AI Act application calendar
Regulation (EU) 2024/1689 was published in the Official Journal of the EU on 12 July 2024 and entered into force twenty days later, on 1 August 2024. Its application is phased:
| Date | What applies | Legal basis |
|---|---|---|
| 2 February 2025 | Prohibited practices (Art. 5) + AI Literacy (Art. 4) | Art. 113(a) |
| 2 August 2025 | Chapter V (GPAI) + Chapter XII (sanctions) + Chapter III Section 4 (notifying authorities) | Art. 113(b) |
| 2 August 2026 | Rest of the Regulation (including Annex III: high-risk systems) | Art. 113 (general rule) |
| 2 August 2027 | High-risk systems listed in Annex I (products regulated by harmonised Union legislation) | Art. 113(c) |
The August 2026 date is the one affecting Spanish SMEs most, as it closes the catalogue of governance obligations, technical documentation, conformity assessment, EU registration and serious incident notification for Annex III systems (HR management, credit scoring, biometrics, education, critical infrastructure).
Who is subject
The AI Act applies extraterritorially. The following are bound:
- Providers that develop or place an AI system on the market in the EU, even if established outside.
- Deployers located in the EU that use AI systems.
- Importers and distributors of AI systems.
- Product manufacturers that integrate an AI system and market it under their own brand in the EU.
This means a Spanish SME using a generative AI chatbot for customer service, a scoring system for staff selection, or a biometric time-and-attendance tool is a deployer and subject to obligations — even if the provider is American or Chinese.
Art. 5 · prohibited AI practices since February 2025
Article 5 lists AI practices that are prohibited under any circumstance in the EU. These are not high-risk systems under supervision: they are unacceptable. The penalty for infringing Art. 5 is the highest in the Regulation (€35M or 7% of turnover). The categories are:
1. Subliminal manipulation or exploitation of vulnerabilities
AI that uses subliminal techniques or exploits vulnerabilities (age, disability, socio-economic situation) to materially distort a person's behaviour causing harm is prohibited. Example covered: dynamic ads that detect the user's emotional state and raise prices when anxiety is detected.
2. Social scoring by public authorities
The evaluation or classification of natural persons based on social behaviour or personal characteristics with detrimental, out-of-context effects is prohibited. Specifically affects systems like China's Sesame Credit. In the private sector this only applies where the scoring causes detrimental treatment in contexts unrelated to the data.
3. Criminal offence prediction based on profiling
AI that predicts the risk of a person committing a criminal offence based solely on profiling or personality trait evaluation is prohibited. Exception: systems assisting a human assessment based on objective facts directly linked to the offence.
4. Indiscriminate facial image scraping
Creating or expanding facial recognition databases through untargeted scraping of images from the internet or CCTV circuits is prohibited. This is the prohibition that challenges the Clearview AI model and limits PimEyes practices in EU territory.
5. Emotion inference in the workplace and education
Inferring the emotions of natural persons in the workplace and educational settings is prohibited. Exception: medical or safety uses. Affects tools that intended to detect stress or attention in job candidates, students or employees.
6. Biometric categorisation by sensitive data
Biometric categorisation that infers race, political opinion, trade-union membership, religious or philosophical beliefs, sex life or sexual orientation is prohibited. Exception: lawful biometric data labelling in the law enforcement sector.
7. Real-time remote biometric identification in publicly accessible spaces
General rule: prohibited when carried out by law enforcement authorities. Enumerated exceptions: search for kidnapping or trafficking victims, prevention of an imminent terrorist threat, localisation of suspects of serious crimes listed in Annex II. Each use requires judicial or independent administrative authority authorisation.
Art. 4 · AI literacy for staff
Article 4 obliges providers and deployers to ensure, to the extent possible, a sufficient level of AI literacy for staff and anyone responsible for the operation and use of AI systems on their behalf. Applicable since 2 February 2025.
