AI Compliance · AI Automation · UK-Based

Your business is already using AI.
Is it compliant?
Is it working hard enough?

Rojaf helps UK businesses get ahead of AI regulation and automate the work that's costing them hours every week.

We're a specialist practice combining AI compliance advisory, employment law expertise, policy knowledge, and technical engineering — built for businesses that can't afford enterprise pricing or enterprise complexity.

Aug '26
EU AI Act high-risk enforcement deadline
£495+
AI Safety Workshops from
4×
Typical admin time reduction
2wks
Average build to live for automation
EU AI Act Compliance Recruitment AI Governance Medical AI Risk Assessment Financial Services AI Policy Workflow Automation WhatsApp AI Agents Care Home Automation Trades Business Systems AI Safety Workshops EU AI Act Compliance Recruitment AI Governance Medical AI Risk Assessment Financial Services AI Policy Workflow Automation WhatsApp AI Agents Care Home Automation Trades Business Systems AI Safety Workshops
What Rojaf Does

Two practices. One team. No jargon.

Most AI agencies either build tools without thinking about risk, or consult on compliance without knowing how to build anything. We do both — which means the advice is practical and the builds are compliant from day one.

We're a small, senior team based in Wiltshire. We work with businesses across the UK that are either exposed to incoming AI regulation, drowning in admin that AI could handle, or both. We don't sell retainers you don't need. We start small, prove value, and grow from there.

If you've received an email from us, it's because we think we can make a specific, measurable difference to your business. This page explains how.

⚖️
AI Compliance Practice
We help regulated businesses understand their obligations under the EU AI Act and UK frameworks — and put the policies, documentation, and oversight processes in place to meet them. Recruitment, medical, financial.
AI Automation Practice
We build AI agent workflows that replace the manual, repetitive admin that costs your team hours every week. Built on top of your existing tools — no new software required. Trades, care homes, small businesses.
🤝
Built for SMEs, priced for SMEs
Enterprise AI governance platforms start at £20,000 a year and are built for global corporations. We built our practice specifically for the businesses they ignore — and priced it accordingly.
Who We Help

We focus on six sectors where the need is urgent and the ROI is clear.

We don't try to serve everyone. Deep sector knowledge means faster results and better advice — we're not learning your industry at your expense.

📋
Compliance
Recruitment Agencies
If you use AI to screen CVs, rank candidates, or automate any part of your hiring process, you likely have high-risk obligations under the EU AI Act — even if you didn't build the tool yourself. Client due diligence requests are already happening.
  • EU AI Act high-risk classification applies to most AI hiring tools
  • Candidate transparency and explainability requirements
  • Bias audits and human oversight documentation
  • Supplier due diligence for third-party AI platforms
🏥
Compliance
Medical & Aesthetic Clinics
Clinics using AI in diagnostics, patient triage, or consultation support face overlapping obligations from the MHRA, CQC, and EU AI Act. We help you understand what applies, what to document, and what to do when a patient or insurer asks.
  • AI diagnostic tool risk classification
  • Clinical AI governance policy drafting
  • Patient consent and transparency frameworks
  • CQC-aligned incident logging and oversight processes
💼
Compliance
Financial Services
Credit scoring, fraud detection, and AI-driven customer services fall under both the EU AI Act and FCA model risk management expectations. We bridge the two frameworks so you're not building two separate compliance programmes.
  • FCA Consumer Duty alignment for AI-driven products
  • Model risk registers and algorithmic decision documentation
  • Third-party AI vendor governance
  • Staff training and accountability mapping
🔧
Automation
Electrical, Plumbing & M&E Contractors
Trades businesses run lean. The admin that comes with running a team — timesheets, job enquiries, quotes, materials, scheduling — often falls on one person. We automate it so it doesn't.
  • WhatsApp timesheet capture with automated reminders
  • Job enquiry intake and Google Sheets logging
  • Quote follow-up sequences via SMS or email
  • Completion sign-off and photo workflows
🏠
Automation
Independent Care Homes
Registered managers in single-site care homes carry an extraordinary admin burden alongside their operational responsibilities. We build lightweight automation that slots around your existing systems and gives senior staff their time back.
  • Family enquiry handling and tour booking
  • Rota gap alerts and shift fill reminders
  • CQC document-gathering workflows
  • Medication review prompts and logging support
📦
Automation
Small Businesses & Civil Engineering
From artisan FMCG brands scaling into retail to groundwork subcontractors running multiple concurrent sites — we build mobile-first automation that works in the real world, not just in a conference room.
  • Daily site diary capture via WhatsApp
  • Inbound lead capture and CRM entry
  • Retail buyer outreach sequences
  • Order, dispatch and customer update flows
AI Compliance

The regulation is here. Most businesses aren't ready.

