Search
Home
/Insights
/Blog
/The Eu Ai Act A Practical Guide To Compliance For Business And Technology Leaders

The EU AI Act: A Practical Guide to Compliance for Business and Technology Leaders

Around: 8 min. read

Artificial intelligence has become a permanent element of modern communication, marketing, and operational processes in most industries. However, with its mass implementation and potentially harmful use-cases, the time has come for firm legal regulations – the European Union’s AI Act will soon fully enter into full force. For managers, CEOs, and technology leaders, this means one thing: the era of unrestricted experimentation has come to an end.

To maintain a competitive advantage and secure the stability of their organizations, management must precisely understand the new regulatory mechanisms and translate them into a compliance strategy within their companies.

What is the AI ​​Act, and when will it enter into force?

The Artificial Intelligence Act is a EU regulation designed to improve the functioning of the EU internal market by introducing a coherent legal framework for the development, marketing, and use of AI systems. The new law aims to stimulate innovation, but above all, it aims to ensure that these technologies are developed in a safe, trustworthy, and human-centric manner, while ensuring the highest level of protection for health, safety, and fundamental rights.

The regulations are primarily built on a risk-based approach. For most AI systems, this means the AI Act focuses on regulating the specific ways the technology is applied, rather than the technology itself. The higher the risk that a given AI system will impact the rights and safety of citizens, the stricter the obligations and restrictions imposed on the entities developing and/or implementing it. However, there is a major exception: the Act does regulate the underlying technology in the case of general-purpose AI models, imposing strict baseline obligations on their developers regardless of how the model is ultimately used downstream.

Organizations have already been adapting to this phased rollout for some time. The first bans on unacceptable AI practices, such as subliminal manipulation and emotion tracking, became enforceable in February 2025, followed by new compliance rules that took effect for providers of general-purpose AI models in August of the same year.

After the AI Digital Omnibus was passed, compliance deadlines were pushed back to match delayed technical standards. The deadline for machine-readable watermarking and general transparency is now December 2, 2026. Standalone high-risk systems, like recruitment and workforce management tools, have been granted an extension until December 2, 2027, meaning this is the final chance to strengthen internal governance and wrap up technology audits.

Transparency in content generation and managing synthetic content

For communications and PR agencies, generative AI is a powerful asset, but the AI Act introduces strict transparency rules to combat misinformation and consumer deception. As a business leader, you must ensure your teams know exactly when to label synthetic content. The fundamental rule is that AI-generated audio, images, video, or text must be marked in a machine-readable format and be easily detectable as artificially created. While this technical burden falls primarily on the developers of the AI tools, your agency must ensure the software you procure complies with this standard.

The rules about “deep fakes” may have a direct impact on your campaigns. If your agency generates or edits media to make it appear like real people or events, you must clearly state that the content is artificially created.

The Act includes practical exemptions that protect standard creative and PR workflows:

  • Editorial exemption: If your company uses AI to draft texts on matters of public interest, you do not need to add an “AI-generated” label, as long as a person reviews the content and takes editorial responsibility for it.
  • Creative and assistive use: For clearly artistic or satirical works, a simple and unobtrusive disclosure is enough. If AI is only used for basic editing help, no disclosure is needed.

When must you disclose the conversational AI?

Customer-facing AI tools, such as automated chatbots and virtual assistants, are now standard in digital marketing and customer service. However, the AI Act mandates clear transparency for these human-machine interactions.

If your business deploys an AI system intended to interact directly with natural persons, you are legally required to inform those individuals that they are communicating with an AI system. Practically speaking, this means your agency or your clients cannot pass off a sophisticated customer service bot as a human agent.

There is an exception to this rule: explicit disclosure is not required if it is already obvious to a reasonably well-informed, observant, and circumspect person, considering the specific circumstances and context of the interaction. For instance, a basic chatbot embedded in a website widget, clearly labeled “AI Help Desk,” would meet this rule. Still, when designing these tools, you must consider characteristics of vulnerable groups, such as children and people with disabilities, to ensure everyone knows they are interacting with AI.

Safeguarding workplace automation and recruitment tools

While using AI for content creation mostly requires transparency, using it to manage your workforce crosses into a much stricter regulatory zone. To leave no room for ambiguity, in terms of employment and workers’ management, the AI Act officially classifies as “high-risk”:

AI systems intended to be used for the recruitment or selection of natural persons, in particular to place targeted job advertisements, to analyse and filter job applications, and to evaluate candidates;

AI systems intended to be used to make decisions affecting terms of work-related relationships, the promotion or termination of work-related contractual relationships, to allocate tasks based on individual behaviour or personal traits or characteristics or to monitor and evaluate the performance and behaviour of persons in such relationships.

