EU AI Act

The European AI law that determines which AI applications are banned, which carry strict requirements, and what that means for your business.

EU AI Act, EU Artificial Intelligence Act, AI Act, AIA

Definition

The European Union's legal framework regulating AI systems by classifying them according to risk level and imposing obligations on transparency, safety, human oversight, and accountability.

What is it?

The EU AI Act is the world's first comprehensive AI law and entered into force on 1 August 2024. The law divides AI systems into four risk categories: prohibited systems, high-risk systems, limited-risk systems, and minimal-risk systems. Most everyday AI applications in SMEs fall into the two lowest categories and carry limited obligations.

The timeline is phased: prohibition rules and AI literacy requirements applied from 2 February 2025, rules for providers of general-purpose AI models from 2 August 2025, and the full high-risk regime is scheduled for 2 August 2026. Businesses deploying AI in regulated products such as machinery or safety systems may receive an extended transition to 2028 in certain cases.

Why it matters for SMEs

The EU AI Act is not a ban on AI, but a framework that determines which applications are permitted without restriction, which require additional measures, and which are not allowed at all. For SMEs the practical impact depends on how AI is used and in which sector.

  • Prohibited applications must stop immediately. Systems that manipulate, apply social scoring, recognise emotions in the workplace, or scrape facial images are banned from 2 February 2025, regardless of the vendor or how convenient they are.
  • High-risk applications require documentation and human oversight. Staffing agencies using AI for CV screening, candidate ranking, or rejection decisions are working with a high-risk AI system and will need to register, document, and monitor it.
  • Most SME applications fall into the lowest categories. Invoice processing, text summarisation, email assistance, and knowledge bases carry minimal obligations, though basic transparency to users is still required.

The first step for any SME is an inventory: which AI tools do you use, who provides them, and what exactly do they do? Only then can you determine the risk category and know whether action is needed.

How it works

The EU AI Act works through a risk classification system. The law places obligations on providers of AI systems but also on deployers: the businesses that use a third-party AI system in their own processes. For SMEs, that deployer role is the most relevant.

  1. Inventory: map which AI tools and workflows the organisation uses or is considering.
  2. Classify: determine for each system whether it is prohibited, high-risk, limited-risk, or minimal-risk based on the risk annexes of the law.
  3. Stop prohibited applications: systems in the prohibited category must be switched off immediately.
  4. Apply high-risk measures: for high-risk systems, technical documentation, human oversight, logging, and registration are mandatory before the 2026 deadline.
  5. Ensure transparency: when using AI-generated content or chat interactions, inform users that they are communicating with AI.

Also check whether your organisation qualifies as a provider or as a deployer. Businesses that significantly modify a vendor's model or offer it as their own product carry heavier obligations than those who deploy it unchanged.

Example in practice

Picture a staffing agency using an AI tool that automatically scores CVs and ranks candidates for open vacancies. That is a high-risk AI system under the EU AI Act because it affects access to employment. Before the application date of 2026, the agency must document how the system works, demonstrate that human oversight of the outcomes is in place, and register the tool in the European AI database. Failing to do so risks fines of up to fifteen million euros or three per cent of global annual turnover for this type of breach.

Comparison and misconceptions

The EU AI Act regulates AI systems by risk; the GDPR regulates the processing of personal data. The two laws overlap when AI applications process personal data: a high-risk AI tool that assesses candidates must comply with both the AI Act and the GDPR.

Frequently asked questions

What is the EU AI Act and does it apply to my business?
The EU AI Act is European regulation for AI systems, in force since 2024. It applies to any business that uses, develops, or deploys AI systems within the EU. Obligations depend on the risk level of the application: low-risk has few requirements, high-risk applications such as AI in HR or credit assessment have significantly more.
What are the main obligations for SMEs?
For most SME applications the risk is low and obligations are limited: transparency toward users about AI use and minimal documentation requirements. Higher-risk applications, such as AI making decisions about people in HR or finance, require risk assessment, human oversight, and logging.
When does a business need to be ready for the EU AI Act?
The law was phased in. Prohibited systems were banned immediately upon entry into force. Obligations for high-risk applications apply from 2026. Mapping which AI applications you use and which risk category they fall under is the most sensible first step right now.

Explore related terms

Term
Responsible AI
Responsible AI is the practice of developing and deploying AI in ways that are ethical, transparent, safe, and accountable, with attention to fairness, privacy, and human oversight.
Read more →
Term
Explainability
The ability to understand and explain how an AI system arrived at a particular output or decision, so that people can assess, challenge, or improve that outcome.
Read more →
Term
Model Alignment
Model alignment is the practice of training and configuring AI systems so their behaviour stays in line with human values, business rules, and intended goals.
Read more →
Term
AI Maturity
AI maturity describes the level at which an organisation has progressed in its use of AI, from initial experiments to structured, scalable deployment with governance and measurable results.
Read more →
From insight to impact

Curious what AI
can do for your processes?

In a free intro call we look at where AI saves you the most time, and what a connected setup looks like.

Book a free intro call
Kronehoefstraat 85
5612 HL Eindhoven

BTW NL863902509B01
We translate AI opportunities into
commercial results for your business
introduction
Company
HomeAbout usUse CasesContact
Services
AI Sales Agents
Fractional Chief AI Officer
Secure Data & Compliant AI Stack
Business Apps & Integrations
AI Agents & Process Automation
AI Pilots & Sprints
AI Strategy & Roadmap
Solutions
AI Opportunity Scan
AI Business Brain
AI Integrations
Resources
Blogs
Case Studies
AI Glossary
Agentic Sales Playbook
News and insights.

Stay up to date with the latest news
and developments in Agentic AI

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
©2026 The Agentic Group – All rights reserved