Strengthened AI Regulations: Will SMEs Be Affected? Do you think companies utilizing Artificial Intelligence (AI) are limited to large tech firms? The time has come to challenge that simple misconception. The European Union's (EU) Artificial Intelligence-related legislation, the 'EU AI Act,' which will be fully enforced starting August 2, 2026, targets all companies that use AI, and is expected to significantly impact small and medium-sized enterprises (SMEs) worldwide. This sends a crucial message to domestic SMEs: "AI is no longer just a technology; it is now subject to regulation." While the EU AI Act might appear to target only companies that directly develop AI technology, it effectively includes all businesses that utilize or purchase AI functionalities within its regulatory scope. This means that even standard software with embedded AI can fall under the scope of this law. This is a point many companies have misunderstood from a traditional perspective, implying that a complacent attitude of 'this law doesn't concern me' must be re-evaluated. Particularly shocking is the potential for fines up to 35 million Euros or 7% of a company's global annual turnover, whichever is higher, for businesses unprepared for these regulations. Furthermore, the EU AI Act goes beyond mere corporate compliance obligations, demanding a thorough process of evaluating and classifying AI systems based on their risk levels. This risk classification is divided into four tiers: 'unacceptable risk,' 'high-risk,' 'limited risk,' and 'minimal risk,' with high-risk AI systems subject to particularly stringent regulations. Requirements such as the use of high-quality datasets, detailed data documentation, and ensuring human oversight are essential for AI systems categorized as high-risk. As the preparation process demands significant time and cost, the necessity for SMEs to prepare for this is increasingly growing. Of particular note are the regulations concerning generative AI. The EU AI Act also emphasizes transparency obligations for generative AI systems. Companies using generative AI must clearly indicate that the content was generated by an AI system and provide information about the AI model's training data and operational mechanisms. This is expected to directly impact businesses that utilize rapidly spreading generative AI tools like ChatGPT and Midjourney. The EU AI Act urges companies to establish clear management systems internally to ensure compliance with these regulations. It requires the appointment of an AI compliance officer, the establishment of a specialized internal governance body, and the implementation of regular risk reporting and audit procedures. Furthermore, the development of ethical guidelines for AI use is mandatory, and automatic logging of all related activities is also included as a crucial regulatory item. The requirement for companies to report serious incidents to the competent market surveillance authority within 15 days particularly highlights the strictness of the legislation. Maximum Fine of 35 Million Euros: What Should Companies Prepare? The first step for companies is to build an inventory of all AI systems they use. Many businesses might be unknowingly using software with embedded AI functionalities. Many commonly used business tools, such as Customer Relationship Management (CRM) systems, marketing automation tools, and Human Resources (HR) software, include AI features. Therefore, companies must review all systems in use, identify their respective AI functionalities, and assess their risk levels. Without such proactive measures, it will be challenging to complete preparations by the enforcement date of August 2, 2026. But how should domestic companies respond to these regulations? While European laws generally apply to companies targeting the European market, this regulation is highly likely to become a significant limiting factor for domestic startups and large corporations aiming to grow into global enterprises. It is time to seize opportunities while simultaneously preparing for the associated risks. Xpert.Digital, a digital transformation and B2B technology consulting firm, views the EU AI Act as providing a strategic opportunity to guide clients on regulatory compliance, AI system classification, and governance structure establishment. This implies that regulations should be embraced not merely as a burden, but as a standard for more mature AI utilization. Particularly important is the expectation that the European Commission will not extend the deadline. Therefore, companies must take immediate action. There is a need to proactively respond to the regulatory environment by building AI inventories and conducting risk classification assessments. Although approximately five months remain from now, this is by no means ample time, considering the evaluation and documentation of complex AI systems and the establishment of governance structures. Some critics argue that this legislation i
Related Articles