What the EU AI Act actually asks of most AI tools
Article

What the EU AI Act actually asks of most AI tools

Despite the headlines, most production AI tools don't fall in the Act's high-risk tier. We walked one through Regulation (EU) 2024/1689 and came back with a short, practical to-do list — only part of it a hard legal obligation.

The EU AI Act turns two on 1 August 2026. A day later, on 2 August, another wave of obligations switches on — though a recent round of amendments, the Digital Omnibus, has pushed the heaviest part, most of the high-risk regime, out to late 2027 and beyond. The second birthday is still a good moment to ask the question it’s easy to keep deferring — and a calmer one than the headlines suggest: where does our AI tool actually stand?

Most of the press around the EU AI Act makes the answer sound grim — every AI feature shipping with a GDPR-sized compliance burden and a stack of conformity paperwork to match. That isn’t what we found.

We recently classified a real AI tool — an internal complaint-handling assistant for a Danish consumer-services company — against Regulation (EU) 2024/1689. Most of the Act simply didn’t apply. What remained was worth planning for — one hard legal duty and a couple of practices that are just good sense — and it’s the same short list we raise on most client engagements. We did the reading so you don’t have to.

The short version

If you read nothing else:

  • Many AI tools are minimal risk. Our complaint-handling assistant landed in the minimal-risk base of the Act’s risk pyramid — and so do the majority of tools we see in client work.
  • A few things still matter: AI literacy — the one hard legal obligation (Article 4) — plus a couple of practices worth keeping: an audit trail that proves a human was actually in the loop, and documented reclassification limits that catch when a product change would otherwise shift your risk profile.
  • All of it is cheap to build in from the start. Do it before launch where you can.
  • The AI Act doesn’t replace GDPR. Both run in parallel; a DPIA may still be required separately.

What the Act is

The EU AI Act (Regulation (EU) 2024/1689) is the EU’s general, risk-based law for artificial intelligence: it sorts AI systems into risk tiers and attaches obligations to each. It binds both providers (who build systems) and deployers (who put them to use), and it reaches beyond the EU’s borders — a non-EU vendor whose output is used in the Union is in scope.

It entered into force on 1 August 2024 and is activated in stages:

EU AI Act activation timeline A staged time axis from entry into force on 1 August 2024 to 2 August 2028. Milestones: 1 August 2024, enters into force; 2 February 2025, prohibitions (Article 5) and AI literacy (Article 4); 2 August 2025, general-purpose AI models, governance and penalties; 2 August 2026, the highlighted second-birthday date, when most transparency obligations and — for Denmark — the national law L 111 take effect; 2 December 2027, high-risk obligations for the Annex III use cases; 2 August 2028, high-risk obligations for AI built into regulated products under Annex I. The heaviest, high-risk wave was deferred from 2026 to 2027 and 2028 by the Digital Omnibus amendments. 2 Feb 2025 Prohibitions · AI literacy 2 Aug 2026 Transparency duties + national law (L 111) 2 Aug 2028 High-risk in products (Annex I) 1 Aug 2024 Enters into force 2 Aug 2025 GPAI · governance · penalties 2 Dec 2027 High-risk (Annex III)
The Act activates in stages. Its second birthday, 2 August 2026, brings most of the transparency obligations and Denmark's national law (L 111) — but the heaviest wave, most of the high-risk regime, was deferred by the Digital Omnibus to December 2027 and beyond.

2 August 2026 — the second birthday — is the next milestone, but no longer the heaviest. Most of the high-risk regime was originally due that day; the Digital Omnibus, the amendment package politically agreed in May 2026 and expected to be law before the birthday itself, deferred it to 2 December 2027 for the Annex III use cases and 2 August 2028 for high-risk built into regulated products. What still switches on at the birthday is the bulk of the Act’s transparency duties. Which risk tier you’re on is therefore worth answering now, even though the deadline has moved. For Danish deployers the date matters twice over: it’s also when L 111, the national law supplementing the Act (the AI-loven), is due to take effect — naming the Agency for Digital Government (Digitaliseringsstyrelsen) as supervisor, with the Data Protection Authority and the Court Administration alongside, and opening a citizen-complaint route.

How we landed in minimal risk

The tool we classified reads a customer complaint, retrieves relevant precedent from a body of prior case decisions, checks internal business rules, scores the evidence, and drafts a Danish-language response letter — and a human caseworker reviews and sends every reply.

But first, the tiers: the Act sorts AI systems into four:

The EU AI Act risk pyramid Four risk tiers from top to bottom: prohibited, high-risk, limited risk, and minimal risk. Maximum fines fall with the tier — €35M or 7% of worldwide turnover for prohibited practices, €15M or 3% for high-risk and limited-risk breaches, and none specific to the minimal-risk base. Most internal AI systems, including the example assistant, sit in that base. Prohibited up to €35M / 7% High-risk up to €15M / 3% Limited risk up to €15M / 3% Minimal risk no tier-specific fine ★ our tool sits here
The Act's four risk tiers, with maximum fines.

Those penalties are deliberately GDPR-beating, and a regulator can order a system pulled from the market on top of any fine.

