What are the key 2026 deadlines under the EU AI Act?

Prohibitions under Article 5 became applicable on 2 February 2025. GPAI obligations under Articles 53 and 55 became applicable on 2 August 2025. Most high-risk system obligations apply from 2 August 2026, with the high-risk regime for Annex I product-safety integrated AI from 2 August 2027. Penalties under Article 99 are already enforceable for prohibited practices and reach EUR 35M or 7% of worldwide turnover.

Is my SaaS feature a high-risk AI system?

Run the Annex III screen: employment and worker management (CV ranking, monitoring), creditworthiness, essential services access, education evaluation, law enforcement, migration, critical infrastructure, and biometric categorisation are high-risk. Add Annex I (AI as a safety component of regulated products: medical devices, machinery, toys). If neither applies, you are likely limited-risk under Article 50 (transparency only) or minimal-risk.

What does Article 50 transparency actually require?

Article 50(1) requires that users interacting with an AI system are informed of that fact unless obvious from context. Article 50(2) requires providers of generative AI to mark synthetic content in a machine-readable way (watermarking or metadata under C2PA/SynthID-style schemes). Article 50(4) requires deployers of deep fakes to disclose the artificial origin. Plain-language disclosures in the UI plus C2PA metadata in generated assets is the practical implementation.

What are GPAI obligations under Article 53?

Providers of general-purpose AI models must (a) draw up technical documentation per Annex XI, (b) make information available to downstream providers (Annex XII), (c) implement a copyright policy honouring Article 4(3) of the CDSM Directive opt-out, and (d) publish a sufficiently detailed summary of training content per the AI Office template. Models with systemic risk (Article 51, training compute >10^25 FLOPs) trigger additional Article 55 evaluation, adversarial testing, incident reporting and cybersecurity duties.

What if my SaaS only deploys a third-party model like GPT-4 or Claude?

You are a deployer under Article 26 (and may become a provider under Article 25 if you substantially modify the system or put your trademark on it as a high-risk system). Deployer duties include human oversight per Article 14, input data appropriateness, monitoring per Article 26(5), incident reporting, and — for Annex III high-risk deployments by public bodies or large deployers — a Fundamental Rights Impact Assessment under Article 27.

EU AI Act for SaaS — A Practical Compliance Checklist for 2026

Q: Does the EU AI Act apply to my US SaaS if I have EU customers?

Yes. Article 2 applies the Regulation extraterritorially to providers placing AI systems on the EU market and to providers and deployers whose AI output is used in the EU, regardless of where the provider is established. If you serve EU users, the Act applies — appoint an EU authorised representative under Article 22 if you are a non-EU provider of high-risk or GPAI systems.

Sophie Laurent Legal & Compliance Lead, YuSMP Group · GDPR, HIPAA and EU AI Act practitioner

Does it apply to you? Territorial and role scoping

Regulation (EU) 2024/1689 — the AI Act — does not care where your servers sit. Article 2(1)(c) extends jurisdiction to providers and deployers established outside the Union where the output produced by the AI system is used in the Union. If a paying customer in Berlin uses your San-Francisco-hosted AI feature to score a CV, the Act applies to you.

Before you do anything else, fix your role. A single SaaS often plays three roles simultaneously, and obligations stack:

Provider — you develop the AI system or have it developed and place it on the market under your name (Article 3(3)).
Deployer — you use an AI system under your authority (Article 3(4)). Almost every SaaS using OpenAI, Anthropic or Mistral is at minimum a deployer.
Provider by transformation — Article 25 promotes a deployer to provider status if you (a) put your trademark on a high-risk system, (b) substantially modify it, or (c) repurpose it for a high-risk use.

Non-EU providers of high-risk or GPAI systems must designate an authorised representative in the Union under Article 22 before placing the system on the market. This is not optional and the AI Office has begun asking for proof.

2025–2027 timeline and the penalty stack

Date	What becomes enforceable
2 Feb 2025	Chapter I (general) and Chapter II (Article 5 prohibited practices); AI literacy obligations under Article 4.
2 Aug 2025	GPAI rules (Articles 53–55), governance (Chapter VII), penalties for GPAI providers (Article 101). National competent authorities designated.
2 Aug 2026	Most of the Regulation, including all Annex III high-risk obligations, Article 50 transparency, registration in the EU database (Article 71).
2 Aug 2027	High-risk obligations for AI as safety component of products under Annex I (medical devices, machinery, toys, etc.).

