07-09-2026 Article

An overview of the subjects covered by the regulation

Series: AI Act, Deepfakes, and Risks for Businesses – Part 1

With the Regulation on Artificial Intelligence (“AI Regulation” or AI Act), the European Union has created for the first time a comprehensive legal framework for the use of Artificial Intelligence. The Regulation entered into force on 1 August 2024 and will be applied in stages. In principle, most provisions apply from 2 August 2026, while individual rules, such as those on prohibited AI practices or General Purpose AI models, apply earlier or later respectively.

The AI Regulation pursues a risk-based approach: the higher the risk that an AI system poses to safety and fundamental rights, the stricter the legal requirements. AI systems with an “unacceptable risk,” such as certain forms of social scoring, are completely prohibited. High-risk systems, for example in the area of recruiting or critical infrastructure, remain permissible but are subject to extensive documentation, transparency, and compliance obligations. For AI with low risk, only limited transparency requirements apply.

Particular significance also attaches to so-called General Purpose AI models, especially generative AI. Providers of such systems will in future have to fulfil additional obligations, for instance regarding transparency, risk management, and the disclosure of training data. Violations of the AI Regulation can be sanctioned with substantial fines of up to 35 million euros or 7 % of global annual turnover.

In addition to the extensive requirements for high-risk AI, the AI Regulation also contains various transparency requirements for AI applications that are already in use in many companies today. The focus is in particular on systems that communicate with people or generate content whose artificial origin is not readily apparent to users.

AI in Direct Contact with People: Chatbots and Digital Assistants

As soon as persons interact with an AI system, it must be apparent to them that no human communication is taking place. This primarily concerns chatbots, virtual assistants, or automated support systems. The notice of AI use must be clearly formulated, easily understandable, and visible at the latest at the beginning of the communication.

Even though the primary legal responsibility generally lies with the provider of the system, companies should ensure when introducing such applications that these transparency requirements have been technically implemented correctly.

AI-Generated Media Content: Requirements for Deepfakes

Special disclosure obligations also apply to artificially generated or manipulated image, audio, and video content. Where content is created that can appear (deceptively) similar to real persons or real situations, it must be made clear that AI was used.

Particularly with modern training formats, simulations, or marketing campaigns, this rule is gaining increasing practical significance. Companies should therefore ensure that appropriate notices are integrated in a clearly visible manner. Where external agencies or service providers are engaged, a contractual arrangement for the proper labelling of such content is additionally recommended.

AI-Generated Texts and Public Communication

Texts can also fall under the transparency obligations of the AI Regulation. Where content is automatically generated with the help of AI and relates to topics of public interest, it must in principle be made known that AI was involved in the creation.

Potentially affected are, for example, press releases, public statements, or publications in a professional context. No labelling is required where actual human control and editorial responsibility are demonstrably exercised. Companies must therefore decide whether to openly label AI-generated content or to establish and document internal review and approval processes.

Analysis of Persons by AI Systems

Additional information obligations exist for AI systems that recognise emotions or evaluate or categorise persons on the basis of biometric characteristics. Persons affected by such applications must be informed transparently about their use in advance.

This can be practically relevant, for example, in systems that analyse attention, fatigue, or emotional reactions.

Need for Action by Companies

The transparency requirements of Art. 50 of the AI Regulation apply from 2 August 2026. Companies should therefore obtain an overview of the AI applications in use at an early stage and examine whether individual systems fall under the new information obligations.

In addition to technical adjustments, internal compliance structures, employee training, and the revision of existing contracts with AI providers may in particular become necessary. The implementation of the AI Regulation will thus represent not only a legal but also an organisational and technical task for companies.

Download as PDF

Contact persons

You are currently using an outdated and no longer supported browser (Internet Explorer). To ensure the best user experience and save you from possible problems, we recommend that you use a more modern browser.