Back to Insights

EU AI Act 9 min read 2026

EU AI Act for Small Businesses and SMEs: What Actually Applies to You

Most EU AI Act analysis targets large enterprises. This guide covers what small businesses and SMEs actually need to do — which obligations apply, which exemptions exist, and what the real compliance burden looks like.

A

AIRiskAware

Specialist AI Risk Governance & Compliance

Share

EU AI Act for Small Businesses and SMEs: What Actually Applies to You

Key Takeaways

The EU AI Act categorises AI by risk: prohibited (banned), high-risk (strict obligations), limited-risk (transparency requirements), and minimal-risk (no mandatory requirements). Most SME AI use falls into limited-risk or minimal-risk.
High-risk AI covers Annex III use cases: AI in hiring, credit scoring, education, critical infrastructure, and law enforcement. Using ChatGPT for marketing is not high-risk. Using AI to screen job applications is.
From August 2026, all EU businesses must ensure chatbots disclose they are AI, AI-generated images and video are labelled, and emotion recognition AI is disclosed to users.
SMEs benefit from specific support provisions: reduced conformity assessment fees, simplified documentation requirements, priority access to regulatory sandboxes, and dedicated SME guidance from the European AI Office.
The EU AI Act does not replace GDPR — they operate in parallel. For any AI that processes personal data, full GDPR obligations remain in force.
SMEs with high-risk AI use cases (hiring tools, credit scoring, educational assessment) need to be building compliance infrastructure now — Annex III high-risk obligations apply from August 2026 under current law (an AI Omnibus proposal from May 2026 may push this to December 2027, pending formal adoption).

Important: This content is AI-assisted and under ongoing accuracy review

Articles on AIRiskAware are drafted with AI assistance to summarise complex regulatory landscapes. Specific facts (dates, fine amounts, statute references, case citations) may contain errors. Do not rely on this content for legal, regulatory, financial, or professional decisions. Always verify directly against primary sources (regulator websites, official legislation) or consult a qualified specialist.

Spotted an error? Please report it — we review and correct promptly.

The risk categorisation that determines your obligations

Prohibited AI (prohibited from 2 February 2025): subliminal manipulation, real-time biometric identification in public spaces, social scoring. Most SMEs are nowhere near this. High-risk AI (Annex III): AI in hiring, credit scoring, education, critical infrastructure — if your AI falls here, you need conformity assessments, technical documentation, human oversight, and EU AI database registration. Limited-risk: transparency obligations only — chatbots must disclose they are AI, AI-generated content must be labelled. From August 2026. Minimal-risk: no mandatory requirements.

SME-specific support

Article 62 provides SMEs with: reduced conformity assessment fees; simplified technical documentation; priority access to regulatory sandboxes in each member state; and dedicated guidance from the European AI Office. For most EU SMEs using AI for marketing or operations (not Annex III use cases): from August 2026, ensure chatbots disclose they are AI and AI-generated images are labelled. That is the realistic compliance burden for low-risk AI use.

Stay ahead of AI governance

Regulatory updates, practical frameworks, and new articles — free, monthly. No spam.

No spam. Unsubscribe anytime. We'll never share your email.

Work with AIRiskAware

Specialist AI risk governance and compliance advisory for enterprise organisations and businesses of all sizes.

Found this useful? Share it.

Share on LinkedIn

Related articles

AI in EU Insurance: EIOPA Guidelines, Solvency II Implications, and the EU AI Act for Insurers

EU AI Act 11 min read

AI in EU Insurance: EIOPA Guidelines, Solvency II Implications, and the EU AI Act for Insurers

EU AI Act High-Risk AI: The Compliance Checklist Your Legal Team Actually Needs

EU AI Act 11 min read

EU AI Act High-Risk AI: The Compliance Checklist Your Legal Team Actually Needs

EU AI Act Annex III: The Complete List of High-Risk AI and What It Means for Your Organisation

EU AI Act 12 min read

EU AI Act Annex III: The Complete List of High-Risk AI and What It Means for Your Organisation

More from AIRiskAware

Practical AI governance guidance for organisations at every stage.

All Insights Free Assessment