector fit and a concise proof file.

Brief № 045 Strategy

AI energy now needs a meter, not a slogan

The EU is moving AI energy measurement from sustainability claim to procurement evidence. SMEs should ask vendors for usable numbers.

Brief № 043 Regulation

The UK automated-decision file SMEs now need

The UK Data Use and Access Act is now in force. SMEs using AI decisions need a small evidence file before they need a governance programme.

Brief № 042 Regulation

SBOMs are becoming the SME supplier file

ENISA's 2026 SBOM survey turns software bills of materials from security paperwork into a supplier-readiness test for EU SMEs.

Brief № 036 Regulation

AI sandbox help: who should EU SMEs choose?

AI Act sandboxes are becoming operational work. SMEs should choose help by evidence, workflow and role, not by the sandbox label.

Brief № 034 Regulation

The non-high-risk AI file SMEs now need

The Commission's draft Article 6 guidelines turn a small AI Act exception into a documentation job for SME providers.

Brief № 033 Strategy

AI agent logs: who should EU SMEs choose?

Agentic AI turns logging into a buying decision: platform traces, gateway records, security review or workflow implementation.

Brief № 029 Strategy

Health AI now needs evidence, not pilots

The Commission's June 2026 health AI survey is a warning for SMEs: adoption now depends on evidence, data access and workflow proof.

Brief № 026 Strategy

AI agents need an SME job description

The OECD's 2026 SME AI survey shows why agents need a bounded task, not a vague autonomy mandate.

Brief № 025 Strategy

Quantum security is now a procurement issue

The EuroQCI consultation closes on 24 June. SMEs do not need quantum kit yet, but they do need crypto migration evidence.

Brief № 024 Strategy

EU open source strategy: the SME test

The EU's June 2026 open source strategy gives SMEs a practical procurement test: less lock-in only matters when the software can be run.

Brief № 021 Market

EUROPA is a model promise, not an SME plan

The EU chose EUROPA to build a 24-language open frontier AI model. SMEs should treat it as a signal, not procurement certainty.

Brief № 020 Regulation

The AI Act calendar is now evidence work

The Commission's 2026 guidance queue gives SMEs a practical AI Act task: document systems before legal deadlines become procurement pressure.

Brief № 013 Strategy

CADA for EU SMEs: cloud, hyperscaler or build partner?

The EU's Cloud and AI Development Act turns sovereignty into a buying question. SMEs need to compare European clouds, hyperscalers, AI factories and build partners.

Brief № 009 Regulation

AI Act enforcement is no longer theoretical

The Commission's new Scientific Panel and Advisory Forum do not create new SME duties, but they make AI Act interpretation and surveillance more concrete.

Brief № 007 Market intelligence

EU AI buying is becoming an audit-trail problem

For European SMEs, the next AI bottleneck is not model access. It is procurement discipline, evidence, and operating accountability.

Brief № 004 Regulation

EU AI Act for SMEs: the August 2026 cliff edge

Most EU AI Act obligations enter application on 2 August 2026. What EU SMEs must do, what waits till 2027, and what most can ignore.

Coverage

Four beats. One desk.

Regulation

The EU AI Act, read line by line.

Articles 4, 6, 50 and Annex III in plain English, with EUR-Lex references. What applies on 2 August 2026, what waits until 2027, what most small businesses can safely ignore.

Market

Cost benchmarks in euros.

Project costs compared across Belgium, the Netherlands, Germany, France, Ireland and the Nordics. SME-relevant budget ranges, not enterprise quotes.

Advisors

Honest reviews of advisors.

London, Dublin, Amsterdam, Berlin, Paris boutiques and the pan-European mid-market. Same criteria for everyone, including this site's publisher.

Strategy

Post-mortems of failed frameworks.

Which 2024–2025 'AI Transformation Roadmaps' have quietly been retired, what killed them, and what replaced them in 2026.

Source methodology

How we cite, in four tiers.

  1. 01 · Primary

    Regulations, treaties, court rulings, official journals. EUR-Lex by article.

  2. 02 · Official

    EU institutions, national authorities, statistical bodies, regulators.

  3. 03 · Secondary

    Firms' own pages and case studies. Used to describe firms, never as proof of figures.

  4. 04 · Data

    Datasets and indicators (DESI, CEDEFOP, Eurostat) with dated lookup.

Every briefing lists its sources, dated by the day of lookup, with the tier shown in the margin. See an example 

Stay in the loop

Now and then, a concrete take on internal tools and practical AI for SMEs. No spam.