AI-Act.Click
← Back to Blog
ai-act

Which Companies Must Comply with the EU AI Act?

A clear breakdown of which organisations fall under the EU AI Act (Regulation 2024/1689), including risk categories and compliance obligations.

5 min read

Who Does the EU AI Act Apply To?

The EU AI Act (Regulation 2024/1689) applies to any organisation that develops, deploys, or distributes AI systems within the European Union — regardless of where the organisation is headquartered.

Key Actors Under the AI Act

  • Providers: Companies that develop or place AI systems on the EU market
  • Deployers: Organisations that use AI systems in their operations
  • Importers and Distributors: Entities that bring AI systems into the EU market

Risk-Based Classification

The AI Act uses a four-tier risk classification:

  1. Unacceptable Risk (Prohibited)AI systems that manipulate human behaviour, exploit vulnerabilities, or enable social scoring by governments. These are banned outright under Article 5.
  1. High RiskAI systems used in critical areas such as biometric identification, critical infrastructure, education, employment, essential services, law enforcement, and migration management. These require conformity assessments, technical documentation (Annex IV), and ongoing monitoring.
  1. Limited RiskAI systems with specific transparency obligations, such as chatbots and deepfake generators. Users must be informed they are interacting with AI (Article 50).
  1. Minimal RiskAI systems like spam filters and AI-enabled video games. No specific obligations, though voluntary codes of conduct are encouraged.

SMB Impact

According to ENISA NIS360 2024 data, 74% of SMBs lack a dedicated compliance budget. The EU AI Act particularly affects SMBs in healthcare, manufacturing, and ICT sectors that deploy high-risk AI systems. Companies with 50-250 employees often need to prove compliance to enterprise customers during procurement.

Timeline

  • 2 February 2025: Prohibited AI practices enforcement begins
  • 2 August 2025: General-purpose AI (GPAI) rules apply
  • 2 August 2026: Full enforcement of high-risk AI system requirements

Sources

  • EU AI Act — Regulation (EU) 2024/1689
  • ENISA NIS360 2024 Report
  • European Commission AI Act Overview

Check Your Compliance Status

Get a free EU AI Act and NIS2 risk assessment in under 2 minutes.

Start Free Assessment