What this means in practice
The concept is defined in Art. 3(56) as "the skills, knowledge and understanding that allows providers, deployers and affected persons, taking into account their respective rights and obligations under this Regulation, to make an informed deployment of AI systems, as well as to gain awareness of the opportunities and risks that AI can pose."
For an SME deployer, this translates to:
- Identifying which AI systems the company uses (including AI embedded in SaaS: HubSpot, Salesforce Einstein, ChatGPT Enterprise, Copilot 365, ATS scoring tools).
- Classifying the people who operate them or whose work depends on them.
- Designing training proportionate to risk and role: basic notions for end users, technical depth for administrators, governance for compliance officers.
- Documenting the training delivered (attendees, dates, content, assessment).
AESIA and the European Commission published AI literacy guidelines in 2025 with practical examples and templates. They do not require official qualifications: they require demonstrable and proportionate training.
Annex III · high-risk AI systems
Annex III lists the areas where an AI system is considered high-risk and therefore subject to the obligations of Chapter III from August 2026. The eight areas:
| Area | Example systems |
|---|---|
| 1. Biometrics | Remote biometric identification, non-prohibited biometric categorisation, emotion recognition outside prohibited cases |
| 2. Critical infrastructure | Traffic, water, gas, electricity, digital infrastructure management |
| 3. Education and training | Admission, assessment, academic fraud detection, programme allocation |
| 4. Employment and HR | CV filtering, candidate evaluation, promotion/dismissal decisions, productivity monitoring |
| 5. Essential services | Credit scoring, life and health insurance scoring, emergency prioritisation |
| 6. Law enforcement | Reliability assessment of evidence, profiling, recidivism prediction |
| 7. Migration and borders | Polygraphs, asylum application assessment, migration identification |
| 8. Justice and democratic processes | Judicial authority assistance, systems influencing elections |
If an SME deployer uses an Annex III system (e.g., an ATS with AI CV filtering), it must comply with Art. 26: use the system in accordance with the provider's instructions, assign competent human oversight, control input data, keep records, inform affected employees and notify serious incidents.
Provider obligations for a high-risk system
If your SME develops (not just uses) an Annex III system, the obligations are far more demanding:
- Risk management system (Art. 9).
- Data governance and training datasets (Art. 10).
- Technical documentation (Art. 11 and Annex IV).
- Record-keeping (automatic logs, Art. 12).
- Transparency and information to deployers (Art. 13).
- Human oversight (Art. 14).
- Accuracy, robustness and cybersecurity (Art. 15).
- Quality management system (Art. 17).
- Conformity assessment (Art. 43) and EU declaration of conformity (Art. 47).
- CE marking (Art. 48).
- Registration in the EU database (Art. 49 and 71).
- Post-market surveillance and serious incident notification (Art. 72 and 73).
GPAI · general-purpose AI (Chapter V)
Chapter V regulates foundation or general-purpose models (GPAI). Applicable since 2 August 2025. The SME is rarely a GPAI provider (those are OpenAI, Google, Meta, Mistral) but may be a deployer integrating one into its product, which activates derived transparency and synthetic content marking obligations.
Two categories
- Standard GPAI: technical documentation obligations, copyright policy, training content summary (Art. 53).
- Systemic-risk GPAI: models exceeding certain capacity thresholds (measured by training FLOPs — >10²⁵). Additional obligations: adversarial evaluations, systemic risk mitigation, notification to the AI Office, enhanced cybersecurity (Art. 55).
Transparency for deployers (Art. 50)
Even if you don't develop a GPAI, if you deploy one you assume transparency obligations from August 2026:
- Inform the natural person they are interacting with an AI system when it is not obvious (chatbot).
- Mark as synthetic the AI-generated content (image, video, audio) — in deepfakes and, generally, in information content of public interest.
- Allow automatic identification of AI-generated content through interoperable watermarking.
AESIA and the Spanish governance ecosystem
Spain has been a pioneer in creating the national supervisory body: the Spanish Agency for the Supervision of Artificial Intelligence (AESIA), headquartered in A Coruña, created by Royal Decree 729/2023, which assumes the role of national notifying authority and market surveillance authority. It is the natural interlocutor in Spain for:
- Applications to participate in the national regulatory sandbox.