Penalties under Article 99 are tiered. Article 5 prohibited practices: up to EUR 35M or 7% of worldwide annual turnover. Most other provider obligations: EUR 15M or 3%. Supplying incorrect, incomplete or misleading information to authorities: EUR 7.5M or 1%. GPAI provider penalties under Article 101: 3% of worldwide turnover or EUR 15M.

Classifying your AI system in 30 minutes

Risk classification is the single most consequential decision in your AI Act programme. Get it wrong on the high side and you spend EUR 200k on a quality management system you did not need. Get it wrong on the low side and you ship a prohibited or unconformant product into the EU.

Run the four-step screen, in order:

Article 5 prohibited? Social scoring by public authorities, untargeted facial-recognition scraping, emotion inference in workplaces and schools, predictive policing solely on profiling, real-time remote biometric identification in public spaces by law enforcement (with narrow exceptions), and exploitative manipulation of vulnerabilities. If yes — do not ship.
Annex I safety component? If your AI is a safety component of a product covered by Union harmonisation listed in Annex I (medical devices under MDR/IVDR, machinery, lifts, radio equipment, toys, etc.) and the product is subject to third-party conformity assessment — the system is high-risk.
Annex III use case? Biometric categorisation, critical infrastructure, education and vocational training evaluation, employment and worker management (CV screening, performance monitoring, task allocation), access to essential services (creditworthiness, public benefits, emergency triage, life and health insurance pricing), law enforcement, migration and border control, administration of justice and democratic processes. High-risk unless Article 6(3) exemption applies (purely preparatory, narrow procedural task, etc. — narrowly construed by the AI Office).
Article 50 limited-risk? Chatbots, emotion recognition (where not prohibited), biometric categorisation (where not prohibited), generative AI producing synthetic content, deep fakes. Transparency obligations only.

Everything else is minimal-risk. The vast majority of SaaS AI features (summarisation, search, content drafting for non-regulated purposes, internal analytics) land here. Minimal-risk is unregulated by the Act but Article 4 AI literacy and your other laws (GDPR, sectoral) still apply.

Decision tree on a whiteboard with classification branches — The four-step classification screen handles ~95% of real-world SaaS AI features in one short workshop.

Article 5 — practices you cannot ship at any price

Article 5 became applicable on 2 February 2025 and the European Commission published binding guidelines (C(2025) 884) on 4 February 2025 to interpret it. Ship anything matching these patterns and you face the EUR 35M / 7% maximum:

Subliminal techniques beyond a person's consciousness or manipulative techniques that materially distort behaviour to cause significant harm (Article 5(1)(a)).
Exploitation of vulnerabilities due to age, disability or socio-economic situation (Article 5(1)(b)).
Social scoring leading to detrimental treatment in unrelated contexts (Article 5(1)(c)).
Predictive policing based solely on profiling or personality traits (Article 5(1)(d)).
Untargeted scraping of facial images from the internet or CCTV to build facial-recognition databases (Article 5(1)(e)).
Emotion inference in workplace and educational settings (Article 5(1)(f)). Medical and safety exceptions exist but are narrow.
Biometric categorisation inferring race, political opinion, sexual orientation, religion, etc. (Article 5(1)(g)).
Real-time remote biometric identification in publicly accessible spaces by law enforcement, save for the listed exceptions (Article 5(1)(h)).

High-risk obligations: Articles 9, 10, 14, 15, 17

If classification lands you in high-risk territory under Annex III or Annex I, the operational core of the Regulation kicks in. The five Articles that drive 80% of your engineering work:

Article 9 — Risk management system. Continuous, iterative process across the lifecycle. Documented identification of foreseeable risks, estimation under intended use and reasonably foreseeable misuse, adoption of risk-mitigation measures, residual risk acceptable and communicated to users. Not a one-off PDF; an evergreen process integrated with your SDLC.
Article 10 — Data and data governance. Training, validation and test datasets must be relevant, sufficiently representative, free of errors and complete. Examination for biases that could lead to discrimination prohibited by Union law. Article 10(5) is the only place in the Regulation where processing special categories of personal data is permitted strictly for bias detection and correction, with stringent safeguards.
Article 14 — Human oversight. Effective oversight by natural persons during use. Means to monitor, correctly interpret output, decide not to use the output ("stop" or override), and intervene or interrupt the system. For Annex III(1)(a) biometric identification — at least two-person verification before any action.
Article 15 — Accuracy, robustness, cybersecurity. Appropriate levels of accuracy, declared in instructions. Resilience against errors, faults, inconsistencies — and adversarial inputs including data poisoning, model evasion, confidentiality attacks and model flaws. The harmonised standards (CEN-CENELEC JTC 21) are emerging and presumption of conformity will follow them.
Article 17 — Quality management system. Documented strategies for regulatory compliance, design control, verification and testing procedures, data management procedures, post-market monitoring, incident reporting, communication with authorities, record-keeping and resource management. For SaaS providers already certified to ISO/IEC 42001:2023 and ISO/IEC 27001:2022, you have ~70% of the structure in place.