If your agency has AI tools that fit this description, you are using high-risk systems. Operating in this space requires a significant compliance overhaul. High-risk systems must be equipped with comprehensive risk and quality management frameworks, extensive technical documentation, and the automatic logging of system events. More importantly, the law mandates strict human oversight. You cannot leave critical career decisions solely to an algorithm. A qualified human must always be in the loop with the authority and capability to oversee, interpret, and potentially override the AI’s output.

The “no-go” zone: Strictly prohibited AI practices

The EU AI Act does not just regulate artificial intelligence; it outright bans specific applications that are deemed an unacceptable risk to fundamental EU values and human rights. As a decision-maker, it is crucial to ensure your agency (and your clients) stay away from these illegal practices.

While some bans focus on predictive policing or social scoring by governments, several prohibited practices directly impact the private sector, marketing, and tech development:

  • Manipulative and deceptive AI: You cannot place on the market or use AI systems that deploy subliminal, purposefully manipulative, or deceptive techniques. If an AI is designed to materially distort a person’s behavior, impairing their ability to make an informed decision and causing them significant harm, it is strictly banned.
  • Emotion recognition: Using AI to monitor how people feel is heavily restricted. The law specifically prohibits the use of AI systems to infer the emotions of individuals within the workplace or educational institutions, with the sole exceptions being medical and safety reasons.
  • Sensitive biometric categorization: AI systems that categorize individuals based on biometric data to deduce or infer sensitive traits, such as race, political opinions, trade union membership, religious beliefs, or sexual orientation, are completely forbidden.
  • Untargeted facial scraping: If your tech team is building datasets, take note. Creating or expanding facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage is a prohibited practice.

Crossing into this “no-go” zone is not a minor compliance slip – it triggers the most severe financial penalties outlined in the entire regulation.

The cost of non-compliance with the AI Act

The European Union is treating AI regulation with unprecedented seriousness, and the financial penalties for failing to comply are severe. For decision-makers, ignoring the AI Act is simply not a viable business strategy.

The fines are structured proportionally based on the severity of the infringement:

  • Engaging in prohibited AI practices can result in administrative fines of up to EUR 35,000,000, or up to 7% of the company’s total worldwide annual turnover for the preceding financial year, whichever is higher.
  • Failing to comply with obligations for high-risk systems or transparency rules, such as the mandatory disclosure of deepfakes and AI-generated content, can lead to fines of up to EUR 15,000,000, or up to 3% of total worldwide annual turnover, whichever is higher.
  • Supplying incorrect, incomplete, or misleading information to authorities carries administrative fines of up to EUR 7,500,000 or up to 1% of the company's total worldwide annual turnover, whichever is higher.

It is worth noting that to protect innovation and smaller businesses, the fines for SMEs and start-ups are capped at whichever of the two values – the fixed amount or the turnover percentage – is lower.

Steps to ensure compliance with the AI Act

The clock is already ticking. As a CEO or business leader, your priority should be to conduct a comprehensive audit of all AI tools currently deployed or developed within your organization. Identify exactly which regulatory category your AI systems fall into. Pay special attention to AI used for HR processes or synthetic content generation.

Furthermore, you must review your vendor contracts to ensure the third-party AI platforms you rely on daily are transparent and fully compliant. Integrating AI compliance should be at the core of your operational strategy to protect your company’s reputation, ensure ethical standards, and safeguard your bottom line for the future.

You might also be interested in

5 min. read
Insights from Comarch Communications’ First IoT Connectivity Forum: AI, Massive SIM Rollouts, and New GSMA Standards
9 min. read
Comarch User Group 2026: Together Towards The AI-Driven Future of Connectivity
5 min. read
The Surge of eSIM, iSIM, and RedCap Device Deployments in IoT Applications
4 min. read
How Satellite Communications Moves from Niche Solution to Mainstream Connectivity Layer
4 min. read
Structural Decoupling: The New Architecture of the Telecommunications Business
A person in a suit holds a magnifying glass over a tablet displaying glowing blue digital data particles.
4 min. read
Explainable Artificial Intelligence as the Foundation of Trust in Autonomous Networks
A large group of people in business attire pose together in front of a blue Comarch Communications trade show booth.
6 min. read
Comarch Communications at MWC Barcelona 2026: The Shift Toward Agentic AI, Satellite Convergence, and Cross-Industry Connectivity

Sign up for more insightful content

Join our newsletter to receive meaningful updates, expert insights, and resources tailored to your interests. We promise to keep our communication valuable - never overwhelming.

Thank you for subscribing to our newsletter

You will now receive expert insights, meaningful updates, and carefully selected resources tailored to your interests. We are committed to keeping our communication valuable and relevant.