An AI Roadmap
Your SME Can Launch
You've read the headlines. You've been told to "have an AI strategy". You've watched competitors run pilots that quietly disappeared. We give SMEs a written plan with named use cases ranked by payback, and we build the first one with you so the roadmap actually leaves the slide deck.
95%
NO MEASURABLE P&L IMPACT
35%
OF UK SMES ALREADY USING AI
Days
TO FIRST USE CASE LIVE
Most SME "AI strategies" are a slide deck nobody opens twice.
A consultant runs a half-day workshop. The team votes on twenty possible use cases. A document arrives. Nothing happens. Six months later the same conversation starts up again, with a slightly different consultant.
MIT's Project NANDA reported 95% of organisations in its GenAI study saw no measurable P&L return. RAND cited estimates of 80%+ of AI projects failing. Gartner expects at least 30% of GenAI projects to be abandoned after proof of concept by the end of 2025.
A roadmap that doesn't get built is just a feeling. We do the plan and the first build, so the rest of the plan has something to plug into.
A TYPICAL "AI STRATEGY"
- A workshop with twenty post-it ideas
- A maturity score nobody contests
- Use cases nobody owns or sizes
- "Build a data lake first" homework
- No mention of the ICO or the AI Act
- No one building it on Monday
WHAT YOU NEED INSTEAD
- Two or three named use cases
- Each one ranked by payback in £
- An owner, a cost, a date
- The first one built in days, not quarters
- ICO, NCSC and AI Act baked in
- A written plan for the next twelve months
An SME roadmap has five parts. Same every time.
Enterprise AI maturity models work fine as theory. As a Monday-morning plan, less so. We've stripped the work down to the bits that move the needle for a 10 to 249-person business.
Where you actually are
Who uses what, on which accounts, with which data. Most SMEs find unsanctioned ChatGPT habits before they find a strategy.
Where it pays
Use cases sized in hours saved or revenue freed up, not "transformation". Two or three winners, the rest binned or parked.
What you build first
One use case picked, scoped and live. Real users, real data, a real number against the spend at the end of it.
How you keep it safe
ICO data protection, NCSC secure AI guidelines, EU AI Act dates if you sell into the EU, ISO/IEC 42001 if a buyer asks. Written into the plan, not bolted on after.
How it compounds
Each use case feeds the next: shared data, shared evals, shared playbook. You stop running every AI project from scratch.
Where we come in.
An audit, a ranked plan, the first build. Then you decide whether you carry on with us, with your own team, or with no one.
No twelve-month consulting engagement. Fixed phases, fixed prices, working software at the end. You can stop after any phase and keep what we've delivered.
BOOK A ROADMAP CALLAudit
We talk to your leadership, sit with two or three teams, read the tools they actually use, and look at the data behind them. You get a written report: what's running today (sanctioned and not), where the risk is, and where the hours are hiding.
Ranked plan in plain English
Two or three named use cases. For each: who it helps, how much it saves, what it costs to build, who owns it, and how it changes the job for the team doing it now. The ones that don't pay back get killed on the page, not in a steering committee a year later.
Build the first one
The top use case, live. Real users, real data, real measurement on the way in and out. Built on the AI stack we use across our agency work, with proper logging, evals and a safety gate. Your IP, your hosting if you want it.
Hand over a roadmap that keeps going
A twelve-month plan with dated milestones, a written AI usage policy your team can actually follow, and a short list of what's safe to do in ChatGPT and what isn't. Optional retainer if you'd like us building the next use case alongside you.
The state of UK SME AI, in three figures.
UK adoption is high enough that ignoring it is a choice. The returns still depend on picking a workflow, owning it, and measuring it.
35% of UK SMEs already use AI.
The British Chambers of Commerce and Intuit QuickBooks put active SME AI use at 35% in September 2025, up from 25% a year earlier. In the same research, 11% of responding firms used technology to a great extent to automate or streamline operations.
95% of GenAI pilots had no measurable P&L impact.
MIT's Project NANDA studied generative AI rollouts inside organisations and found 95% delivered no measurable P&L impact. The report says the gap is driven less by model quality than by whether the tool is embedded in the workflow.
50 recommendations across three sections.