Article 50 — limited-risk transparency for chatbots and generative AI

Article 50 applies whether or not the underlying system is high-risk. Four obligations, all due on 2 August 2026:

50(1) Provider duty for user-facing AI: users must be informed they are interacting with an AI system, unless obvious. Implementation: persistent UI label ("You are chatting with an AI assistant"), not a buried tooltip.
50(2) Provider duty for generative AI output: synthetic audio, image, video or text content must be marked in a machine-readable format and detectable as artificially generated or manipulated. Technical solutions: C2PA Content Credentials, SynthID-style watermarking for images, audio watermarking via Resemble or similar. The "to the extent technically feasible" qualifier is narrowly read — "we did not feel like it" is not technically infeasible.
50(3) Deployer duty for emotion recognition and biometric categorisation: inform exposed persons. Obtain consent where personal data is processed under GDPR.
50(4) Deployer duty for deep fakes: disclose artificial or manipulated origin. Artistic and satirical exceptions exist but are narrow.

GPAI and Article 53: when you become a model provider

If you fine-tune an open-weights model and redistribute it, or train your own foundation model, you are a GPAI provider under Article 3(63). Article 53 obligations (in force since 2 August 2025):

Technical documentation per Annex XI, kept up-to-date and shared with the AI Office on request.
Information for downstream providers per Annex XII — enough for them to integrate the model responsibly and comply with their own obligations.
A policy to comply with EU copyright law, in particular honouring the text-and-data-mining opt-out under Article 4(3) of Directive (EU) 2019/790 (the CDSM Directive). Practical means: respect robots.txt TDM directives and the IETF ai.txt draft.
A sufficiently detailed summary of training content, published using the AI Office template.

If training compute exceeds 10^25 floating-point operations (Article 51(2)), or if the Commission designates the model under Article 51(1)(b), you also fall under Article 55 systemic risk obligations: model evaluation including adversarial testing, systemic-risk assessment and mitigation, serious-incident tracking and reporting to the AI Office, adequate cybersecurity for model and physical infrastructure.

The General-Purpose AI Code of Practice published by the AI Office in 2025 provides a presumption of compliance with Article 53. Signing it is voluntary but pragmatic — non-signatories must demonstrate equivalent compliance and bear the burden of proof.

Deployer duties under Article 26 and Fundamental Rights Impact Assessments

Most SaaS using third-party LLMs are deployers. Article 26 imposes:

Use the system in accordance with provider instructions for use.
Assign human oversight to natural persons with the necessary competence, training and authority (Article 26(2)).
Ensure input data is relevant and sufficiently representative for the intended purpose (Article 26(4)).
Monitor operation and inform the provider of any serious incident or malfunction (Article 26(5)).
Retain logs for at least six months (Article 26(6)).
Workers' representatives and affected workers must be informed before high-risk AI is used in the workplace (Article 26(7)).
Inform natural persons subject to a decision based on high-risk AI output (Article 26(11)).

Public-body deployers and large private deployers of high-risk Annex III systems must conduct a Fundamental Rights Impact Assessment under Article 27 before first use. Output goes to the national market surveillance authority. It is not optional; it is not a DPIA dressed up.

Engineer reviewing model evaluation metrics on a monitor — Deployer obligations are operational engineering: oversight, logging, monitoring, input-data quality checks.

Technical documentation: Annexes IV, XI, XII

Three annexes drive your documentation:

Annex IV — High-risk AI system technical documentation (Article 11). Intended purpose, design specs, system architecture, data requirements, training methodologies, validation and testing, metrics, foreseeable unintended outcomes, human oversight measures, lifecycle management. For SMEs, a simplified form is available (Article 11(1) subpara 2). Plan for 60–120 pages plus appendices.
Annex XI — GPAI model technical documentation (Article 53(1)(a)). Description, design, training, evaluation, intended tasks, limitations, computational resources, energy consumption, known and reasonably foreseeable failures. ~30–80 pages.
Annex XII — Information for downstream providers (Article 53(1)(b)). Model capabilities and limitations, acceptable use, integration requirements, technical means to identify the model.

