[{"data":1,"prerenderedAt":19},["ShallowReactive",2],{"post-en-eu-ai-act-mittelstand":3},{"slug":4,"title":5,"description":6,"date":7,"dateFmt":8,"minutes":9,"tags":10,"related":14,"image":15,"imageOg":16,"imageAlt":17,"html":18},"eu-ai-act-mittelstand","The EU AI Act for small businesses: what actually applies to you in 2026","The EU AI Act for SMEs — which obligations really apply in 2026, why the big high-risk deadlines were postponed, and what you can settle in half a day.","2026-06-18","June 18, 2026",4,[11,12,13],"eu-ai-act","compliance","strategy","ki-modelle","\u002Fblog\u002Feu-ai-act-mittelstand-cover.webp","\u002Fblog\u002Feu-ai-act-mittelstand-cover.jpg","A glowing shield as a symbol of the EU AI Act, ringed by twelve stars and connected to small businesses.","\u003Cp>"Do we have to do something about the EU AI Act now?" — we hear this in almost every first conversation right now. The honest answer: yes, but far less than the panic headlines suggest. And the dreaded August 2026 deadline is, for most companies, off the table. Here's the calm classification for small and mid-sized businesses.\u003C\u002Fp>\n\u003Ch2>The good news first: the big deadlines have been postponed\u003C\u002Fh2>\n\u003Cp>For a long time, \u003Cstrong>2 August 2026\u003C\u002Fstrong> was the big cut-off — the date the strict obligations for high-risk AI were meant to kick in. But in May 2026 the EU institutions agreed on a clear delay through the so-called \u003Cstrong>Digital Omnibus\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stand-alone high-risk systems\u003C\u002Fstrong> (Annex III) only have to meet the obligations from \u003Cstrong>2 December 2027\u003C\u002Fstrong> — roughly 16 months later than planned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Systems embedded in regulated products\u003C\u002Fstrong> (Annex I) have until \u003Cstrong>2 August 2028\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The delay becomes legally binding once it's published in the EU Official Journal, which is expected before August 2026 — until then the old date formally stands, but the political agreement is considered settled. For you, that means the time pressure currently pushing many vendors to sell expensive "AI Act packages" is off, at least for now.\u003C\u002Fp>\n\u003Ch2>Four risk classes — and why you're probably in the harmless one\u003C\u002Fh2>\n\u003Cp>The AI Act doesn't treat all AI the same; it sorts it by risk. That's the most important distinction — and the reason most smaller companies can stay relaxed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"\u002Fblog\u002Feu-ai-act-mittelstand-risikoklassen.webp\" alt=\"The four risk classes of the EU AI Act as a glowing pyramid: a small bright apex widening to a broad base.\">\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unacceptable risk\u003C\u002Fstrong> — banned. Things like social scoring or manipulative AI. In force since February 2025, and it practically never touches a legitimate business.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High risk\u003C\u002Fstrong> — the strict class with risk management, documentation and oversight. This means AI in sensitive fields like hiring, lending, medicine or critical infrastructure. This is where the just-postponed deadlines apply.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limited risk\u003C\u002Fstrong> — transparency obligations. If you run a chatbot or publish AI-generated content, you have to label it. Nothing more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimal risk\u003C\u002Fstrong> — no specific obligations. This is where most everyday work lands: drafting texts, summarizing quotes, generating images, sorting data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you mainly \u003Cem>use\u003C\u002Fem> AI — ChatGPT, Copilot, a few automations — rather than \u003Cem>building\u003C\u002Fem> a high-risk system yourself, you're almost always in the bottom two classes.\u003C\u002Fp>\n\u003Ch2>What already applies today (and gets overlooked)\u003C\u002Fh2>\n\u003Cp>Two things apply regardless of any delay — and have since \u003Cstrong>2 February 2025\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. AI literacy.\u003C\u002Fstrong> If you deploy AI in your business, you have to make sure the employees working with it actually understand it — the basics, the limits, data protection. That's mandatory and meant to be demonstrable. The reassuring part: it doesn't mean certification, it means appropriate training. A compact briefing plus a two-page usage policy — half a day's work, not a compliance mega-project. You can \u003Ca href=\"\u002Fen\u002Fki-richtlinien-generator\">generate such a policy in minutes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Transparency.\u003C\u002Fstrong> If you run a chatbot, users must know they're talking to a machine. If you publish AI-generated text or images, label them. Simple — but often forgotten.\u003C\u002Fp>\n\u003Ch2>What you don't need to spend money on (yet)\u003C\u002Fh2>\n\u003Cp>The honest warning: the AI Act is currently a convenient selling point for expensive consulting and software that many companies simply don't need. If you don't operate a high-risk system — and few SMEs do — the heavy package of audits and documentation just isn't relevant to you. The Digital Omnibus lowers the bar further: for smaller companies (the planned category reaches up to 750 employees and €150M revenue), reduced technical documentation is meant to suffice. So don't buy an "AI Act all-in-one package" before you even know whether the strict rules apply to you.\u003C\u002Fp>\n\u003Ch2>Pragmatic, in three steps\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>First\u003C\u002Fstrong>, write down which AI you use and for what. \u003Cstrong>Second\u003C\u002Fstrong>, cover the two obligations that already apply today — a short training session and a clear usage policy. \u003Cstrong>Third\u003C\u002Fstrong>, check once, properly, whether any of your applications fall into the high-risk class.\u003C\u002Fp>\n\u003Cp>For exactly that third step we built a free \u003Ca href=\"\u002Fen\u002Feu-ai-act-check\">EU AI Act risk check\u003C\u002Fa> — in a few minutes you'll know where you stand. If you're still unsure afterwards, \u003Ca href=\"\u002Fen\u002Fkontakt\">talk to us\u003C\u002Fa>: you'll get an honest assessment, not a fear-driven sales pitch. (This article is for orientation and is not legal advice.)\u003C\u002Fp>\n",1781806306977]