The EU AI Act for the mid-market — obligations, deadlines, Art. 4

The EU AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024 and applies in stages: since 2 February 2025 prohibited AI practices (Art. 5) are banned and the AI literacy obligation (Art. 4) applies to every company that uses AI. From 2 August 2026 the core obligations apply, including high-risk systems. Culturetek helps mid-sized companies inventory their AI systems, determine risk classes, and meet the literacy obligation through training.

July 5, 20269 min read
EU AI ActArt. 4Governance-ready
Governance meeting on the EU AI Act in a mid-sized company

Key takeaways: the EU AI Act for the mid-market

The essentials of the EU AI Act for companies that use AI — at a glance.

  • The EU AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024 and becomes applicable in stages until August 2027 (source: EUR-Lex).
  • The AI literacy obligation under Article 4 has applied since 2 February 2025 to all providers AND deployers of AI systems — including a company that only uses ChatGPT internally (source: artificialintelligenceact.eu/article/4).
  • From 2 August 2026 the core obligations of the EU AI Act apply, including the requirements for high-risk AI systems under Annex III (source: EUR-Lex, Art. 113).
  • Violations of prohibited AI practices (Art. 5) can be fined up to €35m or 7% of global annual turnover — for SMEs the lower amount applies (source: EU AI Act Art. 99).
  • Most mid-sized companies operate AI in the minimal or limited risk range — where the AI literacy obligation (Art. 4) and transparency obligations (Art. 50) mainly apply.

Weekly AI live calls are now embedded across the site.

Every Thursday at 23:00 Asia/Ho_Chi_Minh, the format gives a compact mix of market filtering, practical cases, questions, and clear next steps.

Thursday, July 9, 2026 at 23:00 · Asia/Ho_Chi_Minh1x per weekLive Q&A
  • for founders, teams, and operational decision-makers
  • built around real business cases instead of AI theatre
  • including a start calendar and a fixed kickoff series

Next session: Thursday, July 9, 2026 at 23:00 · Asia/Ho_Chi_Minh. The series then continues on a weekly rhythm.

Live session and team enablement scene

What the EU AI Act is — and why it also affects small companies

The EU AI Act is the world's first comprehensive AI regulation and, as a regulation, applies directly in all EU member states without a national implementing law. The EU AI Act regulates AI based on risk: the higher the risk of an AI application, the stricter the obligations.

Decisive for the mid-market: the EU AI Act distinguishes between 'providers' (who develops or places an AI system on the market) and 'deployers' (who uses an AI system under their own responsibility). Almost every company that uses AI tools like ChatGPT, Claude, or Copilot is legally a deployer and therefore carries its own obligations.

Culturetek maps the AI systems used by mid-sized companies to the risk classes, checks the specific obligations, and builds a pragmatic, documented AI governance foundation — instead of expensive over-compliance for low-risk applications.

The EU AI Act deadlines at a glance

The EU AI Act becomes applicable in stages. These dates are relevant for companies (source: EUR-Lex 2024/1689, Art. 113; artificialintelligenceact.eu).

DateWhat applies from thenLegal basis
1 August 2024EU AI Act enters into force (start of the transition periods)Art. 113
2 February 2025Prohibited AI practices banned (Art. 5) + AI literacy obligation (Art. 4) appliesArt. 5, Art. 4
2 August 2025Obligations for providers of general-purpose AI models (GPAI), governance structure & penalty rulesChapter V, Art. 99
2 August 2026Core obligations applicable, incl. high-risk AI under Annex III (e.g. HR, creditworthiness)Art. 6(2), Annex III
2 August 2027High-risk AI regulated as a product (Annex I) — extended transition periodArt. 6(1), Annex I

The 4 risk classes of the EU AI Act

The EU AI Act divides AI systems into four risk levels with different obligations (source: EUR-Lex 2024/1689).

Risk classExamplesObligation for companiesArticle
Unacceptable risk (prohibited)Social scoring, manipulative behavior, untargeted facial scrapingUse prohibitedArt. 5
High riskAI in HR/recruiting, creditworthiness checks, critical infrastructureConformity assessment, risk management, documentation, human oversightArt. 6 + Annex III
Limited risk (transparency)Chatbots, AI-generated content, deepfakesDisclosure obligation (users must recognize they are interacting with AI)Art. 50
Minimal riskSpam filters, AI in video games, most business toolsNo specific obligations beyond Art. 4 (literacy)

The EU AI Act in numbers

The key figures of the EU AI Act that drive the urgency for companies.

up to €35mMaximum fine for prohibited AI practicesor 7% of global annual turnover, whichever is higher; for SMEs the lower amount applies (source: EU AI Act Art. 99)
up to €15mFine for breaching other obligationsor 3% of global annual turnover — affects e.g. high-risk and transparency obligations (source: EU AI Act Art. 99)
2 Feb 2025AI literacy obligation (Art. 4) already activeapplies since this date to all companies that use AI (source: digital-strategy.ec.europa.eu)
27EU member states with direct applicabilitythe EU AI Act applies directly as a regulation, without a national implementing law (source: EUR-Lex)

Frequently asked questions about the EU AI Act for companies

When does the EU AI Act apply to companies?

The EU AI Act has been in force since 1 August 2024 and becomes applicable in stages. For most companies two dates are decisive: since 2 February 2025 the ban on certain AI practices (Art. 5) and the AI literacy obligation (Art. 4) apply; from 2 August 2026 the core obligations including high-risk requirements take effect (source: EUR-Lex 2024/1689).

What must companies implement now, concretely?

The most important immediately applicable point is Article 4: companies that use AI must ensure a sufficient level of AI literacy among their staff. In practice this means: inventory AI systems, determine the risk class, train staff, and document the evidence. Culturetek guides mid-sized companies through exactly these steps.

What penalties apply for violations of the EU AI Act?

The EU AI Act provides for tiered fines: up to €35m or 7% of global annual turnover for prohibited practices, up to €15m or 3% for other obligation breaches, up to €7.5m or 1% for incorrect information. For SMEs and start-ups the lower of the two amounts applies (source: EU AI Act Art. 99).

Is my company a 'deployer' within the meaning of the EU AI Act?

Yes, if your company uses an AI system under its own responsibility — such as ChatGPT, Claude, or Copilot in daily work — you are legally a deployer and carry your own obligations, above all the AI literacy obligation under Art. 4. Provider obligations (stricter requirements) only apply if you develop or substantially modify AI systems yourself.

Does the EU AI Act also affect small companies (SMEs)?

Yes. The EU AI Act makes no general exception for SMEs. However, the lower fine amounts apply to small companies, and most SME applications fall into the 'minimal' or 'limited risk' classes, where mainly the AI literacy obligation (Art. 4) and transparency rules (Art. 50) are relevant — not the full high-risk catalog.

Start potential analysis

If you want to prioritize a real process, a few clear inputs are enough for a strong first assessment.

WhatsApp Kai