For high-risk providers, the EU declaration of conformity (Article 47, content in Annex V) and CE marking (Article 48) follow. Most Annex III high-risk systems use internal control conformity assessment under Annex VI; Annex III(1) biometric systems require notified-body involvement under Annex VII.

Serious incident reporting (Article 73) and post-market monitoring (Article 72)

Article 72 requires high-risk providers to establish a post-market monitoring system, proportionate to risk and use, that actively and systematically collects, documents and analyses data on system performance throughout the lifetime. A Commission implementing act under Article 72(3) specifies the detailed plan template.

Article 73 serious-incident reporting deadlines bite hard:

Immediately after establishing a causal link, and not later than 15 days after awareness — for ordinary serious incidents.
10 days for incidents resulting in death.
2 days for widespread infringement or serious and irreversible disruption to critical infrastructure.

Reporting goes to the market surveillance authority of the Member State where the incident occurred. Stand up the incident pipeline before launch, not after the first incident.

Engineering controls that satisfy multiple Articles at once

Smart programmes pick controls that close multiple gaps. The controls we install on most SaaS AI Act builds:

Structured prompt and output logging with PII tokenisation — satisfies Article 12 record-keeping, Article 26(6) deployer logs, Article 72 post-market monitoring, and GDPR Article 30 records of processing.
Evaluation harness running pre-release on a frozen test set with bias slices — Article 10 data governance, Article 15 accuracy, Article 9 risk management.
Human-in-the-loop UI with explicit override and reason-capture — Article 14 oversight, Article 26(2) deployer competence, Article 86 right to explanation for affected persons.
Model card and system card auto-generated from the eval harness — Annex IV §3 and Annex XI §1.
C2PA Content Credentials on all generated media — Article 50(2) machine-readable marking.
Red-team programme on a quarterly cadence — Article 15 robustness, Article 55(1)(b) GPAI systemic-risk adversarial testing where applicable.
Authorised representative agreement with an EU-established entity — Article 22.

Most of these are also the chassis we build into SaaS development engagements by default, and they are central to the way we approach EU AI Act compliance. For founders without an internal compliance leader, a fractional CTO who has shipped under the Regulation is faster than a law-firm-only programme.

FAQ

Does the EU AI Act apply to my US SaaS if I have EU customers?

Yes. Article 2(1)(c) extends jurisdiction wherever AI output is used in the Union. Non-EU providers of high-risk and GPAI systems must appoint an Article 22 authorised representative before placing the system on the market.

What are the key 2026 deadlines?

Most high-risk obligations apply on 2 August 2026. Article 50 transparency on the same date. GPAI obligations (Article 53) have already been live since 2 August 2025. Article 5 prohibitions since 2 February 2025. Annex I product-safety integrated AI follows on 2 August 2027.

Is my SaaS feature high-risk?

Run the screen: Article 5 prohibited → Annex I safety component → Annex III use case → Article 50 transparency. If none apply, you are minimal-risk for AI Act purposes.

What does Article 50 require operationally?

Persistent UI disclosure that the user is talking to an AI, machine-readable marking (C2PA, watermarking) on generated audio/image/video/text, deep-fake disclosure, and biometric / emotion-recognition disclosure.

I only use third-party LLMs — what do I owe?

You are a deployer under Article 26 — human oversight, input-data appropriateness, six-month log retention, incident notification. If you fine-tune and redistribute, you become a GPAI provider under Article 53 and add Annex XI/XII documentation and the copyright + training-summary obligations.

What is the penalty exposure?

Article 99: up to EUR 35M or 7% of worldwide turnover for Article 5 violations; EUR 15M or 3% for most other provider obligations; EUR 7.5M or 1% for misleading information to authorities. GPAI: 3% or EUR 15M under Article 101.

Build your AI Act programme on engineering, not paperwork

The cheapest readiness programmes in 2026 will be the ones where compliance is a build-time artifact of the SDLC, not a parallel paperwork stream. We design AI features so that Annex IV documentation falls out of CI and Article 14 oversight is a first-class UI primitive.

Last updated 26 May 2026. References to Articles and Annexes are to Regulation (EU) 2024/1689. Nothing in this article constitutes legal advice for a specific situation.

EU AI Act for SaaS — a practical compliance checklist for 2026