Compliance & trust

An obligation for inventory, transparency, and control — not a prohibition.

The EU AI Act doesn't ban AI in business — it requires you to know where you use it and who is responsible.

EU AI Act for Romanian companies — obligations and concrete steps

In short

The EU AI Act (European Regulation 2024/1689 on artificial intelligence) classifies AI systems by risk level (unacceptable, high, limited, minimal) and imposes proportional obligations: inventory, transparency towards users, impact assessment, and human oversight for high-risk systems. For most companies, this practically means: document where you use AI, what data goes in, who approves important decisions, and how a human can intervene.

  • 4 risk levels, with proportional obligations
  • Most business cases are "limited risk" or "minimal"
  • Inventory + transparency + human oversight = mandatory
  • Significant penalties for non-compliance — proportional to turnover

The 4 risk levels, in brief

The EU AI Act categorizes AI systems by risk: (1) unacceptable — prohibited (e.g., governmental social scoring); (2) high — permitted with strict obligations (HR, credit scoring, medical devices, critical infrastructure); (3) limited — transparency obligation (chatbots must identify themselves as such); (4) minimal — no specific obligations (spam filters, recommendations). 90% of typical business implementations fall into categories 3 or 4.

What you need to do concretely, regardless of risk

Three minimum things you can implement within a week: an inventory of AI systems used in the company (what, where, for what), an internal usage policy (who can use what, on what data), and a transparency instruction for customers where AI makes decisions or generates content.

  • AI inventory: system, purpose, input data, generated decision
  • Internal AI usage policy, communicated to the team
  • Transparency towards users (chatbot, generated content)

Application timeline — what comes when

The EU AI Act is applied in stages: prohibitions on unacceptable risk are already active, obligations for General Purpose AI (GPAI — general-purpose AI, such as those offered by OpenAI, Anthropic, Google, Meta) came into force in August 2025, and the bulk of obligations for high-risk systems apply from August 2026. If you are starting an AI implementation now, make it compliant by design — it costs significantly less than a subsequent retrofit.

How we handle your technical side

Our projects include by default: a complete audit log for each AI decision, configurable human oversight (human-in-the-loop), technical documentation compliant with AI Act requirements, plus transparency instructions ready to be published on your website. You don't pay separately for "compliance" — it's how we build.

Let’s talk →