Frequently asked questions
EU AI Act & KomplAI — frequently asked questions
Short, dependable answers to the most common questions about the EU AI Act — deadlines, fines, risk tiers, high-risk systems and what it means for your company.
What is the EU AI Act?
The EU AI Act (Regulation (EU) 2024/1689) is the EU's first comprehensive AI law. It classifies AI systems by risk — prohibited, high-risk, transparency-bound and minimal — and attaches staggered obligations to each tier. It entered into force on 1 August 2024 and applies in phases.
Who does the EU AI Act apply to?
It applies extraterritorially: any company that develops (provider) or uses (deployer) AI systems whose output affects people in the EU is in scope — regardless of where the company is based. Importers and distributors have obligations too.
What are the risk tiers?
Four: prohibited practices (e.g. social scoring), high-risk systems (Annex III, e.g. CV screening or credit scoring), systems with transparency duties (e.g. chatbots) and minimal risk (e.g. spam filters). The higher the risk, the stricter the obligations.
Does my chatbot fall under the EU AI Act?
Usually yes — most often as a transparency-bound system: users must be able to tell they are interacting with an AI (Art. 50). But if the chatbot is used in a high-risk context under Annex III (e.g. recruitment or credit decisions), it can itself become a high-risk system. The tier depends on the use case.
What are the EU AI Act deadlines?
Staggered: bans and AI-literacy duties apply since 2 February 2025; obligations for general-purpose AI (GPAI) models since 2 August 2025; most high-risk and transparency obligations from 2 August 2026; high-risk systems embedded in regulated products (Annex I) from 2 August 2027.
How high are the fines?
Up to €35M or 7% of worldwide annual turnover for prohibited practices; up to €15M or 3% for breaches of most other obligations; up to €7.5M or 1% for supplying incorrect information to authorities. The higher amount applies.
What is a high-risk AI system?
High-risk systems are mainly those used in the areas listed in Annex III — such as employment, education, creditworthiness, law enforcement, migration or critical infrastructure — plus AI acting as a safety component of regulated products (Annex I). They must meet requirements such as risk management, data governance, technical documentation and human oversight.
What do the transparency obligations (Art. 50) require?
Users must be told when they interact with an AI (e.g. chatbots), and AI-generated or -manipulated content (such as deepfakes) must be labelled as such. These duties apply in addition — including to systems that otherwise carry only 'limited risk'.
How do the EU AI Act, GDPR and DORA relate?
They apply in parallel. The AI Act governs the safety and conformity of AI systems, the GDPR the protection of personal data (relevant whenever AI processes such data), and DORA digital operational resilience in the financial sector. KomplAI checks against all three.
What exactly does KomplAI do?
KomplAI checks your documents and source code against the EU AI Act, DORA and GDPR. Every citation is machine-verified against the official EUR-Lex texts, and an optional verification pass reviews the findings a second time. The result is traceable, client-ready reports with risk classification and obligation gap analysis — in minutes.
Is KomplAI legal advice?
No. KomplAI provides professional support results that prepare a human review but do not replace legal advice. On request, the findings can be reviewed by a data-protection expert with over 10 years of experience before you rely on them.
How do I get started?
Start with the free risk check: in under two minutes you'll see which risk tier your AI system falls into — no sign-up needed. Then you can generate a full report with a free analysis credit.