- Serious incident notifications for high-risk systems.
- Enforcement proceedings for non-compliance with the Regulation.
- Coordination with the European Artificial Intelligence Board.
Alongside AESIA, other sectoral authorities participate according to the domain (the Spanish Data Protection Agency — AEPD — for personal data, Banco de España for financial services, CNMC for digital critical infrastructure).
Sanctions regime
Article 99 scales sanctions in three tiers:
| Tier | Maximum fine | Trigger |
|---|---|---|
| 1 | €35M or 7% of global turnover (whichever is higher) | Infringement of Art. 5 (prohibited practices) |
| 2 | €15M or 3% of turnover | Infringement of obligations of providers, deployers, importers, distributors or notified bodies |
| 3 | €7.5M or 1% of turnover | Supplying incorrect, incomplete or misleading information to the authority |
For SMEs and startups, the Regulation allows Member States to apply the lower of the absolute and percentage amounts (proportionality). Indicative example: an SME with €5M in turnover infringing Art. 5 could face up to €350,000 (7% of its turnover) rather than €35M.
Regulatory sandbox
Article 57 obliges each Member State to establish at least one regulatory sandbox before 2 August 2026. Spain launched its own in 2023 — it was the EU's first national AI sandbox — coordinated by the Secretariat of State for Digitalisation and AI with support from AESIA.
The sandbox allows providers and future providers to test innovative AI systems under controlled conditions, with authority guidance, before commercialisation. For an SME with a high-risk system in development, participating reduces regulatory risk and allows obtaining a good-faith declaration that mitigates sanctions if a problem arises later. Calls are published periodically on the website of the Ministry for Digital Transformation and Civil Service.
Operational checklist for Spanish SMEs — 6 actions before August 2026
- AI inventory. List all AI systems your company uses (include AI embedded in SaaS: HubSpot, Salesforce Einstein, ATS, automated marketing tools, ChatGPT Enterprise/Team, Copilot, Gemini Workspace, internal no-code/low-code AI tools).
- Risk classification. For each system, identify whether it is prohibited (Art. 5), high-risk (Annex III), transparency-only (Art. 50), GPAI or low/minimal risk.
- AI literacy plan. Design training proportionate to the role. Document attendees, dates, content and assessment. Retain evidence.
- Internal AI policy. Document defining permitted uses, prohibited uses, required human oversight, management of prompts with personal data, marking of synthetic content.
- Contracts with providers. Review clauses delimiting liability when integrating third-party AI, require access to Art. 13 information (usage instructions, limitations, training datasets if applicable) and audit clauses.
- Incident notification procedure. If you use a high-risk system, define who detects, who assesses and who notifies AESIA within the deadlines of Art. 73.
Contractual clauses for integrating third-party AI
Most SMEs will be deployers, not providers. This means compliance depends largely on the contracts signed with AI providers. Priority clause recommendations:
- Art. 13 information clause. Obliges the provider to deliver usage instructions, known limitations, accuracy and robustness levels, human oversight methods and aggregated training data where relevant for safe use.
- Substantive change notification clause. The provider must inform the deployer when a model is updated in a way that materially alters the system's behaviour, to reassess risk.
- Incident notification cooperation clause. If the deployer detects a serious incident, the provider must cooperate within Art. 73 deadlines.
- Audit clause. The deployer's right to audit compliance of the system or to receive an external audit report annually.
- Withdrawal or pivot clause. If the provider loses conformity or withdraws from the EU market, the deployer has the right to replace the system without penalty and to portability of configurations.
- Limited joint liability clause. Clear allocation of responsibilities when a system failure gives rise to a penalty or civil claim. Without this clause, AESIA may act against the deployer and the deployer is left without internal recourse.
