In 2023 the CMA published its position on algorithmic pricing: AI pricing systems are subject to competition law in exactly the same way as any other pricing decision. If your tool coordinates prices with competitors — even without instruction — you have a competition law problem.
In 2023, the Competition and Markets Authority published its position on algorithmic pricing: AI-driven pricing systems are subject to competition law in exactly the same way as any other pricing decision. If your AI pricing tool coordinates prices with competitors — even without any human instruction to do so — you have a competition law problem.
The UK’s AI Regulation proposals and the Digital Markets, Competition and Consumers Act 2024 are both shaping a regulatory environment in which AI-powered retail operations face increasing scrutiny. The CMA has enforcement powers and has demonstrated willingness to use them.
The retailers building governance now are positioning themselves ahead of that scrutiny. The ones who are not are building exposure.
Pricing algorithms that adjust in real time based on demand, competitor pricing, and customer data create competition law exposure if they inadvertently coordinate with competitors, consumer protection exposure if they produce unfair commercial practices, and GDPR exposure if personalised pricing is based on personal data processing without adequate legal basis.
Supply chain AI that gets it wrong does not just create a stock problem — in certain categories, it creates a consumer contract problem. Advertising products your AI told you would be available, then cancelling orders because the forecasting was wrong, has consumer rights implications under the Consumer Rights Act 2015.
Personalisation engines are among the most data-intensive AI systems in retail. Lawful basis for processing, transparency obligations in privacy notices, and the right to opt out of profiling are GDPR requirements that apply to every personalisation system. Many retailers’ privacy notices do not accurately describe what is actually happening with customer data.
AI fraud detection systems that incorrectly flag legitimate customers — particularly where the flagging correlates with protected characteristics — create both commercial and Equality Act risks. Declined transactions and blocked accounts have real consequences for affected customers.
CMA algorithmic pricing guidance and competition law. DMCC Act 2024 and its AI provisions. ICO enforcement in retail data. Consumer protection law and AI-generated content.
We map your pricing and inventory AI tools against competition law and consumer protection obligations. Specific focus on dynamic pricing logic, personalised pricing practices, and demand forecasting dependencies.
Lawful basis for AI personalisation and profiling. Privacy notice accuracy for AI-driven operations. Customer rights in an AI context — opt-out mechanisms, subject access requests, right to explanation. Consent architecture for marketing AI.
Standards for AI customer service tools — when AI must escalate to human. Product description accuracy obligations. Review management compliance. Fraud detection AI — false positive analysis and protected characteristic bias testing.
AI use policy for retail operations. Customer-facing transparency about AI use. Staff training approach for teams using AI tools in commercial decisions.
| Use case | Efficiency gain | Primary risk |
|---|---|---|
| Dynamic pricing | Revenue optimisation | Competition law, consumer protection |
| Personalised product recommendations | Conversion, basket size | GDPR profiling, filter bias |
| Demand forecasting and inventory AI | Stock efficiency | Availability misrepresentation |
| AI customer service (chatbots) | Cost efficiency | Consumer rights accuracy |
| Fraud detection AI | Loss prevention | False positives, Equality Act |
| AI product descriptions | Content at scale | Misdescription, consumer law |
We assess where you stand against your sector’s regulatory floor and identify your highest-priority governance gaps.
One hour with leadership. Sector-specific regulatory framework, immediate priority actions, the language to take this to the wider team.
Half or full day. Full risk mapping for your sector, governance protocols, AI use policy draft, and 30 days advisory access. The flagship engagement.
Multi-site, network, and group pricing available on request.
Industry-wide practice does not create a safe harbour from competition law or consumer protection obligations. The CMA’s enforcement approach on digital markets has been to focus on systemic practices. If dynamic pricing tools across a sector are producing coordinated price outcomes — even without explicit collusion — enforcement action can affect multiple players simultaneously. “Everyone does it” is not a regulatory defence.
Your platform provider is a data processor acting on your instructions. You are the data controller. GDPR responsibility for the lawfulness of processing, the accuracy of your privacy notice, and the rights of your customers sits with you. Your platform provider’s DPA covers their processing on your behalf. It does not transfer your controller obligations to them.
Increasingly yes. In-store AI includes footfall analytics cameras with AI processing, AI-powered EPOS systems, smart fitting rooms, and loyalty programme AI. These systems often process personal data without adequate notice to customers in-store — the ICO has specific guidance on surveillance technologies and AI analytics.
Tell us about your AI-driven operations and we’ll give you an honest read on where your regulatory exposure sits. No sales pressure. If your governance is sound, we’ll tell you.