SME EU AI Act Compliance Guide

Practical compliance roadmap for small and medium enterprises deploying AI, focusing on proportionate obligations, reduced fees, and priority actions before the August 2026 deadline.

Quick Answer

SMEs must first determine if they are AI providers or deployers: providers face full Annex IV documentation and CE marking obligations, while deployers primarily need human oversight measures, use logs, and upstream incident reporting.

Compliance Checklist (8 items)

Determine your role: provider (develops/places on market) vs deployer (uses in-house)
Inventory all AI systems in use and classify each by risk tier
For deployer-only: implement human oversight, keep use logs, report incidents upstream
For provider of high-risk AI: begin technical documentation (Annex IV) immediately
Apply for reduced conformity assessment fees available to SMEs and micro-enterprises
Register for free Commission SME guidance, templates, and regulatory sandboxes
Brief staff on prohibited practices (Article 5) — applicable from August 2025
Set a calendar reminder for August 2026 high-risk AI deployment deadline

Penalty if not compliant

Proportionate penalties apply: for SMEs, fines may be reduced. However, the maximum remains €30 million or 6% of turnover for the most serious violations.

Frequently Asked Questions

Do SMEs get any special treatment under the EU AI Act?

Yes. SMEs and start-ups benefit from reduced fees for conformity assessments, access to free regulatory sandboxes, simplified templates, and priority access to Commission guidance. Fines may also be proportionately reduced for SMEs.

As an SME deploying a third-party AI tool, what are my obligations?

As a deployer, your main obligations are: implement human oversight, provide instructions to affected employees, not use the system beyond its intended purpose, keep usage logs for 6 months, and report serious incidents to your provider.

What is the cheapest path to EU AI Act compliance for an SME?

Start with a risk classification exercise. If your systems are limited or minimal risk, obligations are light. Only high-risk systems require full documentation. Use Commission free templates and the regulatory sandbox before spending on consultants.

Need this turned into a real document?

Our compliance sprint service delivers production-ready documents tailored to your organisation in 5–15 business days. A senior compliance specialist reviews every document before delivery.

Get Expert Help →Browse All Templates

SMEEU AI Actsmall businessdeployer obligations2026 deadline