The top two tiers are defined by fairly concrete criteria:

  • Prohibited (Article 5). Using AI for social scoring, untargeted scraping of facial images, emotion recognition in workplaces and schools, certain biometric categorisation, or to build systems that manipulate or exploit.
  • High-risk (Annex III). Eight areas: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services (creditworthiness and life/health insurance included), law enforcement, migration and border control, and the administration of justice and democratic processes. The tier is about use case, not how clever the model is — a simple classifier that screens job applicants is high-risk; a far more sophisticated model that drafts marketing copy isn’t.

In the bottom half, the fork is a question of transparency, not heavier obligation:

  • Limited risk triggers the Article 50 disclosure duties. If a system talks directly to people (a chatbot), or generates or manipulates synthetic image, audio, or video, it must be disclosed as AI and the output labelled.
  • Minimal risk is everything else: no tier-specific obligations at all. (The AI literacy duty below still applies, but it isn’t gated to a tier.)

So where does our complaint assistant land?

  • It isn’t prohibited. Article 5 — no social scoring, biometric categorisation, or the like.
  • It isn’t high-risk. Annex III lists eight specific high-risk use cases, and a private commercial dispute over a consumer purchase fits none of them. The closest call is Annex III(8)(a) — AI assisting dispute resolution — but that’s gated to dispute-resolution bodies, not the parties to the dispute.
  • It isn’t even limited-risk. We produce no synthetic media and hold no direct end-user conversation, so the Article 50 transparency duties aren’t in play either.

It isn’t a general-purpose AI model either. An LLM drafts the letters — but the Chapter V obligations for general-purpose models (in force since August 2025) fall on the model’s provider, not on us as a deployer. Building on a regulated model doesn’t pull those duties downstream.

That leaves the bottom of the pyramid — minimal risk. So a back-office assistant, a drafting aid, or an internal classifier that stays clear of the Annex III list and doesn’t pass itself off as a human will most likely land at the base too, right next to ours.

Remember: the AI Act doesn’t replace GDPR. Both apply in parallel. If a tool processes personal data, a Data Protection Impact Assessment is probably still required under GDPR Article 35, separately from the AI Act.

At minimal risk

Even at minimal risk, a few things are worth doing. Only the first is a hard legal duty under the Act; the others are extra safety.

1. AI literacy (Article 4). In force since February 2025. The Act requires deployers to ensure “a sufficient level of AI literacy” among staff who operate or use AI systems. There’s no risk-tier gate — this applies to every AI deployer in the EU. (The same Digital Omnibus softens this to an effort-based duty to “support the development of” AI literacy rather than guarantee a level — but the practical advice below is unchanged.) In practice: write down what the tool does, where it can fail (wrong RAG references are a common one — models hallucinate sources), and how to override it when the system gets things wrong. Train the team and keep an attestation log. It’s a lunch-and-learn and a spreadsheet, not a certification programme.

2. Audit trail. Not required by the Act at minimal risk — the statutory logging duty (Article 12) is required only for high-risk systems — but a safeguard worth having anyway. Most decision-support AI tools rely on human verification to defuse the Act’s more demanding obligations, and GDPR Article 22’s restriction on solely-automated decisions. That human verification is only worth something if you can prove a person actually reviewed the case. Make the review an auditable event: who reviewed what, when, and what was sent. If a supervisor — in Denmark, the Agency for Digital Government — or a citizen complaint under L 111 ever raises whether a human was actually involved, a log is what answers it.

3. Reclassification trip-wires. The Act’s classification is a function of how a tool is used, not how it was originally conceived. A minor change can shift a system into a higher risk tier without anyone noticing. In our case: if we licensed the tool to a body that is in Annex III, if we added profiling features that score or flag individuals, or if we quietly removed the human verification step, the system would move up in risk profile.

Document where the lines are somewhere both your team and your coding agents will actually read them — in the repo, next to the code that defines the system’s purpose, and in whatever instructions file your agents already follow (e.g. CLAUDE.md, AGENTS.md). Better still, make the trip-wires automatic: an automated AI check in your release pipeline that fails the build when a pull request crosses the line — a new field that profiles individuals, a config flag that disables human review — and routes it to legal sign-off before it can ship. AI securing AI sounds like a wolf guarding the sheep, but think of it as an extra check, on top of what the team itself catches.

What’s actually at stake here. Notice what isn’t on this list: the headline €35M / 7%-of-turnover fines. Those attach to prohibited practices and high-risk breaches — neither of which applies to a minimal-risk tool. Article 4 carries no direct fine at all; instead it works through civil liability if untrained staff cause harm. For a minimal-risk tool, realistic exposure is the bottom fine tier — misleading the supervisor, with national penalties under L 111 layered on the EU regime — plus that indirect liability and the GDPR obligations running alongside. The reason to do all this isn’t fear of a 7% fine; it’s cheap insurance, and easy if you stay ahead of it.

The takeaway

For most AI tools, the EU AI Act’s posture is closer to “design with intent and document well” than to a heavyweight conformity regime. The points above are practical, cheap to implement before launch, and sometimes expensive to retrofit.

With 2 August 2026 around the corner — and the high-risk deadlines now pushed to late 2027 and 2028 — it still comes down to knowing which tier you’re in. So run the classification sooner rather than later; the extra runway is for preparing, not for deferring the question. An afternoon with the tiers now beats a scramble in 2027.