The EU AI Act came into force in August 2024. The obligations for high-risk AI systems — which include most AI tools used in hiring, credit, and healthcare — must be met by August 2026. That is not far away, and retrofitting compliance is significantly harder than building it in now.

For UK businesses, the picture is complicated by post-Brexit regulatory divergence. You may have EU obligations you're not aware of, and UK frameworks — including FCA guidance and emerging ICO expectations — are evolving in parallel.

We offer three levels of engagement depending on where you are. Many clients start with a Safety Workshop, discover what they actually need, and move into an Assessment. Others come to us already behind and need to move fast.

Key enforcement deadline
August 2026
High-risk AI system obligations under EU AI Act Articles 9–15. Penalties up to €30m or 6% of global turnover for non-compliance.
Our compliance practice covers businesses in these regulated sectors:
Recruitment Medical Clinics Aesthetic Medicine Financial Advice Consumer Credit Insurance HR & People Tech
Three ways to engage
01
AI Safety Workshop
A structured half-day session for you and your leadership team. We map every AI tool in your business, classify each one against the EU AI Act risk tiers, identify your most urgent obligations, and give you a clear, prioritised action plan — in plain English, in writing, the same day. Ideal if you're not sure where you stand and want an expert view before committing to anything larger.
From £495Half dayRemote or on-siteWritten report included
02
AI Compliance Assessment
A full structured audit of your AI systems, data practices, and governance processes. We review your tools against the specific obligations that apply to your sector, produce a risk-rated findings report, and deliver a package of policy templates, data flow documentation, and a remediation roadmap you can act on immediately. Designed to withstand client due diligence requests, regulatory examination, or insurance underwriting queries.
From £1,5002–3 weeksFull written reportPolicy templates included
03
AI Governance Retainer
AI regulation is not a one-time event. Between now and 2028, the EU AI Act, UK AI frameworks, FCA guidance, and sector-specific rules will all continue to evolve. Our retainer gives you ongoing access to your dedicated advisor for policy updates, quarterly governance reviews, new tool assessments, staff training, and incident support — so you stay ahead rather than catching up.
From £300/monthRolling contractQuarterly reviewsCancel anytime
AI Automation

The admin eating your team's time — automated.

We build AI agent workflows on top of your existing tools. No new software subscriptions, no long IT projects, no disruption to how you work. Most builds are live within two weeks, and we define the expected ROI before you commit.

Electrical & M&E Contractors
Timesheet & Job Management
18hrs
Saved per month
3×
Faster quote to job
Engineers message their hours via WhatsApp. Our workflow captures, parses, validates and logs them automatically — with reminders for non-responders and a clean summary for your accounts team. Zero Friday afternoon data entry.
  • WhatsApp timesheet capture with AI parsing
  • Automated non-responder reminders
  • Job enquiry intake to Google Sheets
  • Quote follow-up sequences
  • Completion photo and sign-off workflow
Independent Care Homes
Operations & CQC Readiness
15hrs
Freed per week
3×
Faster CQC prep
Registered managers shouldn't spend their evenings sending rota reminders and chasing documents. We build the admin layer that handles it — connecting your email, WhatsApp, and existing care management tools without replacing any of them.
  • Family enquiry handling and tour booking
  • Rota gap detection and bank staff alerts
  • CQC document-gathering workflows
  • Medication review reminders and logging
  • Resident family update digests
Civil & Groundwork Contractors
Site Reporting & Subcontractor Admin
6hrs
Saved on reports weekly
0%
Paper timesheets
Site-based teams can't use laptops on the job. We build WhatsApp-first automation that captures daily diary entries, plant usage, headcount, and variation requests via simple messages — and converts them into structured reports automatically.
  • Daily site diary via WhatsApp
  • Plant and labour allocation logging
  • Variation order alerts and approvals
  • Weekly progress report generation
  • Subcontractor payment run reminders
Recruitment Agencies
Candidate & Client Workflow
70%
Less manual data entry
2×
More placements, same headcount
From CV parsing and candidate intake through to interview scheduling, reference requests, and compliance documentation — we automate the workflow so your consultants spend time on relationships, not administration.
  • Inbound CV parsing and CRM entry
  • Automated candidate screening questions
  • Interview scheduling via email
  • Reference request and chase sequences
  • Placement documentation generation
Medical & Aesthetic Clinics
Patient Journey Automation
40%
Fewer no-shows
5hrs
Saved on admin weekly
From initial enquiry through to aftercare, every patient interaction is an opportunity to save time and improve experience. We automate the repetitive touchpoints so your clinical team focuses on patients, not inboxes.
  • Enquiry triage and appointment booking
  • Pre-appointment consent form sequences
  • Appointment reminders to reduce no-shows
  • Post-treatment aftercare follow-ups
  • Review request sequences at 7 and 30 days
Small Business & FMCG
Sales, Operations & Growth
£300/mo
Retainers from
Days
Typical time to live
Growing businesses hit a ceiling when the founder is spending half their week on admin. We automate the operational backbone — lead capture, order comms, buyer outreach, content scheduling — so you can focus on the work that grows revenue.
  • Inbound lead capture and qualification
  • Order confirmation and dispatch notifications
  • Retail buyer outreach sequences
  • Customer review collection flows
  • Social content scheduling and repurposing
How It Works

