Book introduction
Back to Insights
AI Legislation

EU AI Act August 2026 — what SMBs need to arrange now

8 min lezen
EU AI Act August 2026 — what SMBs need to arrange now — practical AI guide for SMEs

Discover what the EU AI Act compliance obligations mean for your SMB in 2026. Compliance checklist, risk categories and the fines you want to avoid.

The EU AI Act becomes fully effective on 2 August 2026. As an SMB entrepreneur, you must now inventory your AI tools, determine the risk category, and—depending on that category—demonstrate that you meet specific obligations. Do nothing and you risk fines up to 35 million euros or 7% of your global turnover.

Why 2 August 2026 is the critical date

The EU AI Act officially came into force on 1 August 2024, but the rules are being introduced in phases. For most SMBs, there are three dates that matter:

  • 2 February 2025: Ban on unacceptable AI applications and mandatory AI literacy for employees working with AI
  • 2 August 2025: Obligations for providers of GPAI models (think: ChatGPT, Claude, Gemini)
  • 2 August 2026: Full compliance required for high-risk AI systems

That last date is the most impactful for SMBs. From that moment on, enforcement by national supervisors becomes possible. In the Netherlands, that will be the Netherlands Digital Infrastructure Service (RDI), which is authorized to conduct audits and impose fines.

The message is simple: you don't have years left. You have months. And the first step is knowing which risk category your AI use falls into.

How to classify your AI use

The EU AI Act divides AI applications into four categories. The higher the risk, the heavier the obligations.

Prohibited AI (unacceptable risk)

This is AI that must never be used—regardless of industry or purpose. Examples:

  • Social scoring systems that judge citizens based on behavior
  • Real-time facial recognition in public spaces by government agencies
  • AI that uses subliminal manipulation to steer behavior
  • Emotion recognition in the workplace or in education

Using this type of AI? Then you are immediately in violation—this ban applies from February 2025 onwards.

High-risk AI

These are systems that directly affect people in sensitive situations. Think of:

  • HR and recruitment: algorithms that screen applicants or employee rating software
  • Credit assessment: AI that determines loan applications or credit limits
  • Healthcare and medical devices: diagnostic AI tools and decision support systems
  • Critical infrastructure: AI that controls energy, water or transport systems
  • Education: systems that grade exams or select students

If you as an SMB deploy or offer high-risk AI, the heaviest obligations apply.

Low-risk and minimal-risk AI

This is where most SMBs fall. Think of:

  • Using ChatGPT or Claude for emails or quotes
  • An AI chatbot on your website
  • Marketing automation or content generation
  • AI for internal planning, reporting or summarizing

For this category, mainly transparency obligations apply: if you deploy a chatbot that speaks to people, it must identify itself as AI.

Concretely: what obligations apply to which category

For prohibited AI: stop immediately

Using one of the banned applications? Stop it. This risk is not manageable with documentation or procedures. Use of prohibited AI leads directly to the highest fine category.

For high-risk AI: heavy compliance obligations

If your business deploys or develops high-risk AI, the following obligations apply from August 2026:

  1. Risk management system: documented processes for identifying and controlling risks
  2. Data governance: justification that training data is representative, reliable and unbiased
  3. Technical documentation: description of the system, its limitations and the algorithms used
  4. Automatic logging: the system must track its own decisions for traceability
  5. Human oversight: there must always be a human in the loop who can override decisions
  6. Conformity assessment: depending on the type of system, sometimes including CE marking
  7. Registration in EU database: mandatory for certain high-risk systems

Practical question for SMBs: are you a provider or user? If you use an off-the-shelf HR system with AI features offered by a software vendor, many obligations fall on that vendor. Ask your vendors now about their EU AI Act compliance.

For low-risk AI: transparency is sufficient

Using AI for internal productivity, marketing or customer service without direct decisions about people? Then obligations are limited:

  • AI chatbots must identify themselves as AI
  • AI-generated content must be labeled as such where necessary
  • Employees must have basic knowledge of how the system works (mandatory since February 2025)

Stepwise compliance checklist for SMBs

Haven't taken action yet? Start here:

Step 1 — Inventory all your AI tools

Make a list of all AI systems your business uses: from Microsoft Copilot to an AI recruitment tool or a chatbot on your website. Don't forget the AI functions in existing software—CRM, ERP and HR systems increasingly contain built-in AI.

Step 2 — Determine the risk category

Using AI for internal productivity and communication? You probably fall into the low-risk category. Using AI for personnel decisions, credit assessment or healthcare? Then high-risk is the starting point.

Step 3 — Ask your vendors for compliance documentation

If you use high-risk AI from a third party, that vendor is responsible for much of the compliance. Ask them now: do you have a declaration of conformity? Are you registered in the EU database?

Step 4 — Document your own use

Keep track of which AI systems you use, for what purpose, by whom, and what decisions are made with them. This is both for internal transparency and in case of an audit.

Step 5 — Train your employees

AI literacy is already legally required. Make sure employees using AI tools understand what the system does and what its limitations are. A short internal session is sufficient for low-risk use.

Step 6 — Appoint an AI responsible person

Designate a person as the contact point for AI compliance. This doesn't have to be a full-time role, but there must be someone who has the overview and can speak during an audit.

