Applicable to every organisation operating within the European Union, the AI Act defines the new legal framework for artificial intelligence. Far from holding innovation back, this regulation positions itself as a genuine quality label. Its ambition? To encourage the deployment of artificial intelligence that is ethical, effective and, above all, worthy of citizens’ trust.
Concretely, what are the compliance obligations for your public body or your company? How can you make sure your AI agent meets these new requirements?
Discover the essentials of the AI Act, from its application timeline to the best practices for ensuring your compliance.
AI Act: what changes in August 2026!
First, the AI Act does not apply to everyone at once. It is a progressive regulation, designed to give organisations the time to adapt.
Here are the milestones that every AI department needs to keep in mind to steer this transition:
- February 2025: End of the grace period. Systems posing an unacceptable risk (manipulative AI, social scoring) are now strictly banned in Europe.
- August 2025: The first obligations for very powerful AI models come into force, and the European supervisory authorities are put in place.
- August 2026: This is the most critical milestone. It marks the full application of the rules for high-risk systems and the transparency obligation for all AI agents and chatbots.
- August 2027: Final extension of the law to AI embedded in already regulated products (healthcare, automotive and safety, for example).
The principle behind the European law: understanding the AI Act risk pyramid
Secondly, it is important to grasp the founding principle of the European legislation on artificial intelligence. It is fairly simple: the more risk an AI poses to citizens, the more tightly it is regulated. The law therefore classifies uses into four distinct categories.
1. Unacceptable risk
Here, Europe makes no compromises. Every practice deemed incompatible with our fundamental rights is banned.
This includes:
- Systems of behavioural manipulation.
- Social scoring (the rating of citizens by the authorities).
- Real-time mass biometric surveillance.
2. High risk
This is the heart of the AI Act. A system is classified as “high risk” as soon as it can directly affect citizens’ physical safety or fundamental rights. Contrary to popular belief, these tools are allowed, but their placement on the market is conditional on strict compliance with quality standards.
Two broad families fall into this category:
Safety products:
These are systems in which artificial intelligence controls an already regulated physical object. If the AI fails, safety is compromised.
- Examples: Autonomous vehicles, medical devices (surgical assistance, for example), connected toys or smart lifts.
Decision-support systems:
This is where public bodies and human resources are most concerned. The AI Act lists sensitive areas where the algorithm must not introduce bias or discrimination:
- Education & training: Systems for grading or guiding pupils.
- Employment & HR: Software for automatically screening CVs or assessing employee productivity.
- Essential services: Algorithms for granting bank loans or prioritising healthcare.
- Law enforcement & justice: Tools to assist judgments or analyse evidence.
Note: These uses are not banned, but they are subject to extremely rigorous compliance testing and technical documentation.
3. Limited risk
This category covers the majority of AI agents (chatbots) and content-generation tools (deepfakes). For these technologies, the AI Act imposes no heavy usage restrictions, but rather an obligation of fairness towards the user: transparency.
- The user must always be explicitly informed that they are interacting with artificial intelligence.
- Any artificially generated text, image or sound must be marked as such to avoid any confusion with human work.
Even where the risk is deemed “limited”, the Klein Blue article (2024) stresses that compliance cannot be improvised. By August 2026, organisations must have built these transparency reflexes into their interfaces (UI/UX). This is not merely a legal notice, but a lever to strengthen user trust.
ChatGPT, Gemini, Claude: how to stay compliant according to your uses?
Using general-purpose AI models (GPAI) to boost the performance of your services is an excellent strategy. Broader than a simple LLM (limited to text), GPAI encompasses every form of generative AI (text, image, sound, video), offering your company complete versatility.
However, this power means complying with the tiers of the AI Act, which distinguishes three use cases:
1: Office work and internal assistance, minimal risk
Your employees use ChatGPT to summarise meetings, draft emails, translate documents or generate computer code.
The AI Act is very flexible here because the risk is deemed minimal. You have no particular legal obligation under this regulation.
The real danger remains confidentiality. You must make sure your teams do not share customer data or company secrets in their questions (prompts) to the AI.
