← Blog

Strategy

EU AI Act 2026: what it means for a small chat-agent studio

A client's lawyer asks if your chatbot is AI Act compliant. Here is the short version: which obligations land on you, which land on your model provider, and where the bear traps sit.

Jacob Molkenboer· Founder · A Brand New Company· 3 Jun 2026· 6 min
Cream parchment with wax seal, brass weight, green ribbon on ivory desk, forest leather blotter, side window light.

Last Monday morning, a client forwarded a one-line email from her legal counsel: 'before we launch the support agent, please confirm it complies with the EU AI Act.' The counsel had not specified which articles. Neither had her CTO. Both were waiting for us to say the right thing.

This is the new normal. Since the AI Act's first obligations went live in February 2025 and the general-purpose AI rules kicked in last August, every Dutch SME we work with has a version of that email in their inbox. Most are asking the wrong question. A few are asking nothing at all, which is worse.

Here is what the Act actually requires from a studio our size, and from the customers we ship agents to.

What the Act actually does

Regulation (EU) 2024/1689 is a product safety law dressed as a rights instrument. It sorts AI systems into four buckets: prohibited (social scoring, real-time biometric ID in public spaces, certain manipulation), high-risk (employment screening, credit scoring, education, critical infrastructure, medical devices, law enforcement), limited-risk (chatbots, deepfakes, emotion-recognition disclosures), and minimal-risk (everything else).

The bucket determines the work. Prohibited systems are out, full stop, since February 2025. High-risk obligations apply from 2 August 2026 for new systems. General-purpose AI (GPAI) model providers have been on the hook since August 2025. Most chat agents land in the limited-risk bucket, which sounds calm and is, mostly. The exceptions are the ones that bite.

Where a chat agent actually lands

Ninety percent of the agents we ship are limited-risk. A WooCommerce support bot answering shipping questions, an internal knowledge agent surfacing HR policy, an inbox triage assistant routing leads. None of these go near the high-risk list.

The other ten percent sneak in through the back door. An agent that screens job applicants is high-risk under Annex III. An agent that scores customer creditworthiness is high-risk. An agent that decides who gets emergency services routing is high-risk. The Act does not care that you wrote it in 200 lines of TypeScript on top of a foundation model. If the function is on the list, the obligations apply.

The trap: a 'support agent' that quietly answers 'should I extend this customer's credit terms?' inherits credit-scoring obligations. We have seen this in the wild. The client never thought of it as a credit decision, but it was.

Warning

Risk classification follows function, not framing. If your 'FAQ bot' answers questions that decide whether someone gets a job, a loan, or healthcare access, you are running a high-risk system, regardless of how you marketed it internally.

GPAI: the part you do not have to do

If you build on OpenAI, Anthropic, Mistral, or Google's foundation models, the GPAI obligations are theirs, not yours. Article 53 puts the burden on the model provider: technical documentation, training-data summaries, copyright compliance under the Directive on Copyright in the Digital Single Market. Systemic-risk models (the ones trained above the 10^25 FLOP threshold) carry further duties under Article 55. The AI Act Explorer from the Future of Life Institute is the cleanest reference if you want to read the articles in plain language.

This is good news for studios our size. We do not have to publish training-data summaries because we did not train the model. We do, however, inherit downstream documentation. The model card the provider gives us is a starting point, not an artefact we can ignore. Our deployment context (the prompts, the tools, the data we feed) is on us.

The practical version: keep a one-page document per agent that names the model, the version, the system prompt, the tool list, the data sources, and the date of last review. Auditors will not ask for our model weights. They will ask for that page.

The transparency lines you actually have to ship

Article 50 is the one most chat agents hit. Users interacting with an AI system must be informed they are interacting with an AI system, unless it is obvious from context. AI-generated content that depicts real people or events must be labelled. Emotion-recognition and biometric categorisation systems require explicit disclosure to the subject.

