Your SME Uses AI. Now the Law Wants Order.
The EU AI Act has been in force since 2024 and member states are bringing in their national implementations. If your business runs a chatbot, an automation, or any AI-powered system, it's time to put things in order. We help you do that without panicking.
The Framework That's Already Live (and the Deadlines Hitting You)
Quick snapshot of the legal landscape, in plain English rather than legalese.
EU AI Act in Force
Regulation (EU) 2024/1689 rolls out in stages. Some obligations are already operational, others phase in across 2026 and 2027.
Mandatory AI Literacy
Article 4 requires staff using AI systems to have training proportional to risk. It applies even if you only use third-party AI.
Member States Are Rolling Out Their Laws
Italy's Law 132/2025 is operational since 10 October 2025. Spain approved its national AI law on 26 May 2026. France, Germany, the Netherlands and others are following. Each adds national specifics on top of the AI Act.
Different Authority in Each Country
Italy: AgID + ACN. Spain: AESIA (HQ in A Coruña). Find your national regulator — they run the inspections and impose the fines.
Mandatory Labeling of AI Content
Images, text, audio and video generated or manipulated with AI must be clearly identified to the end user.
Up to €35M or 7% of Global Turnover
Highest fines target prohibited uses. Less severe infringements sit on lower bands but still serious for an SME.
Five Things Your SME Should Already Be Doing
Even if your company only uses third-party AI, the law sees you as responsible. Here's the floor.
You're a Deployer, Not Just a User
Using ChatGPT, Claude, Make or n8n in internal processes makes you a deployer under the AI Act. The accountability lands on you.
Your Chatbots Must Self-Identify as AI
If a customer is interacting with a non-human agent, they need to know. This applies to web chatbots, WhatsApp bots, voice agents and email assistants.
AI-Generated Content Has to Be Labeled
Social posts, catalog images, marketing videos, blog copy: if AI creates or transforms it, the end user must be told.
Your Team Needs Documented Training
Article 4. It's not enough that the team knows how to click around: they must have risk-proportionate training, with a paper trail.
HR Tech, FinTech, Healthtech, PubSec: High Risk
If your business runs hiring, credit scoring, diagnosis, justice or public administration processes with direct impact on people's rights, the obligations are far stricter: conformity assessment, human oversight, documented risk management. Italy's Law 132/2025 calls out these sectors explicitly. Not optional.
We Bring Order, no Theatre.
We work hands-on: we look at what you have, what's missing, and we leave the paper trail the law expects. No 200-page reports nobody reads.
Inventory of AI Systems in Use
We map which AI your business uses today, in which processes, with which data. The foundation for everything else.
Risk Classification per the AI Act
We tell you which category each use lands in (prohibited, high risk, limited risk, minimal risk) and what obligations apply.
Labeling and Transparency in Chatbots and Automations
We add the disclosures the law requires, without breaking the UX. Compliance and good design aren't enemies.
Focused AI Training for Your Team
Short, targeted sessions to satisfy Article 4, with downloadable material and attendance records.
Minimum Compliance Documentation
For every automation we deliver we leave a tech sheet and a usage statement. If an inspection lands, you have something to show.
Light Audit of AI Systems Already Live
We review what's already in production, flag the gaps to close and hand you a prioritized remediation plan.
Before the Inspector Knocks, Let's Talk.
30 minutes, no strings, to figure out where your business stands. No pressure, no hard sell, just clarity on what's missing.
We're not a law firm. We help you put your technical and operational house in order according to the published texts; for strictly legal questions we recommend a specialized lawyer.