The EU AI Act for the mid-market — obligations, deadlines, Art. 4
The EU AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024 and applies in stages: since 2 February 2025 prohibited AI practices (Art. 5) are banned and the AI literacy obligation (Art. 4) applies to every company that uses AI. From 2 August 2026 the core obligations apply, including high-risk systems. Culturetek helps mid-sized companies inventory their AI systems, determine risk classes, and meet the literacy obligation through training.

Key takeaways: the EU AI Act for the mid-market
The essentials of the EU AI Act for companies that use AI — at a glance.
- The EU AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024 and becomes applicable in stages until August 2027 (source: EUR-Lex).
- The AI literacy obligation under Article 4 has applied since 2 February 2025 to all providers AND deployers of AI systems — including a company that only uses ChatGPT internally (source: artificialintelligenceact.eu/article/4).
- From 2 August 2026 the core obligations of the EU AI Act apply, including the requirements for high-risk AI systems under Annex III (source: EUR-Lex, Art. 113).
- Violations of prohibited AI practices (Art. 5) can be fined up to €35m or 7% of global annual turnover — for SMEs the lower amount applies (source: EU AI Act Art. 99).
- Most mid-sized companies operate AI in the minimal or limited risk range — where the AI literacy obligation (Art. 4) and transparency obligations (Art. 50) mainly apply.
Les sessions IA hebdomadaires sont maintenant intégrées dans le site.
Chaque jeudi à 23:00 Asia/Ho_Chi_Minh, le format propose un mélange compact de filtre marché, cas concrets, questions et prochaines actions claires.
- pour fondateurs, équipes et décideurs opérationnels
- construit autour de vrais cas business plutôt que de théâtre IA
- avec calendrier de départ et série de lancement fixe
Prochaine session : jeudi 9 juillet 2026 à 23:00 · heure du Vietnam. La série continue ensuite sur un rythme hebdomadaire.

What the EU AI Act is — and why it also affects small companies
The EU AI Act is the world's first comprehensive AI regulation and, as a regulation, applies directly in all EU member states without a national implementing law. The EU AI Act regulates AI based on risk: the higher the risk of an AI application, the stricter the obligations.
Decisive for the mid-market: the EU AI Act distinguishes between 'providers' (who develops or places an AI system on the market) and 'deployers' (who uses an AI system under their own responsibility). Almost every company that uses AI tools like ChatGPT, Claude, or Copilot is legally a deployer and therefore carries its own obligations.
Culturetek maps the AI systems used by mid-sized companies to the risk classes, checks the specific obligations, and builds a pragmatic, documented AI governance foundation — instead of expensive over-compliance for low-risk applications.
The EU AI Act deadlines at a glance
The EU AI Act becomes applicable in stages. These dates are relevant for companies (source: EUR-Lex 2024/1689, Art. 113; artificialintelligenceact.eu).
| Date | What applies from then | Legal basis |
|---|---|---|
| 1 August 2024 | EU AI Act enters into force (start of the transition periods) | Art. 113 |
| 2 February 2025 | Prohibited AI practices banned (Art. 5) + AI literacy obligation (Art. 4) applies | Art. 5, Art. 4 |
| 2 August 2025 | Obligations for providers of general-purpose AI models (GPAI), governance structure & penalty rules | Chapter V, Art. 99 |
| 2 August 2026 | Core obligations applicable, incl. high-risk AI under Annex III (e.g. HR, creditworthiness) | Art. 6(2), Annex III |
| 2 August 2027 | High-risk AI regulated as a product (Annex I) — extended transition period | Art. 6(1), Annex I |
The 4 risk classes of the EU AI Act
The EU AI Act divides AI systems into four risk levels with different obligations (source: EUR-Lex 2024/1689).
| Risk class | Examples | Obligation for companies | Article |
|---|---|---|---|
| Unacceptable risk (prohibited) | Social scoring, manipulative behavior, untargeted facial scraping | Use prohibited | Art. 5 |
| High risk | AI in HR/recruiting, creditworthiness checks, critical infrastructure | Conformity assessment, risk management, documentation, human oversight | Art. 6 + Annex III |
| Limited risk (transparency) | Chatbots, AI-generated content, deepfakes | Disclosure obligation (users must recognize they are interacting with AI) | Art. 50 |
| Minimal risk | Spam filters, AI in video games, most business tools | No specific obligations beyond Art. 4 (literacy) | — |
The EU AI Act in numbers
The key figures of the EU AI Act that drive the urgency for companies.
Frequently asked questions about the EU AI Act for companies
When does the EU AI Act apply to companies?
The EU AI Act has been in force since 1 August 2024 and becomes applicable in stages. For most companies two dates are decisive: since 2 February 2025 the ban on certain AI practices (Art. 5) and the AI literacy obligation (Art. 4) apply; from 2 August 2026 the core obligations including high-risk requirements take effect (source: EUR-Lex 2024/1689).
What must companies implement now, concretely?
The most important immediately applicable point is Article 4: companies that use AI must ensure a sufficient level of AI literacy among their staff. In practice this means: inventory AI systems, determine the risk class, train staff, and document the evidence. Culturetek guides mid-sized companies through exactly these steps.
What penalties apply for violations of the EU AI Act?
The EU AI Act provides for tiered fines: up to €35m or 7% of global annual turnover for prohibited practices, up to €15m or 3% for other obligation breaches, up to €7.5m or 1% for incorrect information. For SMEs and start-ups the lower of the two amounts applies (source: EU AI Act Art. 99).
Is my company a 'deployer' within the meaning of the EU AI Act?
Yes, if your company uses an AI system under its own responsibility — such as ChatGPT, Claude, or Copilot in daily work — you are legally a deployer and carry your own obligations, above all the AI literacy obligation under Art. 4. Provider obligations (stricter requirements) only apply if you develop or substantially modify AI systems yourself.
Does the EU AI Act also affect small companies (SMEs)?
Yes. The EU AI Act makes no general exception for SMEs. However, the lower fine amounts apply to small companies, and most SME applications fall into the 'minimal' or 'limited risk' classes, where mainly the AI literacy obligation (Art. 4) and transparency rules (Art. 50) are relevant — not the full high-risk catalog.
Lancer l’analyse de potentiel
Si vous souhaitez prioriser un vrai processus, quelques informations claires suffisent pour une première évaluation solide.