What it costs if you wait

The EU AI Act uses a tiered fine system:

ViolationMaximum fine
Prohibited AI used35 million euros or 7% global turnover
High-risk AI not compliant15 million euros or 3% global turnover
False information to regulator7.5 million euros or 1.5% turnover

For small businesses and micro-enterprises, a lower ceiling applies: the maximum fine is calculated as the lower of both amounts. In practice, small businesses can face fines of 60,000 euros or higher, depending on the severity and category of the violation.

Beyond fines, there are other risks:

  • Reputational damage if an AI incident becomes public
  • Contractual liability if your AI use causes damage to customers
  • Operational disruption if systems must be shut down for non-compliance

Regulators are expected to start with larger companies, but the legislation applies to everyone. Proactive action is cheaper than correcting afterward.

How Unify AI helps you become compliant

At Unify AI, we work exclusively with AI applications in the low-risk and minimal-risk category. We help SMBs implement AI in a way that works—and that complies with the EU AI Act.

What we do for you:

  • AI inventory: we map which AI tools your business uses and in which risk category they fall
  • Implementation of compliant AI workflows: we build on tools that are transparent about their limitations and that incorporate human oversight
  • AI literacy for your team: short, practical sessions so your employees know how to use AI responsibly
  • Documentation support: we help you document the use of AI tools in a way that holds up in an audit

You don't have to navigate the EU AI Act alone. Contact us at connect@unify-ai.nl and we'll look together at what's needed for your business.

Frequently asked questions

Does the EU AI Act apply to my business if I only use ChatGPT?

Yes, but the obligations are minimal. If you use ChatGPT for internal tasks like writing emails or summarizing, you fall into the minimal-risk category. The main obligation is AI literacy for employees: they must understand what the system does and what its limitations are.

We use an HR system with AI features. Do we have to make it compliant ourselves?

Not entirely. If you use a system from a software vendor, that vendor is primarily responsible for the technical compliance of the AI model. As a user, you are responsible for documenting your use and building human oversight into decisions about people. Ask your vendor now about their EU AI Act status.

What is the fine for a small business that is not compliant?

For small businesses, the lower of two amounts applies: the fixed maximum amount or the percentage of annual turnover. In practice, fines for small businesses on non-critical violations are around 60,000 euros, but using prohibited AI increases that significantly.

Do I need an AI policy on paper?

For high-risk AI, extensive documentation is required. For low-risk use, a short internal document describing which tools you use, for what purpose, and who oversees them is sufficient. It doesn't have to be a legal document—it's about being able to demonstrate it during an inspection.

When do I need to have this arranged?

The hard deadline is 2 August 2026. For prohibited AI, that already applies as of 2 February 2025. The AI literacy requirement for employees also applies from February 2025 onwards. Don't wait until August—start with the inventory now so you have enough time to correct where needed.

Recommended for you

Related articles

Keep reading: articles that best match this topic in terms of content.

AI for HR and recruitment: what works in 2026 and what the EU AI Act prohibits - AI isn't allowed to do everything in HR and recruitment — but quite a lot. The EU AI Act classifies CV screening as high-risk. Here are the applications that work for SMEs in 2026, without compliance risk.
21 mei 20267 min
AI for HR and recruitment: what works in 2026 and what the EU AI Act prohibits
AI isn't allowed to do everything in HR and recruitment — but quite a lot. The EU AI Act classifies CV screening as high-risk. Here are the applications that work for SMEs in 2026, without compliance risk.
Read more
HR automation with AI: from recruitment to onboarding in SMBs - Discover how AI accelerates your HR processes: from CV screening and onboarding to leave management. Practical guide for SMEs.
17 mei 20266 min
HR automation with AI: from recruitment to onboarding in SMBs
Discover how AI accelerates your HR processes: from CV screening and onboarding to leave management. Practical guide for SMEs.
Read more
What does an AI agent cost? Pricing, models, and ROI for SMBs (2026) - What does an AI agent cost for your business? Honest overview of pricing, cost models, and ROI for SMBs in 2026.
17 mei 20266 min
What does an AI agent cost? Pricing, models, and ROI for SMBs (2026)
What does an AI agent cost for your business? Honest overview of pricing, cost models, and ROI for SMBs in 2026.
Read more
MCP Server: What It Is and Why AI Agents Need It - Discover what an MCP server is, how it works, and why it's becoming the standard for AI agent integrations. Includes implementation examples and architecture.
9 feb 20269 min
MCP Server: What It Is and Why AI Agents Need It
Discover what an MCP server is, how it works, and why it's becoming the standard for AI agent integrations. Includes implementation examples and architecture.
Read more

Next step

From insight to implementation

This article explains how it works — we help SMEs to actually build it and connect it to your software.

AI ConsultancyAI AgentsFree consultation

Roadmap in 2 weeks · implementation in 6–8 weeks

More from UnifyAI

Discover our services

AI ConsultancyStrategic advice and AI roadmapView AI TransformationFixed AI partner (12+ months)View AI AgentsIntelligent agents working 24/7View AI CoachingPersonal 1-on-1 guidanceView AI TrainingWorkshops and team trainingView