NEWS

A Guide to the EU AI Act: What Your Business Needs to Do (And What Changes for Your Website)

eu ai act, a hammer near a robot and a chip symbolizing the ai

EU AI Act: What your company needs to do to comply

L'EU AI Act (the European Regulation on Artificial Intelligence) has entered into full force. This is not just a declaration of intent: the law defines precise obligations and strict deadlines for all companies that use or develop AI-based technologies.

The regulation's approach is based on two key elements:

  • The level of risk of the AI application.

  • The role of the company (whether he develops the AI or simply uses it “as a user”, a role defined as deployer).

If your company uses or develops artificial intelligence tools, here is a practical summary of what you need to do to be compliant and avoid penalties that can affect your business. 7% of annual global turnover (or up to 35 million euros).

1. Map and classify AI systems (The “Risk Matrix”)

The first essential step is to map all the AI-based software used in the company to understand which of the four risk categories they fall into:

  • Unacceptable risk (PROHIBITED): Systems like the social scoring, emotion recognition in the workplace (except for specific security reasons), or indiscriminate facial recognition via scraping. These systems must be decommissioned immediately.

  • High risk: Systems used for personnel selection (e.g., automatic CV screening), employee performance evaluation, access to essential services, or management of critical infrastructure. They require the most stringent requirements.

  • Limited Risk (Transparency): Chatbots, image, text, or video generation systems (Deepfake). Here the main requirement is the transparency: the user must know that he is interacting with an AI.

  • Minimal risk: Spam filters, AI in video games. No specific requirements, other than the invitation to follow voluntary codes of conduct.

2. What to do if the company is a “Deployer” (AI User)

Most companies don't develop AI from scratch, but use third-party tools (such as ChatGPT, Microsoft Copilot, Canva AI, or integrated HR software). In this case, the company is classified as Deployer and must:

  1. Literacy Mandatory (AI Literacy): It's a cornerstone of the regulation. Companies must train their staff on the use of AI. Employees must understand how the tool works, its limitations, the risk of "hallucinations" (false responses generated by AI), and how to avoid corporate data leaks or bias (algorithmic biases).

  2. Follow the instructions for use: Use the systems strictly following the technical guidelines provided by the manufacturer.

  3. Ensure human supervision: No important decision (e.g., hiring or firing) can be made autonomously by an algorithm without final human review.

  4. Fundamental Rights Impact Assessment (FRIA): Mandatory before putting a system classified as “high risk” into operation.

 

3. What to do if the company is a “Provider” (AI Developer)

If your company develops AI software to sell or distribute on the market, the obligations (especially for high-risk systems) are quite massive:

  • Risk Management System: A continuous process to identify and mitigate system risks throughout its life cycle.

  • Data Governance: Ensure that training datasets are high-quality, free from discriminatory bias, and privacy-friendly.

  • Technical Documentation and Logging: Create and maintain technical documentation and provide automatic event logging to ensure traceability.

  • Conformity assessment: Subject the system to checks to obtain the CE marking before placing on the market.

 

Operational checklist for companies

To address compliance without getting overwhelmed, your company can follow this sequence of actions:

1.Create an AI inventory: Internal mapping.

Record all software in use in the company that uses AI algorithms (including “shadow” software used by employees without formal authorization, such as free versions of text or image generators).

2.Classify the risk level: Risk Assessment.

Assign each system its own risk class (Unacceptable, High, Limited, Minimal) to understand which legal obligations actually arise.

3. Kickstart Employee AI Literacy: Mandatory training.

Organize training sessions and draft a AI Company Policy that clearly explains what can and cannot be done (e.g., an absolute ban on entering sensitive customer data or proprietary code in public prompts).

4. Adapt the contracts: Legal & Compliance.

Review contracts with software vendors to ensure they comply with the EU AI Act and clearly define liability for violations.

 

Web Focus: What should be published on the website?

One of the most frequently asked questions is: “Should I post my internal compliance documents on the website?” The answer is no. Documents such as company AI Policy or risk assessments contain confidential information and should not be published online.

Only the following information should be entered on the website: specific transparency information for users (regulated by Art. 50 of the EU AI Act).

Here are the 3 main cases:

Scenario on your site What the law provides (Art. 50) How to comply in practice
You use a support chatbot Clearly signal to the user that they are interacting with a machine and not a human. Please enter a clear welcome message: “Hi! I'm the AI-powered virtual assistant for [Company Name]…”
You post synthetic images, videos, or audio (Deepfakes) AI-generated or AI-altered media that appears real must be clearly labeled. Place a visible notice on the page or a digital watermark declaring the synthetic origin of the content.
Publish AI-generated texts on topics of public interest If you publish articles or news stories written entirely by AI, you must disclose this openly. Note: The obligation not applies if the text has been extensively reviewed, edited, and validated by a person (human editorial control) before publication.

Our advice

Complying with the EU AI Act is not only a legal obligation, but also an opportunity to optimize business processes and increase customer trust. Transparently managing AI on your website and training your team are the first steps towards a safe and ethical digital transition.

If you need to integrate AI systems on your website (such as intelligent chatbots) in a compliant and secure way, or would like advice on your digital presence, Contact our team.