The EU AI Act for the mid-market — obligations, deadlines, Art. 4

The EU AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024 and applies in stages: since 2 February 2025 prohibited AI practices (Art. 5) are banned and the AI literacy obligation (Art. 4) applies to every company that uses AI. From 2 August 2026 the core obligations apply, including high-risk systems. Culturetek helps mid-sized companies inventory their AI systems, determine risk classes, and meet the literacy obligation through training.

July 5, 20269 min read
EU AI ActArt. 4Governance-ready
Governance meeting on the EU AI Act in a mid-sized company

Key takeaways: the EU AI Act for the mid-market

The essentials of the EU AI Act for companies that use AI — at a glance.

  • The EU AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024 and becomes applicable in stages until August 2027 (source: EUR-Lex).
  • The AI literacy obligation under Article 4 has applied since 2 February 2025 to all providers AND deployers of AI systems — including a company that only uses ChatGPT internally (source: artificialintelligenceact.eu/article/4).
  • From 2 August 2026 the core obligations of the EU AI Act apply, including the requirements for high-risk AI systems under Annex III (source: EUR-Lex, Art. 113).
  • Violations of prohibited AI practices (Art. 5) can be fined up to €35m or 7% of global annual turnover — for SMEs the lower amount applies (source: EU AI Act Art. 99).
  • Most mid-sized companies operate AI in the minimal or limited risk range — where the AI literacy obligation (Art. 4) and transparency obligations (Art. 50) mainly apply.

每周 AI 直播现在已经正式嵌入网站。

每周四 23:00 Asia/Ho_Chi_Minh,我们会用紧凑直播方式梳理市场变化、真实案例、问题与下一步行动。

2026年7月9日星期四 23:00 · 越南时间每周 1 次直播问答
  • 面向创始人、团队与业务负责人
  • 围绕真实业务案例,而不是空泛 AI 讨论
  • 包含起始日历与固定启动系列

下一场直播:2026年7月9日星期四 23:00 · 越南时间。之后系列会继续按每周节奏进行。

直播讲解与团队赋能场景

What the EU AI Act is — and why it also affects small companies

The EU AI Act is the world's first comprehensive AI regulation and, as a regulation, applies directly in all EU member states without a national implementing law. The EU AI Act regulates AI based on risk: the higher the risk of an AI application, the stricter the obligations.

Decisive for the mid-market: the EU AI Act distinguishes between 'providers' (who develops or places an AI system on the market) and 'deployers' (who uses an AI system under their own responsibility). Almost every company that uses AI tools like ChatGPT, Claude, or Copilot is legally a deployer and therefore carries its own obligations.

Culturetek maps the AI systems used by mid-sized companies to the risk classes, checks the specific obligations, and builds a pragmatic, documented AI governance foundation — instead of expensive over-compliance for low-risk applications.

The EU AI Act deadlines at a glance

The EU AI Act becomes applicable in stages. These dates are relevant for companies (source: EUR-Lex 2024/1689, Art. 113; artificialintelligenceact.eu).

DateWhat applies from thenLegal basis
1 August 2024EU AI Act enters into force (start of the transition periods)Art. 113
2 February 2025Prohibited AI practices banned (Art. 5) + AI literacy obligation (Art. 4) appliesArt. 5, Art. 4
2 August 2025Obligations for providers of general-purpose AI models (GPAI), governance structure & penalty rulesChapter V, Art. 99
2 August 2026Core obligations applicable, incl. high-risk AI under Annex III (e.g. HR, creditworthiness)Art. 6(2), Annex III
2 August 2027High-risk AI regulated as a product (Annex I) — extended transition periodArt. 6(1), Annex I

The 4 risk classes of the EU AI Act

The EU AI Act divides AI systems into four risk levels with different obligations (source: EUR-Lex 2024/1689).

Risk classExamplesObligation for companiesArticle
Unacceptable risk (prohibited)Social scoring, manipulative behavior, untargeted facial scrapingUse prohibitedArt. 5
High riskAI in HR/recruiting, creditworthiness checks, critical infrastructureConformity assessment, risk management, documentation, human oversightArt. 6 + Annex III
Limited risk (transparency)Chatbots, AI-generated content, deepfakesDisclosure obligation (users must recognize they are interacting with AI)Art. 50
Minimal riskSpam filters, AI in video games, most business toolsNo specific obligations beyond Art. 4 (literacy)

The EU AI Act in numbers

The key figures of the EU AI Act that drive the urgency for companies.

up to €35mMaximum fine for prohibited AI practicesor 7% of global annual turnover, whichever is higher; for SMEs the lower amount applies (source: EU AI Act Art. 99)
up to €15mFine for breaching other obligationsor 3% of global annual turnover — affects e.g. high-risk and transparency obligations (source: EU AI Act Art. 99)
2 Feb 2025AI literacy obligation (Art. 4) already activeapplies since this date to all companies that use AI (source: digital-strategy.ec.europa.eu)
27EU member states with direct applicabilitythe EU AI Act applies directly as a regulation, without a national implementing law (source: EUR-Lex)

Frequently asked questions about the EU AI Act for companies

When does the EU AI Act apply to companies?

The EU AI Act has been in force since 1 August 2024 and becomes applicable in stages. For most companies two dates are decisive: since 2 February 2025 the ban on certain AI practices (Art. 5) and the AI literacy obligation (Art. 4) apply; from 2 August 2026 the core obligations including high-risk requirements take effect (source: EUR-Lex 2024/1689).

What must companies implement now, concretely?

The most important immediately applicable point is Article 4: companies that use AI must ensure a sufficient level of AI literacy among their staff. In practice this means: inventory AI systems, determine the risk class, train staff, and document the evidence. Culturetek guides mid-sized companies through exactly these steps.

What penalties apply for violations of the EU AI Act?

The EU AI Act provides for tiered fines: up to €35m or 7% of global annual turnover for prohibited practices, up to €15m or 3% for other obligation breaches, up to €7.5m or 1% for incorrect information. For SMEs and start-ups the lower of the two amounts applies (source: EU AI Act Art. 99).

Is my company a 'deployer' within the meaning of the EU AI Act?

Yes, if your company uses an AI system under its own responsibility — such as ChatGPT, Claude, or Copilot in daily work — you are legally a deployer and carry your own obligations, above all the AI literacy obligation under Art. 4. Provider obligations (stricter requirements) only apply if you develop or substantially modify AI systems yourself.

Does the EU AI Act also affect small companies (SMEs)?

Yes. The EU AI Act makes no general exception for SMEs. However, the lower fine amounts apply to small companies, and most SME applications fall into the 'minimal' or 'limited risk' classes, where mainly the AI literacy obligation (Art. 4) and transparency rules (Art. 50) are relevant — not the full high-risk catalog.

开始潜力分析

如果您想优先评估一个真实流程,只需少量关键信息,我们就能给出有价值的初步判断。

WhatsApp 联系 Kai