
EU AI Act: What your company needs to do to comply
L'EU AI Act (the European Regulation on Artificial Intelligence) has entered into full force. This is not just a declaration of intent: the law defines precise obligations and strict deadlines for all companies that use or develop AI-based technologies.
The regulation's approach is based on two key elements:
-
The level of risk of the AI application.
-
The role of the company (whether he develops the AI or simply uses it “as a user”, a role defined as deployer).
If your company uses or develops artificial intelligence tools, here is a practical summary of what you need to do to be compliant and avoid penalties that can affect your business. 7% of annual global turnover (or up to 35 million euros).
1. Map and classify AI systems (The “Risk Matrix”)
The first essential step is to map all the AI-based software used in the company to understand which of the four risk categories they fall into:
-
Unacceptable risk (PROHIBITED): Systems like the social scoring, emotion recognition in the workplace (except for specific security reasons), or indiscriminate facial recognition via scraping. These systems must be decommissioned immediately.
-
High risk: Systems used for personnel selection (e.g., automatic CV screening), employee performance evaluation, access to essential services, or management of critical infrastructure. They require the most stringent requirements.
-
Limited Risk (Transparency): Chatbots, image, text, or video generation systems (Deepfake). Here the main requirement is the transparency: the user must know that he is interacting with an AI.
-
Minimal risk: Spam filters, AI in video games. No specific requirements, other than the invitation to follow voluntary codes of conduct.
2. What to do if the company is a “Deployer” (AI User)
Most companies don't develop AI from scratch, but use third-party tools (such as ChatGPT, Microsoft Copilot, Canva AI, or integrated HR software). In this case, the company is classified as Deployer and must:
-
Literacy Mandatory (AI Literacy): It's a cornerstone of the regulation. Companies must train their staff on the use of AI. Employees must understand how the tool works, its limitations, the risk of "hallucinations" (false responses generated by AI), and how to avoid corporate data leaks or bias (algorithmic biases).
-
Follow the instructions for use: Use the systems strictly following the technical guidelines provided by the manufacturer.
-
Ensure human supervision: No important decision (e.g., hiring or firing) can be made autonomously by an algorithm without final human review.
-
Fundamental Rights Impact Assessment (FRIA): Mandatory before putting a system classified as “high risk” into operation.
3. What to do if the company is a “Provider” (AI Developer)
If your company develops AI software to sell or distribute on the market, the obligations (especially for high-risk systems) are quite massive:
-
Risk Management System: A continuous process to identify and mitigate system risks throughout its life cycle.
-
Data Governance: Ensure that training datasets are high-quality, free from discriminatory bias, and privacy-friendly.
-
Technical Documentation and Logging: Create and maintain technical documentation and provide automatic event logging to ensure traceability.
-
Conformity assessment: Subject the system to checks to obtain the CE marking before placing on the market.
Operational checklist for companies
To address compliance without getting overwhelmed, your company can follow this sequence of actions:
Web Focus: What should be published on the website?
One of the most frequently asked questions is: “Should I post my internal compliance documents on the website?” The answer is no. Documents such as company AI Policy or risk assessments contain confidential information and should not be published online.
Only the following information should be entered on the website: specific transparency information for users (regulated by Art. 50 of the EU AI Act).
Here are the 3 main cases:
| Scenario on your site | What the law provides (Art. 50) | How to comply in practice |
| You use a support chatbot | Clearly signal to the user that they are interacting with a machine and not a human. | Please enter a clear welcome message: “Hi! I'm the AI-powered virtual assistant for [Company Name]…” |
| You post synthetic images, videos, or audio (Deepfakes) | AI-generated or AI-altered media that appears real must be clearly labeled. | Place a visible notice on the page or a digital watermark declaring the synthetic origin of the content. |
| Publish AI-generated texts on topics of public interest | If you publish articles or news stories written entirely by AI, you must disclose this openly. | Note: The obligation not applies if the text has been extensively reviewed, edited, and validated by a person (human editorial control) before publication. |
Our advice
Complying with the EU AI Act is not only a legal obligation, but also an opportunity to optimize business processes and increase customer trust. Transparently managing AI on your website and training your team are the first steps towards a safe and ethical digital transition.
If you need to integrate AI systems on your website (such as intelligent chatbots) in a compliant and secure way, or would like advice on your digital presence, Contact our team.