For standard SaaS (HubSpot, Salesforce, Microsoft, Google Workspace, Atlassian, Slack, Zendesk), these clauses are appearing in revised DPAs from 2025–2026. If your current contract is from 2023 or earlier, it is worth renegotiating before August 2026.
Frequently asked questions about the AI Act
Which AI Act obligations apply if I am an SME deployer?
If your SME only uses AI systems developed by third parties (deployer), the main obligations are: (1) verify none fall under the prohibited practices of Art. 5; (2) ensure AI literacy for staff (Art. 4) since February 2025; (3) if you deploy Annex III systems, comply with Art. 26 (human oversight, input data control, record-keeping, informing affected individuals, incident notification); (4) comply with transparency obligations under Art. 50 from August 2026 (inform users of chatbot interaction, mark deepfakes). The heaviest obligations (quality management, conformity assessment, CE marking) fall on providers, not deployers.
What fine can I receive for non-compliance with the AI Act?
Up to €35 million or 7% of worldwide annual turnover (whichever is higher) for infringing Art. 5 (prohibited practices). For breaches of general obligations (providers, deployers, importers) the cap is €15M or 3% of turnover. For supplying incorrect information to the authority: €7.5M or 1%. The Regulation allows Spain to apply the lower figure between absolute and percentage amounts for SMEs and startups, which reduces the absolute risk but maintains the weight of the percentage.
When does the AI Act actually apply to my company?
It applies in phases. On 2 February 2025 Art. 4 (AI literacy) and Art. 5 (prohibited practices) entered into force. On 2 August 2025 Chapter V (GPAI) and the sanctions regime entered into force. On 2 August 2026 the bulk of the Regulation enters into force (Annex III high-risk systems, Art. 50 transparency, full governance). On 2 August 2027 the application closes with Annex I (products regulated by harmonised legislation). If your company uses any AI system, the relevant date today is August 2026.
Do I need an AI Officer or does the DPO handle it?
The Regulation does not formally require an "AI Officer" analogous to the GDPR DPO. However, for SMEs deploying high-risk systems, the obligations of human oversight (Art. 14 and 26), record-keeping (Art. 12 and 26), incident notification (Art. 73) and AI literacy documentation (Art. 4) require an identifiable responsible person. The most reasonable approach is for the existing DPO to extend their functions to AI governance or to appoint a specific AI officer when the volume justifies it. AESIA recommends in its guidelines that a single AI point of contact exist within the organisation.
Does AI literacy under Art. 4 require official certification?
No. Art. 4 requires a "sufficient level" of AI literacy, proportionate to each person's role, without requiring official qualifications. What is required is demonstrable training: content, attendees, dates, assessment. Guidelines published by the European Commission's AI Office in 2025 include examples of training plans by role (technical administrators, end users, compliance officers). An SME can combine internal training, online courses (Coursera, INCIBE, AEPD), sector webinars and documented self-study.
Are ChatGPT, Claude or Copilot high-risk AI systems?
Not necessarily on their own. They are general-purpose models (GPAI) subject to Chapter V. The high-risk classification depends on the use: if your SME integrates Claude or ChatGPT in a candidate scoring system, or in an educational admissions evaluation system, that system becomes high-risk (Annex III) and you as deployer assume Art. 26 obligations. If used to draft marketing content or assist developers, they are typically low-risk or transparency-only (Art. 50): you need only inform users that AI is involved and mark synthetic content where applicable.
How does the AI Act relate to the GDPR?
They are complementary, not substitutes. The GDPR regulates the processing of personal data — including that carried out by AI systems. The AI Act regulates AI systems themselves, regardless of whether they process personal data. A company using an AI system for credit scoring (Annex III) must simultaneously comply with the GDPR (legal basis, data subject information, Art. 22 rights on automated decisions, DPIA) and the AI Act (human oversight, record-keeping, notification to AESIA). The Spanish Data Protection Agency (AEPD) and AESIA have signed coordination protocols to avoid duplicate enforcement proceedings when the facts may infringe both instruments.