EU AI Act for Small Businesses and SMEs: What Actually Applies to You

• The EU AI Act categorises AI by risk: prohibited (banned), high-risk (strict obligations), limited-risk (transparency requirements), and minimal-risk (no mandatory requirements). Most SME AI use falls into limited-risk or minimal-risk.

• High-risk AI covers Annex III use cases: AI in hiring, credit scoring, education, critical infrastructure, and law enforcement. Using ChatGPT for marketing is not high-risk. Using AI to screen job applications is.

• From August 2026, all EU businesses must ensure chatbots disclose they are AI, AI-generated images and video are labelled, and emotion recognition AI is disclosed to users.

• SMEs benefit from specific support provisions: reduced conformity assessment fees, simplified documentation requirements, priority access to regulatory sandboxes, and dedicated SME guidance from the European AI Office.

• The EU AI Act does not replace GDPR — they operate in parallel. For any AI that processes personal data, full GDPR obligations remain in force.

• SMEs with high-risk AI use cases (hiring tools, credit scoring, educational assessment) need to be building compliance infrastructure now — Annex III high-risk obligations apply from August 2026 under current law (an AI Omnibus proposal from May 2026 may push this to December 2027, pending formal adoption).

"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导，请咨询合格专家。"