Several Cats Later

Notes from a life both ordinary and oddly shaped

Beyond the AI Act: How Small Businesses Can Ethically Use Generative AI Without Losing Their Minds (or Their Data)

Keith

There’s a line in the EU AI Act that feels like it was written for tech consultants everywhere: “The use of AI should be human-centric.” Noble. Vague. Instantly weaponised by anyone with a pitch deck and an OpenAI API key.

For small businesses in Europe—or those who work with them—the question isn’t just can we use generative AI? It’s howwhen, and what won’t get us sued or morally compromised in six months.

Here’s a framework for approaching generative AI in SMEs that doesn’t start with “disrupt” and end with “regret.”

1. First, the Compliance Stuff (So You Can’t Say You Weren’t Warned)

If you’re an SME in the EU, the AI Act doesn’t necessarily hit you like a freight train—yet. But it is pulling into the station. High-risk systems (think recruitment algorithms or credit scoring) have stricter rules. Generative AI, if it’s general purpose and large-scale (like GPT-4), falls under a newer “transparency obligation.”

What does that mean for you? If you’re just using AI to brainstorm newsletter subject lines or summarize meeting notes, the compliance burden is light—for now. But if you’re building products or services on top of foundation models, especially in regulated sectors, you’ll want legal counsel that reads more than LinkedIn threads.

2. Use Cases That Don’t Make Me Want to Throw a Laptop

There are some dead-obvious, ethically boring ways SMEs can use generative AI:

  • Drafting internal documentation
  • Tidying up customer emails
  • Brainstorming product names (and then discarding 99% of them)
  • Translating content—lightly, not for legal docs
  • Creating mockups or placeholder copy during dev

These aren’t revolutionary. They’re useful. Which is honestly a win.

Where it starts to smell is when people get lazy. Generative AI can generate words, but it can’t know your values, your regulatory obligations, or your tone. If it’s writing your client reports, you’re not saving time—you’re outsourcing responsibility.

3. Things You Probably Shouldn’t Do Unless You Like Risk

  • Feeding it sensitive internal data
    Even if the provider says it won’t use your data for training, read the fine print. And then forward it to your Data Protection Officer.
  • Letting it write contracts or policies
    Unless you have a lawyer or solicitor with a strong stomach and lots of red pens.
  • Building customer-facing features without human review
    Mistakes made by AI are still your mistakes, especially if you never checked the output.
  • Using anything trained on questionable datasets
    If the AI you use was trained on copyrighted, scraped, or unethically sourced data, and it spits out something derivative, guess who’s liable? (Spoiler: not the model provider.)

4. OK, So What Can I Use That Isn’t a Privacy Dumpster Fire?

You want models that are:

  • Transparent about training data
  • Hosted in the EU or allow data residency controls
  • Clear about data retention and usage policies
  • Preferably open source or at least auditable

A few names making waves: Mistral, Aleph Alpha, and open-weight LLMs you can self-host (if you have the chops). If not, find a vendor who’s boring in the best way: boring privacy policy, boring uptime, boring billing.

And for the love of ethics, don’t just copy what the biggest firms are doing. They can afford the lawsuits and have PR departments to manage the reputational harm.

5. Saying “No” Is Still a Business Strategy

Here’s the part they don’t tell you in all those “AI for Business” webinars: Sometimes, the smartest move is not to implement the damn thing at all.

That client who wants you to add a “smart assistant” to their app, but doesn’t want to budget for security review?
Say no.

That internal proposal to auto-respond to all customer support tickets using ChatGPT?
Say no.

That investor who asks, “What’s our AI play?” like it’s 2021 and you’re in a WeWork with a kombucha tap?
Say no, and then send them the EU AI Act summary. Annotated.

In Summary: Be Boring, Be Legal, Be Ethical

The hype train is loud. The laws are catching up. But small businesses still have an edge: agility, integrity, and a lower risk appetite.

Use generative AI where it saves time. Avoid it where it replaces judgment. And if in doubt, consult someone who reads the footnotes.

Someone like you, maybe.

As always, be excellent to each other.

Tags:

, , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Categories

Recent Posts

Tags

Brammo Buell Conflict Drone Electric EV Gnome Google Honda Ireland law linux Mac macOS Motorcycle NC700 Obama personal Political Violence Politics review Terrorism Tiger Touring Travel Triumph UAV Ubuntu USA War