We start small, prove it works, then build from there.

No retainer until you've seen results. No complex onboarding. No long implementation projects. Most clients have something live within two to three weeks of our first call.

01
Free discovery call
30 minutes. We learn about your business, your current tools, and your biggest pain points. You get an honest view of what AI can and can't do for you — with no pressure to proceed.
02
Scoping and proposal
We define the specific problem we're solving, the expected outcome, the timeline, and the cost. For compliance, this includes which obligations apply. For automation, this includes estimated hours saved.
03
Build and implement
Our technical team builds the workflow or assessment deliverable. We handle all the connections to your existing tools. You're kept informed throughout — no black box, no surprises.
04
Handover and support
We train your team, document everything in plain English, and stay available during the first 30 days. Optional retainer support available if you want us to maintain and develop the system over time.
Case Studies

What this looks like in practice.

Client names anonymised at their request. References available on a call — we're happy to connect you with existing clients in your sector.

Automation · Electrical Contractor
M&E Subcontractor · Wiltshire · 12-person field team
From four hours of Friday admin to zero — in two weeks
The office manager at a 12-person electrical subcontractor was spending every Friday afternoon manually collating timesheet messages from engineers — most sent as informal WhatsApp messages in different formats — before transferring them into a spreadsheet for payroll. Non-responders had to be chased individually. The whole process took four hours, every single week, and still produced errors.
"We built a WhatsApp-triggered workflow that captures engineer messages each Friday, uses AI to parse free-text into structured hour logs, sends automated reminders to anyone who hasn't responded by 3pm, and delivers a clean weekly summary to the accounts team — formatted and ready for payroll. The office manager's Friday afternoons are now free."
4hrs
Saved every Friday
0%
Missed timesheets
£2k
Total build cost
"I genuinely thought this would be complicated. It took two weeks and now I don't think about timesheets at all. The engineers don't even know anything changed — they just send their hours the same way they always did."
Office Manager
M&E Subcontractor, Wiltshire
Compliance · Recruitment Agency
Specialist Recruitment Firm · London · 8 consultants · Financial sector
Passing a client AI due diligence audit they previously would have failed
A specialist financial services recruitment firm had been using an AI-powered CV screening platform for 18 months. When a large institutional client issued an AI governance questionnaire as part of their supplier review, the firm had no answers — no documentation, no record of how the tool made decisions, and no candidate disclosure process in place.
"We ran an AI Safety Workshop, classified their screening platform as a high-risk system under the EU AI Act, and identified six specific obligations they were currently failing to meet. We produced a risk register, remediation roadmap, candidate transparency notice, and a supplier governance questionnaire template — all within three weeks. They submitted the client audit and passed."
3wks
Workshop to full documentation
6
Compliance gaps closed
Client audit passed
Automation · Care Home
Private Care Home · South West England · 32 beds · Private pay
Giving a registered manager her evenings back
The registered manager of a 32-bed private care home was regularly working evenings and weekends on admin that had accumulated during the operational day. Family enquiry emails were going unanswered for 24–48 hours. Bank staff shifts were being filled via individual phone calls. CQC inspection preparation meant days of document hunting. Senior staff time was being consumed by tasks that required no clinical judgment.
"We built three connected workflows: an enquiry handling system that triages family emails and drafts responses, a rota-gap alert that texts bank staff automatically when shifts open, and a CQC preparation workflow that gathers required documents on demand. Built on top of their existing email and messaging tools — no new systems required."
15hrs
Freed per week
3×
Faster CQC prep
£300/mo
Ongoing retainer
Why Rojaf

We built this practice because the gap was obvious.

