AI Governance Lawyer London | EU AI Act Compliance | RMOK Legal
AI Governance and Compliance

AI is not the risk.
AI without oversight is.

Practical, board-ready AI legal advice for UK businesses.

RMOK Legal advises businesses across the UK and internationally on AI governance, EU AI Act compliance and AI contract law. Every engagement is led by an SCL-accredited IT lawyer who sits on the SCL AI Committee. SRA-regulated. City of London.

20+
Years in commercial and technology law
SCL
Accredited IT Lawyer and AI Committee member
£2bn+
Annual contract value managed across 40+ industries
Dec 2027
EU AI Act full enforcement deadline
Enforcement deadline EU AI Act fines reach €35m or 7% of global turnover. Full enforcement begins December 2027. Most businesses are not ready. Book a scoping call →

RMOK Legal advises businesses across the UK and internationally on AI governance, EU AI Act compliance, AI contract law and the intersection of AI with data protection regulation. The firm is led by Rory O'Keeffe, a solicitor regulated by the Solicitors Regulation Authority, SCL-accredited IT lawyer, AI Committee member of the Society for Computers and Law, and author of AI Advantage (2025). Every engagement is delivered at partner level with a defined scope and a fixed fee confirmed before work begins.

Who this service is for

AI governance is not a single engagement. The right scope depends on whether you are building AI, deploying it, procuring it, or being asked by customers and regulators to account for how you use it.

Technology and SaaS companies

Businesses developing AI products

If you are building an AI-powered product or embedding AI into an existing platform, you face obligations as a provider under the EU AI Act. Technical documentation, conformity assessments, transparency obligations and AI-specific contractual protections in your customer agreements.

AI Governance Advisory
AI deployers and procurers

Businesses using AI from third-party vendors

If your business uses AI for hiring, credit assessment, fraud detection, customer service or internal workflow, you face obligations as a deployer. You need to understand how the AI is classified, what your vendor's obligations are, and what you need in place contractually and operationally.

AI Governance Advisory
Boards and C-suite

Senior leadership teams that need AI risk explained clearly

Your board has been asked about AI risk. You need a briefing that translates regulatory complexity into commercial language, covers your exposure, and provides actions. Not a 50-page report. A one-hour session with slides and a written summary your board can act on.

Board Briefing, from £500 +VAT
In-house legal and compliance

GCs and compliance leads who need a specialist AI law partner

Your team is handling AI queries from the business but AI governance sits outside your current expertise. You need specialist support that integrates with your existing function, not an external firm generating a separate workstream.

Fractional GC with AI specialism

What we advise on

01

EU AI Act compliance

Risk classification of AI use cases, gap analysis against Act requirements, technical documentation, and practical compliance roadmaps calibrated to enforcement deadlines.

02

AI governance framework design

Policies, procedures, oversight mechanisms and accountability structures that satisfy regulatory expectations and give the board confidence in how AI is being used.

03

AI contract drafting and review

Training data ownership, model output rights, liability for AI hallucinations, audit rights, data protection obligations, and compliance warranties tied to applicable regulation.

04

AI procurement advice

Pre-procurement due diligence and vendor agreement review: system classification, provider obligations, and what you need to secure contractually as a deployer.

05

Data protection and AI

Data minimisation in training datasets, legitimate basis for AI-driven decision-making, automated decision-making restrictions, and the UK GDPR and EU AI Act intersection.

06

Regulatory landscape advisory

DORA, NIS2, the Digital Markets Act, the Digital Services Act, and UK sector-specific AI guidance from the ICO, FCA, CMA and Ofcom.

How an AI governance engagement works

Four steps from first contact to a governance framework your board can stand behind. Every engagement has a fixed fee confirmed before work begins.

01

Discovery call

30 minutes, no charge. We review your AI landscape, your regulatory exposure, and your priorities. If RMOK Legal is not the right fit, we will tell you. If a different engagement model would serve you better, we will point you there.

02

Written scope and fixed fee confirmed

You receive a written scope document before any work begins. It sets out exactly what you receive, what is excluded, and what happens if additional work is needed. The fee is fixed. You sign off before we start. No hourly rates and no retrospective charges.

03

Engagement delivered

Every engagement is led personally by Rory O'Keeffe. Work is delivered via shared document exchange and advisory calls within the agreed timeline. Where additional specialist capacity is required, RMOK Legal draws on a vetted network of senior lawyers. You always know who is working on your matter.

04

Action plan and clear next steps

Every engagement closes with a written action plan: prioritised steps, named owners, and deadlines you can hold people to. For businesses with ongoing AI regulatory obligations, the monthly advisory retainer is available as a natural continuation.

AI governance engagement options

Every engagement is led by Rory O'Keeffe, SCL-accredited IT lawyer, SCL AI Committee member, author of AI Advantage (2025), and former Director of Legal at Accenture. Fixed fee. Defined scope. No hourly billing.

from £500

Board or Investor Briefing

One-hour presentation to your board, investors or audit committee on AI legal risk and EU AI Act obligations. Slides and written briefing included.

Book a discovery call
from £750/mo

Ongoing Regulatory Monitoring

Monthly written briefing on AI and digital regulatory developments relevant to your business. One 30-minute advisory call per month. Minimum 3 months.

Book a discovery call
from £750

Bespoke Legal Advice

A defined, finite piece of advisory work scoped to a specific AI governance or compliance question. Written advice with clear conclusions and recommended next steps.