In practice, for a support agent, this is two lines of UI work and one line of copy. A greeting message that says 'Hi, I'm an AI assistant' satisfies the spirit. A persistent label in the chat header satisfies the letter. Both is best. Hiding the AI behind a human name without disclosure is the failure mode the regulator was thinking about.

For agents that generate emails on behalf of a person, the labelling obligation gets heavier. Our default is a footer line on every outbound message an agent drafts: 'This message was drafted by an AI assistant and reviewed before sending.' It is honest, it is short, and it removes ambiguity from the deliverability conversation.

What we changed in our build template

Three things, all small. None of them required a lawyer.

First, the system-prompt block now has a 'disclosed identity' line. If the agent is asked whether it is human, it says no. This is not a moral position. It is Article 50.

You are a support assistant for {{client}}.
If the user asks whether you are human, answer:
'No, I am an AI assistant. A human teammate can take over
if you would prefer that.'
Never claim to be a person.

Second, every project repo has a /compliance folder with the one-page agent dossier described above. Model, version, prompt, tools, data sources, review date. When a client's counsel emails, we forward the page. The conversation ends in one round.

Third, we added a risk-classification check to our intake form. Three questions: does the agent screen people for jobs or credit, does it make decisions in healthcare or education contexts, does it operate in critical infrastructure. If any answer is yes, we route the project to a longer conformity assessment before scoping. Most of the time, all three are no, and we move on.

The thing that is not in the Act but should be in your head

Enforcement is national. In the Netherlands, that means the Autoriteit Persoonsgegevens for most provisions, with sector regulators (AFM, ACM, NZa) carving out their patches. Fines top out at €35M or 7% of global turnover for prohibited-system violations, €15M or 3% for most other breaches. For a €5M-revenue Dutch SME, a 3% ceiling is €150K. That is not theoretical. It is the cost of a wrong-bucket classification that nobody flagged at the scoping call.

The Act does not require certification from a notified body for most agents. It does require that you can show your work. The studios that will survive 2026 are the ones that built the paperwork into the project, not the ones that bolt it on after a complaint.

When we built the inbox-triage agent for a Dutch wholesale client last quarter, the thing we ran into was exactly this: the agent occasionally drafted replies that approved or declined credit extensions. We solved it by routing any reply containing pricing or credit language to a human queue, and we wrote the boundary into the system prompt and the tool layer. That is the kind of small architectural decision our AI agents work hinges on now.

The smallest thing you can do today: open the agent you are currently shipping, read the system prompt, and answer one question. If a user asks whether they are talking to a human, what does it say?

Key takeaway

Most chat agents are limited-risk under the EU AI Act. The trap is misclassification: function decides the bucket, not the framing.

FAQ

Are most chat agents high-risk under the EU AI Act?

No. Most support, FAQ, and inbox-triage agents are limited-risk. High-risk applies when the agent's function lands in Annex III: employment screening, credit scoring, healthcare, education, or critical infrastructure.

Who handles GPAI obligations when I build on OpenAI or Anthropic?

The model provider does. Article 53 puts technical documentation, training-data summaries, and copyright compliance on them. You inherit deployment-context documentation: prompt, tools, data sources, review date.

What is the minimum disclosure I need on a customer-facing agent?

Article 50 requires that users know they are talking to an AI. A greeting line, a persistent label in the chat header, and a system-prompt rule that prevents the agent from claiming to be human cover the basics.

When do high-risk AI Act obligations actually apply?

From 2 August 2026 for new high-risk systems. Prohibited-system rules have been in force since February 2025. GPAI provider obligations applied from August 2025. Full applicability lands in August 2027.

What are the fines for getting AI Act classification wrong?

Up to €35M or 7% of global turnover for prohibited-system violations, and €15M or 3% for most other breaches. National authorities enforce; in the Netherlands that is mainly the Autoriteit Persoonsgegevens.

ai agentschat agentsstrategyoperationsbusiness

Building something?

Start a project