Here, simply putting in place an internal AI good-practice charter can be enough, while still making sure best practices are applied.
2: Use in a customer-facing interface (chatbots and assistants), transparency required
For example, you integrate our Genii agent via API on your website to answer your customers’ questions or to automate your customer relationship.
Here, you fall within the scope of Article 50 of the AI Act (2024) on transparency.
- Your obligations: you must inform the end user that they are interacting with a machine.
- The AI agent must clearly show that it is a virtual assistant.
- If the system generates content, it must be marked as “AI generated”, in a way that is readable by both humans and machines.
Our solution is compliant with the AI Act, and our AI experts work right alongside our clients precisely to ensure these rules are respected.
3: Use within a high-risk system
Finally, to keep the previous example, let us take the case where you use the agentic capabilities of Genii. As a result, you grant it the right to offer an exceptional discount, a special loyalty status or a payment facility to certain customers rather than others, based on a conversational context.
By entrusting these actions to an agentic AI, you take on responsibility for the compliance of the system and of the responses provided.
- The problem: The AI Act requires you to prove that your system discriminates against no one (based on age or place of residence, for example). Yet with a “black box” model such as ChatGPT or Gemini, you do not control the machine’s internal logic.
- The risk: If your AI ends up unfairly excluding part of your audience and you cannot explain why on a technical level, you are in direct breach and risk prosecution.
- The solution: Choosing an AI solution that complies with the AI Act ensures you are compliant and respect the European rules. What is more, you are also assured of receiving the guidance you need to use and operate your AI for your business, even if you are not an expert.
For decisions that directly affect your customers’ wallets or privileges, avoid generic AI models. Favour transparent and secure solutions such as our Genii agent.
The specific case of deploying a high-risk AI
If your company uses systems classified as high risk (such as the example mentioned above), your level of responsibility depends on your role:
As soon as your company relies on so-called “high-risk” systems (customer segmentation for consumer credit, automatic price modulation, etc.), heightened vigilance is required.
It is essential to clearly identify your role in this process:
- If you design your own AI in-house: your status is that of a “provider”. This entails an obligation of full compliance (CE certification, exhaustive technical documentation, data-quality audit, etc.). This is a strategic undertaking that requires sharp technical and legal expertise.
If you integrate an external solution such as ours: you act as a “deployer”. Although your responsibility is legally lighter, it calls for constant vigilance. Our CSM team (Customer Success Management) supports you personally through this transition. We are at your side to configure the tool, train your teams and prevent any drift, sparing you isolation in the face of the AI Act’s requirements.
Failure to comply with the AI Act rules exposes companies to major financial risks.
Summary
To navigate the new European legal framework with peace of mind, three pillars should guide your technology deployment:
- Human oversight: The AI must never decide alone. A qualified employee must always validate the final decision or check the data source used.
- Data integrity: To banish bias and discrimination, your source data must be beyond reproach. Genii guarantees this reliability by limiting itself exclusively to your internal knowledge base: no external source, no possible bias.
- Duty of transparency: According to Article 50 of the AI Act, informing your users (customers or teams) that they are interacting with an AI is now a strict legal obligation.
In conclusion, it is important to seek guidance from AI experts if you have any doubt about using this technology for your organisations. Furthermore, despite its complex appearance, note that the AI Act makes it possible to oversee and frame the use of AI, which is developing more and more with a single goal: to guarantee everyone’s safety.
Sources
- Klein Blue. (2024, May 31). AI Act : ce que doit faire concrètement une direction IA avant août 2026. https://www.kleinblue.fr/post/ai-act-ce-que-doit-faire-concr%C3%A8tement-une-direction-ia-avant-ao%C3%BBt-2026
- European Parliament and Council of the European Union. (2024). Article 50: Transparency obligations for providers and deployers of certain AI systems. Artificial Intelligence Act. https://artificialintelligenceact.eu/fr/article/50/
- European Parliament and Council of the European Union. (2024). Article 99: Penalties. Artificial Intelligence Act. https://artificialintelligenceact.eu/fr/article/99/