Book a discovery call

Trusted by businesses navigating AI with confidence

"Rory O'Keeffe goes the extra mile and is always focused and pragmatic."
Legal 500 UK, Information Technology 2023
"A safe pair of hands on our most complex commercial deals."
Fortune 500 Technology Client

Why RMOK Legal for AI governance

AI governance is a specialism, not a bolt-on.

Most law firms offer AI advice as an extension of their technology or data protection practice. At RMOK Legal, AI governance is a core specialism. Rory O'Keeffe is an SCL-accredited IT lawyer, AI Committee member of the Society for Computers and Law, and author of AI Advantage (2025). He speaks at the SCL Data Conference, the Eyes-Off Data Summit and the AI Law Summit. AI governance is a defined area of expertise built over years, not a service added to a generalist practice because the market moved.

Practical, not theoretical.

Governance frameworks come with named owners and deadlines. Compliance action plans are prioritised by risk and mapped to enforcement dates. Board briefings are in commercial language, not regulatory jargon. Advice they can act on, not lengthy opinions that stop short of telling you what to do.

Commercial law depth underneath the AI specialism.

AI governance does not exist in isolation from your commercial contracts. RMOK Legal has closed over 150 major commercial transactions and managed over £2bn in annual contract value. The AI advisory is grounded in real-world contracting experience, not just regulatory theory.

Both sides of the table.

Rory has sat on both sides: as Partner at Matheson advising international clients on complex transactions, and as Director of Legal at Accenture managing £2bn+ in annual contract value. That breadth shapes advice that is commercially grounded and practically deliverable.

SRA-regulated with professional indemnity cover.

Rory O'Keeffe is a solicitor regulated by the Solicitors Regulation Authority. For enterprise customers, investors and acquirers asking questions about your legal arrangements, the regulatory distinction matters.

Common questions about AI governance

An AI governance lawyer advises businesses on the legal implications of developing, deploying or procuring AI systems. This includes drafting and reviewing AI contracts, advising on compliance with the EU AI Act and UK regulatory frameworks, managing IP and data rights in AI systems, and helping businesses implement governance frameworks with oversight mechanisms, accountability structures and incident response protocols.
If your business develops, deploys or uses AI systems that affect individuals in the European Union, the EU AI Act is likely to apply regardless of where you are based. The most significant obligations come into force in December 2027. Fines for non-compliance with high-risk system requirements can reach €35 million or 7% of global annual turnover.
High-risk AI systems include those used in employment and recruitment, credit scoring, access to essential services, law enforcement, migration and border management, and the administration of justice. If your business uses AI for hiring decisions, performance assessment, credit risk or fraud detection, you are likely deploying a high-risk system and face the Act's most demanding compliance requirements.
Key provisions include: ownership and licensing of training data and model outputs, liability and indemnity for AI hallucinations, errors and discriminatory outputs, data protection obligations under UK GDPR and the EU AI Act, audit rights over AI systems, IP assignment and confidentiality, accuracy and robustness warranties, compliance obligations tied to applicable regulation, and change management provisions covering model updates and version changes.
An AI governance framework is the combination of policies, procedures, oversight mechanisms and accountability structures a business puts in place to govern how AI is developed, deployed and used. A well-designed framework satisfies regulatory expectations, gives the board confidence in how AI risk is being managed, and creates an audit trail demonstrating responsible AI use.
Every engagement is scoped and priced individually based on your AI landscape, your regulatory exposure, and the deliverables you need. The fee is confirmed in writing before work begins. There are no hourly rates and no scope creep invoices. Board briefings start from £500 +VAT. Bespoke advisory on a single question starts from £750 +VAT. Full governance engagements are scoped at discovery. Book a free 30-minute call and we will give you a clear indication of cost before any commitment.
Three things. First, AI governance is a core specialism with SCL accreditation, AI Committee membership and a published book on AI risk, not a practice area added to a generalist menu. Second, every engagement is led personally by Rory O'Keeffe, not delegated to a team. Third, every engagement has a written scope and fixed fee confirmed before work begins.
Because AI governance requires a specialist. Most law firms offer AI advice as an extension of their technology or data protection team. RMOK Legal's AI governance practice is led by an SCL-accredited IT lawyer with formal committee membership, published research, and a speaking record at leading industry events. Your existing firm handles your day-to-day legal needs. RMOK Legal handles the AI-specific work that requires genuine specialism. Many clients use both.
Yes. The Bespoke Legal Advice option is designed for a defined, finite piece of advisory work from £750 +VAT. If you need a full AI contract review with redline and risk commentary, the Deal Support model on our contract review page covers that. View contract review options
Yes. The fractional GC Growth Retainer includes AI governance and regulatory compliance advisory as part of the monthly scope. For businesses that need ongoing AI legal support alongside broader commercial legal coverage, the retainer is typically the most effective model. View fractional GC engagement models

AI governance advice that is practical, commercial and board-ready.

Book a free 30-minute discovery call with Rory O'Keeffe. No obligation, no pitch. A direct conversation about your AI landscape, your regulatory exposure, and what you need.

Book a discovery call

RMOK Legal

60 Cannon Street, City of London, EC4N 6NP

SRA Authorised · Registration No. 8008227 · Regulated by the Solicitors Regulation Authority

RMOK Legal holds professional indemnity insurance as required by the SRA. The information on this page is for general guidance only and does not constitute legal advice.

Reviewed by Rory O'Keeffe, SRA-regulated solicitor (No. 8008227), SCL-accredited IT lawyer (June 2026).