Become a partner
DE EN
NADOVO

EU AI Act: What Companies Need to Know NOW

The EU AI Act is here - and it already affects companies today. Risk categories, obligations and what you should concretely do now to use AI in a structured and safe way.

EU AI Act

EU AI Act: What Companies Need to Know NOW AI-generated

The EU AI Act is no longer a thing of the future. It is the world’s first comprehensive legal framework for artificial intelligence - and it affects companies already today.

The decisive point: This isn’t about future innovations. It’s about current use.

What is the EU AI Act?

The EU AI Act is a European regulation meant to ensure that AI is used safely, transparently and responsibly.

Rather than banning AI, the EU AI Act takes a risk-based approach: AI systems are classified by the risk they pose to people and society.

The higher the risk, the stricter the requirements.

Who does the EU AI Act affect?

The EU AI Act applies to:

  • Companies based in the EU
  • Companies outside the EU if their AI is used within the EU
  • Providers and deployers of AI systems

If your company uses, for example:

  • ChatGPT or other generative AI tools
  • AI in HR, recruiting or performance evaluation
  • AI-supported decision-making processes
  • Customer-facing AI applications

Then you are affected.

The risk categories - explained simply

1. Unacceptable risk

AI systems that manipulate people or violate fundamental rights. These systems are banned.

2. High risk

AI in sensitive areas such as:

  • Personnel decisions
  • Creditworthiness
  • Education
  • Healthcare
  • Law enforcement

Strict requirements, such as documentation, risk management and human oversight.

3. Limited risk

AI systems with direct interaction with people (e.g. chatbots). Transparency obligations - users must know that they are interacting with AI.

4. Minimal risk

Low-risk applications such as image editing or spam filters. No new obligations, voluntary best practices recommended.

What is changing for companies now

Even before full implementation, you should act now.

What’s expected includes:

  • Knowing which AI is in use
  • Clear responsibilities
  • Understandable internal rules
  • Alignment with the GDPR
  • Documentation that is auditable

Waiting often leads to higher costs, time pressure and unnecessary risks.

Common misconceptions

“We only use standard tools - this doesn’t affect us.” → Even with third-party tools, the responsibility stays with the company.

“We’ll deal with it later.” → Cleaning up unstructured AI use later is considerably more expensive.

“This is purely a legal topic.” → In practice it is above all a governance and organizational question.

What companies should do now

A pragmatic start:

  1. Create an AI inventory
  2. Define responsibilities and decision paths
  3. Define clear usage rules
  4. Align AI use with the GDPR & EU AI Act
  5. Enable teams instead of blocking them

Order first. Then compliance.

Conclusion

The EU AI Act isn’t meant to slow innovation. It rewards companies that use AI consciously and responsibly.

Those who start early win:

  • Clarity
  • Legal certainty
  • Speed
  • Trust - internal and external

AI is here to stay. The only question is: chaotic or structured?


← Back to blog

© 2026 CONTORO SOLUTIONS OÜ. All rights reserved.
NADOVO - nadovo.ai