Back to Blog
AI Act

The EU AI Act Deadline Most SMBs Haven't Heard Of: August 2, 2026

2026-03-054 min read

August 2, 2026. That's when the EU AI Act enters full enforcement for high-risk AI systems.

Most SMBs haven't heard of this deadline. And most that have assume it doesn't apply to them.

They're usually wrong.

"High-Risk" Doesn't Mean What You Think

When people hear "high-risk AI," they picture autonomous weapons or self-driving cars. The reality is far more mundane — and far more relevant to everyday businesses.

Under the EU AI Act, high-risk AI systems include:

  • HR screening tools that use AI to filter CVs or rank candidates
  • Customer-facing chatbots that make recommendations affecting service outcomes
  • AI in credit decisions or insurance assessments
  • Automated customer service that determines eligibility or priority

If your company uses any AI tool that influences decisions about people, the high-risk classification may apply.

"Deployer" Obligations Apply Even If You Didn't Build the AI

This is the part that catches SMBs off guard. The EU AI Act creates obligations not just for companies that develop AI systems, but also for companies that deploy them.

If you use ChatGPT, Copilot, or any third-party AI tool in business decisions that affect people, you are a "deployer" under the regulation. Deployer obligations include:

  • Transparency: Informing people when they're interacting with or being assessed by AI
  • Human oversight: Ensuring a human can review and override AI decisions
  • Documentation: Maintaining records of how AI systems are used and for what purposes
  • Risk assessment: Understanding and documenting the risks of your AI usage

"We just use it internally" is not a defence. If AI outputs affect decisions about employees, customers, or the public, the obligations apply.

The Penalties Are Significant

The EU AI Act includes tiered penalties:

  • Prohibited AI practices: Up to EUR 35 million or 7% of global annual turnover
  • High-risk non-compliance: Up to EUR 15 million or 3% of global turnover
  • Providing incorrect information: Up to EUR 7.5 million or 1% of global turnover

For an SMB, even the lowest tier is potentially devastating.

What's Already Enforceable

The AI Act entered into force on August 1, 2024, with a phased timeline:

  • February 2, 2025: Prohibited AI practices (already enforceable)
  • August 2, 2025: Obligations for general-purpose AI models
  • August 2, 2026: Full enforcement for high-risk AI systems

The high-risk deadline is the one that will affect the most SMBs — and it's less than five months away.

What To Do Now

You don't need to become an AI regulation expert. But you do need to understand your exposure.

Start with three questions:

  1. What AI tools does your company use? Include everything — ChatGPT, Copilot, automated email tools, chatbots, screening software.
  2. Do any of these tools affect decisions about people? Hiring, customer service, eligibility, recommendations.
  3. Have you documented your AI usage? The AI Act requires records of how AI systems are deployed and monitored.

If you answered "yes" to question 2, you likely have deployer obligations under the AI Act.

ComplyOne can assess your specific AI Act exposure in two minutes — including which obligations apply and what to prioritise.

Run your free AI Act health check