Matt Clifford's AI Opportunities Action Plan, published in January 2025 as CP 1241, set out fifty recommendations across three sections: lay the foundations, change lives, and secure the future. The government response agreed or partly agreed most of them, including a recommendation to drive AI adoption across the country with a focus on SMEs.
Sources: British Chambers of Commerce / Intuit QuickBooks, The Turning Point for SMEs, Sept 2025. MIT Project NANDA, The GenAI Divide, 2025. HM Government, AI Opportunities Action Plan (CP 1241), 13 Jan 2025, and government response (CP 1242). RAND Corporation, AI project failure research, 2024. Gartner, GenAI abandonment forecast, July 2024.
The bits your accountant will ask about.
"Pro-innovation" doesn't mean unregulated. The ICO has the data-protection side, the NCSC has the security side, the EU AI Act can catch UK businesses operating in or serving the EU, and ISO/IEC 42001 gives buyers a recognised AI management-system standard.
Data protection on AI
The Information Commissioner's Office has guidance on AI and data protection, plus the AI and Biometrics Strategy published on 5 June 2025. The Data (Use and Access) Act 2025 updated the rules around automated decisions. If your AI touches customer data, this is what applies.
Secure AI development
The National Cyber Security Centre's Guidelines for Secure AI System Development, written with the US CISA and twenty-one other agencies, covers secure design, development, deployment, operation and maintenance. A practical checklist for "is this thing safe to put in front of customers".
If you sell into Europe
Prohibited-practice rules and AI literacy duties have applied since 2 February 2025. Provider duties for general-purpose AI models applied from 2 August 2025. Most remaining obligations apply from 2 August 2026, with some high-risk obligations for regulated products from 2 August 2027. UK companies can be in scope when an AI system is placed on the EU market, used in the EU, or affects people in the EU.
The new AI standard
Published in December 2023, ISO calls it the world's first AI management system standard. Think ISO 27001, but for AI governance and lifecycle. We make sure your plan doesn't get in the way of getting there later.
The ones we get asked first.
We're too small for "an AI strategy".
You're not. You probably already have one, you just haven't written it down. Some of your team may be pasting customer data into ChatGPT and others may be wondering whether it'll cost them their job. A short audit and a one-page plan is the smallest version of having a strategy, and it stops both of those problems.
Should we wait until it's settled down?
No. The models keep changing, the rules keep arriving (EU AI Act obligations in 2026, ISO/IEC 42001 already published, ICO strategy published June 2025), and the customers and competitors aren't waiting. The trick is to pick use cases that pay back inside a quarter, so a model swap doesn't bin your investment.
Isn't ChatGPT enough?
For drafting emails and tidying up a CV, yes. For anything that touches customer records, integrates with your systems, or needs to give the same answer twice, no. ChatGPT is a tool. A roadmap tells you which jobs it's safe for, which ones need something purpose-built, and where the line is.
Don't we need to "get our data right" first?
That's the line every consultancy uses to sell a three-year data programme. You don't need a data lake. You need the right slice of your data in the right place for the first use case. We build that, deliver the use case, and the cleaned data is a free by-product. The rest gets done when the next use case needs it.
What about the EU AI Act and the ICO?
Written into the roadmap from day one, not bolted on at the end. The ICO's AI and Data Protection Risk Toolkit gives the playbook for the data side. The NCSC's secure AI guidelines cover the engineering side. If you sell into the EU, we map your use cases against the AI Act and tell you which ones are prohibited, which are high-risk, and which sit outside the parts that matter to you.
How much does it cost?
The audit and ranked plan is fixed-fee. The first build is priced against the chosen use case, scoped per phase. We tell you the number before we touch a line of code, and you can stop after the audit without doing the build.
What do you need from us?
A sponsor at the leadership table, three or four hours of time from two or three team leads, read access to whatever systems your use cases would touch. That's it. We don't need a data team or an AI champion. You can hand it to us non-technical and we translate.
Is there UK government funding for this?
Sometimes. Manufacturers can usually get Made Smarter Adoption support, which now lists all nine English regions. Help to Grow: Management is a good general programme. Help to Grow: Digital closed in February 2023. We'll point you at what's open in your sector, but we don't pretend the funding picture is tidy.
Want a roadmap that gets built, not filed?
Tell us what your SME does. We'll spend thirty minutes on the phone, and you'll have a clear answer on which use cases to start with and what they're likely to pay back. No slides, no maturity quiz.