The EU AI Act's August 2, 2026 deadline — what actually changes
Two things change August 2, 2026: AI disclosure rules apply broadly (Article 50). Stricter obligations — human oversight, logging — apply only to high-risk uses like hiring or credit decisions (Annex III). Most back-office automation isn't high-risk, but confirm your tier with counsel.
That date marks when Title III (high-risk systems) and Title IV (transparency) of the EU AI Act — Regulation (EU) 2024/1689 — become applicable across the EU. Two years after the Act entered into force, and a year after its first obligations landed, the bulk of it turns on. For a Dutch SME already using AI in day-to-day operations, some part of the Act almost always applies. The real question is which part reaches into what you actually do.
What actually changes on August 2, 2026
The deadline bundles two very different obligations. One is wide and shallow. The other is narrow and deep.
| Date | What applies |
|---|---|
| Feb 2, 2025 | Prohibited AI practices (Article 5) banned; AI literacy obligations begin |
| Aug 2, 2025 | General-purpose AI model obligations; governance and enforcement structure in place |
| Aug 2, 2026 | Annex III high-risk obligations + Article 50 transparency obligations apply |
| Aug 2, 2027 | Extended deadline for high-risk AI embedded in products already regulated by sectoral EU law (Annex I) |
Which tier are you in? A five-question self-check
None of this replaces a legal read of your specific setup. But most SMEs can get a rough read on where they sit by asking five questions.
- Does the AI-assisted output help decide something about a specific person's employment — hiring, promotion, task allocation, performance monitoring, or termination? If yes, you're likely inside Annex III's employment category. Look closer.
- Does it help decide someone's creditworthiness, a credit score, an insurance risk price, or eligibility for a public benefit? If yes, you're likely inside Annex III's essential-services category. Look closer.
- Does your AI system talk to people directly — a chatbot, a voice assistant, a client-facing message thread? If yes, Article 50 disclosure applies regardless of your Annex III answer.
- Does it generate or edit audio, image, video, or text that could pass as human-made, especially anything published or sent externally? If yes, check the labeling requirement under Article 50.
- Is what you're actually doing document assembly, data structuring, or internal admin — drafts a named person reviews before anything is sent or filed? If yes, you're likely in the lower-obligation tier. "Likely" is not "confirmed" — that confirmation is your legal counsel's call, not a vendor's.
What this looks like in practice
A logistics office that uses AI to draft a customs declaration for a named reviewer to check before filing is assembling a document, not deciding anything about a person's employment or credit. That use sits outside Annex III, though if the same office runs an AI chat widget for client questions, Article 50's disclosure rule still applies to that widget.
The same office's AI-assisted candidate-screening tool is a different case: if it ranks or filters applicants before a human sees them, that use is squarely inside the employment category of Annex III, and the human-oversight and logging obligations apply from August 2, 2026 regardless of how small the company is.
The questions you'd ask first
What changes on August 2, 2026?
Two sets of obligations under the EU AI Act (Regulation (EU) 2024/1689) become enforceable that day. Article 50 transparency rules apply broadly: if your AI interacts directly with people or generates content, you generally have to disclose that. Annex III high-risk obligations — human oversight, risk management, logging — apply only if your AI use falls into a specific listed category, such as decisions about someone's employment or creditworthiness. Most SME back-office automation sits outside Annex III.
Does the EU AI Act apply to my SME?
In some form, almost certainly yes — but the obligations scale with what the AI actually does, not with your company size. If you use AI to draft documents, structure data, or automate admin that a person then reviews, you're likely in the lower-obligation tier. If AI output feeds directly into a decision about hiring, firing, promoting, or extending credit to a specific person, look closer — that's where Annex III can apply. Your legal counsel should confirm which tier your specific use falls into.
What is Article 50 transparency, and do we need to do anything?
Article 50 requires that people are told when they're interacting with an AI system, unless that's obvious, and that AI-generated or AI-manipulated content — audio, image, video, text — is marked as such in specific contexts, including deepfakes and text published on matters of public interest. If your business runs an AI chatbot, sends AI-assisted client communication, or publishes AI-drafted content, this is the provision to check first. We're set up to disclose AI involvement on every AI-assisted output we build, regardless of which Annex III tier a client sits in.
What counts as "high-risk" under Annex III?
Annex III lists specific categories: biometric identification, critical infrastructure, education and vocational training, employment (recruitment, and decisions on promotion, termination, or task allocation), access to essential services (creditworthiness and credit scoring, life and health insurance risk pricing, eligibility for public benefits), law enforcement, migration and border control, and the administration of justice. For a typical Dutch SME, the employment and credit-scoring categories are the ones worth checking first. Customs paperwork, translation admin, and CRM status updates are not on this list.
We use AI to help screen job candidates or assess credit risk — are we automatically high-risk?
If AI output materially shapes a decision about a specific person's employment or creditworthiness, that use sits inside Annex III, and the human oversight, risk management, and logging obligations apply. The AI use can continue. The workflow needs a documented human reviewer, a risk assessment, and a record of every output — the structure a properly built human-in-the-loop workflow already has. Confirm the specific classification with your legal counsel before the deadline.
Is Orellis's own work affected by this?
The workflows we build are already designed with the controls the higher tiers require: a named human reviews every draft before it's sent, every prompt and output is logged, and the system is built to disclose AI involvement rather than hide it. That's true whether or not a specific client's use case sits inside Annex III. Being a client is a head start on this deadline regardless of which tier applies to your case — but the tier decision itself is your counsel's call, not ours.
Where this page can't answer for you
The honest version of this page has to say plainly what it cannot determine.
Which Annex III category, if any, applies to your exact workflow
That depends on the specific mechanics of what the AI does and how much weight its output carries in the final decision — details only your legal counsel can assess against your actual system, not a general framework on a page like this one.
Borderline cases
Some uses sit in a gray zone — an AI-drafted performance note that a manager edits and owns, for instance, versus an AI ranking system that pre-filters candidates before a human sees them. Regulatory guidance on exactly where these lines fall is still being published by the European Commission and Dutch authorities. We won't pretend more clarity exists than currently does.
Whether you need a formal Annex III risk assessment
If your legal counsel determines a use is high-risk, the risk management, logging, and human-oversight documentation has specific requirements we are not qualified to certify. We can build the workflow to meet documented requirements; we cannot tell you that it does without your counsel's sign-off.
How Orellis approaches it
We build the draft step, never the send step, on every workflow — a named person reviews before anything is filed or sent. Every prompt and output is logged, so there's a written record of how something was produced. And we disclose AI involvement on what we build rather than hide it. Those are exactly the controls Annex III asks for when it applies, and exactly the disclosure Article 50 asks for when it applies — so being a client is a head start on this deadline no matter which tier your use turns out to be in. The tier itself is still your counsel's call.
We review everything that ships. This page was drafted with our own AI stack and reviewed by a human before it shipped. That review discipline is the product.
Find out where your AI use actually sits
Tell us what the workflow does and we'll tell you honestly what August 2 changes for it — and what it doesn't. No system access. No data. A human reply.
Tell us where the time goes or book a free audit