EU AI Act for Small Businesses and SMEs: What Actually Applies to You

• The EU AI Act categorises AI by risk: prohibited (banned), high-risk (strict obligations), limited-risk (transparency requirements), and minimal-risk (no mandatory requirements). Most SME AI use falls into limited-risk or minimal-risk.

• High-risk AI covers Annex III use cases: AI in hiring, credit scoring, education, critical infrastructure, and law enforcement. Using ChatGPT for marketing is not high-risk. Using AI to screen job applications is.

• From August 2026, all EU businesses must ensure chatbots disclose they are AI, AI-generated images and video are labelled, and emotion recognition AI is disclosed to users.

• SMEs benefit from specific support provisions: reduced conformity assessment fees, simplified documentation requirements, priority access to regulatory sandboxes, and dedicated SME guidance from the European AI Office.

• The EU AI Act does not replace GDPR — they operate in parallel. For any AI that processes personal data, full GDPR obligations remain in force.

• SMEs with high-risk AI use cases (hiring tools, credit scoring, educational assessment) need to be building compliance infrastructure now — Annex III high-risk obligations apply from August 2026 under current law (an AI Omnibus proposal from May 2026 may push this to December 2027, pending formal adoption).

"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."