EU AI Act, what hits me as an SMB?
The Act phases in. Banned practices: February 2025. General-AI rules: August 2025. High-risk systems: mostly 2026 and 2027. Read per phase.
Try this first
- 1Define your role: provider (you build or sell), deployer (you use), importer, or distributor. Duties differ.
- 2Assess the risk class: banned, high-risk, limited, minimal. Annex III of the Act lists them.
- 3For minimal-risk tools (chatbots, mail assistants, summarisers), transparency usually suffices. Disclose AI-generated output.
- 4For high-risk (HR, credit scoring, critical infrastructure, biometrics) you face risk management, data quality, technical documentation, logging, human oversight, robustness. Not DIY; ask the vendor for their conformity declaration.
- 5Maintain an internal register of AI tools in use. It will be as routine as the GDPR processing register.
When to bring us in
Building a high-risk system yourself or training a foundation model above 10^25 FLOPs? Different regime. Get specialist counsel.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.