Enterprise AI governance platforms charge £20,000+ a year and are designed for global corporations with dedicated compliance teams. Most UK SMEs — the businesses that most urgently need help navigating AI regulation — can't access them and are building nothing in their place.

We built Rojaf to fill that gap. A human-led, affordable, genuinely expert practice that treats your business as the specific thing it is — not as a template to fill in.

01
We combine compliance and technical delivery
Most compliance consultants can't build anything. Most automation agencies don't know what the EU AI Act requires. We do both — which means the compliance advice is grounded in what's actually buildable, and the automation builds are compliant from day one.
02
We cover the full spectrum of expertise
Our team spans product management, software engineering, regulatory policy, and employment law. That's rare. It means you're not getting a generalist consultant who'll go away and Google things — you're getting specialists in every area your AI obligations touch.
03
We start with a fixed scope, not an open retainer
We won't sell you an ongoing engagement before we've proved we can deliver. Every project starts with a clearly scoped piece of work, defined outcome, and agreed cost. Retainer options are available once you've seen the results.
04
We're sector specialists, not generalists
We've deliberately built deep knowledge in six sectors. We're not learning your industry at your expense. We know the specific regulations, the common failure points, and the workflows that already exist in your sector.
From the founder
"I built Rojaf because I kept seeing the same thing: businesses using AI tools they didn't fully understand, with no idea what the regulations required of them — and automation consultants selling expensive platforms when a well-built workflow would do the job in two weeks. We're here for the businesses the big firms don't have time for."
RJ
Roxana Jaye
Founder · Product & Strategy · MSc Digital Service Design
TL
Technical Lead
Software Engineering · AI Agent Architecture
PA
Policy Advisor
Regulatory & Policy · EU AI Act · UK Frameworks
EL
Employment Law Consultant
Employment Law · AI in Hiring · HR Compliance
FAQ

Questions we hear from businesses like yours.

We'd rather answer these upfront than have them stop you picking up the phone.

Does the EU AI Act actually apply to UK businesses after Brexit? +
Yes, in many cases. If you sell AI-enabled products or services to customers based in the EU, or if your AI tools process personal data about EU residents, you likely have obligations under the EU AI Act regardless of where your business is registered. This is particularly relevant for recruitment agencies and financial services firms with any EU exposure. We can assess your specific position in a Safety Workshop.
We're a small team. Is this really relevant to us? +
If you're using AI tools in regulated activities — CV screening, credit decisions, medical support — then yes. The EU AI Act doesn't have a small business exemption for high-risk applications. The good news is that our services are priced for SMEs. A Safety Workshop at £495 will tell you exactly where you stand and what, if anything, you need to do.
We're not using any AI yet. Should we still be thinking about this? +
Absolutely. If you're planning to introduce AI tools in the next 12–18 months — which most businesses in your sector will need to — getting your governance framework in place first is significantly cheaper and easier than retrofitting it later. We can help you build it right from the start.
How quickly can automation go live? +
Most single-problem builds — a timesheet workflow, an enquiry intake system, a follow-up sequence — are scoped in one week and live within two to three weeks. More complex multi-system builds take six to ten weeks. We always scope fully and agree on expected outcomes before you commit to anything.
Do we need to change our existing software? +
No. We build on top of what you already use. Our automation layer connects to your existing email, WhatsApp, Google Workspace, CRM, or care management software via APIs and webhooks. There's no rip-and-replace, no migration, and no new platforms for your team to learn.
How is our data handled? +
All automation builds use AI providers with Zero Data Retention policies — your data is never stored or used to train models after processing. We are GDPR-compliant and can provide a data processing agreement and privacy documentation on request. For organisations with stricter data requirements, we also support on-premise deployment options.
What does the compliance assessment actually produce? +
You receive: a full inventory of your AI systems with risk classifications; a written gap analysis against your specific obligations; a risk-rated findings report; policy templates for internal use; candidate or customer transparency documentation where required; and a prioritised remediation roadmap. Everything is written in plain English and designed to be used — not filed and forgotten.
Ready to start?

A 30-minute call. No commitment. Just clarity.

Tell us what you're dealing with — the admin that's costing you hours, the AI tools you're not sure about, the regulation you've been putting off — and we'll tell you honestly what we can do and what it would cost. No hard sell. No jargon.

Based in Wiltshire · Working across the UK · hello@rojaf.co.uk