EU AI Act: What Changes for Your Website as of August 1, 2026?
- 6 hours ago
- 9 min read
The EU AI Act Becomes Reality: Is Your Website Ready for August 1, 2026?
On 1 August 2024, the EU AI Act (Regulation (EU) 2024/1689) officially entered into force, the world's first comprehensive AI legislation. However, the real impact for businesses and website owners does not begin until 2 August 2026 , when most obligations come into effect.
For Dutch and European companies using AI tools on their websites, think chatbots, content generation, or personalization, this means a fundamental shift in how you are allowed to deploy technology. AI is no longer an unregulated playing field; the European Union is now imposing strict rules that directly impact your digital presence.
In this blog post, we explain what changes as of August 1, 2026, how the current situation differs from the situation after this date, and what this specifically means for your website. We use clear comparison tables, practical examples, and a concrete action list so that you can prepare your business in time.
What is the EU AI Act and why is this law important for websites?
The EU AI Act is not just new legislation, it is a horizontal law that applies to all sectors, including websites, apps, and online platforms. Unlike sectoral legislation, the AI Act focuses on the risk that an AI system poses to users.
The Risk-Based Approach
The AI Act divides AI systems into four risk levels:
Risk level | Examples for Websites | Legal Status as of August 2026 |
Unacceptable Risk | Social scoring, subliminal manipulation, real-time biometric identification in public spaces | Prohibited since February 2, 2025 |
High Risk | Automated creditworthiness checks, CV screening, admission procedures, insurance risk analyses | Obligations as of December 2, 2027 (postponed via Digital Omnibus) |
Limited Risk | Chatbots, AI content generation (blogs/images), deepfakes, emotion recognition | Transparency obligations as of 2 August 2026 |
Minimal Risk | Spam filters, basic optimization tools, AI games, simple recommendation engines | Exempt, voluntary codes of conduct |
Important update: Due to the Digital Omnibus Agreement of 7 May 2026, the obligations for high-risk AI systems (Annex III) have been postponed from 2 August 2026 to 2 December 2027. Obligations for high-risk AI in regulated products (Annex I) apply from 2 August 2028. The transparency obligations for AI-generated content have been postponed to 2 December 2026 .
Situation Now vs. Situation After August 1, 2026: The Great Comparison
What Changes Specifically?
Aspect | Current situation (Before August 2026) | Situation AFTER August 1, 2026 |
AI chatbots on websites | Virtually unregulated; optional disclaimers | Mandatory transparency: users must be explicitly informed that they are communicating with AI |
AI-generated content | No legal obligation to label | Mandatory labeling: AI-generated text, images, and video must be marked as synthetic (from December 2, 2026) |
Product recommendations | Completely exempt; no accountability | Minimal risk: no specific AI Act obligations, but it is recommended to be transparent. |
CV screening / recruitment | Only GDPR requirements apply | High risk (as of Dec 2027): human supervision mandatory, registration in EU database, fundamental rights impact assessment |
Creditworthiness checks | Financial regulations + GDPR | High risk (as of Dec 2027): strict data governance, bias detection, mandatory documentation, CE marking |
Deepfakes / synthetic media | Platform-dependent rules | Mandatory labeling: clear and visible indication that content is AI-generated |
AI for fraud detection | Internal security protocols | Minimal risk: no specific AI Act rules, existing security standards remain applicable |
Data governance for AI | Proprietary standards | Required: representative, relevant, and unbiased training data; documentation required |
Human supervision | Optional or absent in many systems | Mandatory for limited and high risk: humans must be able to override and correct AI outputs. |
Fines for non-compliance | No AI-specific sanctions | Up to €35 million or 7% of global turnover for prohibited practices; lower but substantial fines for other violations. |
Transparency Obligations in Detail
The transparency obligations taking effect on August 2, 2026 , are the most direct and concrete consequence of the AI Act for most websites. These rules apply to low-risk AI systems, the category in which most commercial website AI falls.
AI Application on Website | Transparency requirement as of August 2026 | Practical Implementation |
Chatbot / virtual assistant | The user must know that they are communicating with AI. | Clear disclaimer in chat window: "You are talking to an AI assistant" |
AI-generated blog posts | Content must be labeled as AI-generated | Watermark, metadata tag or visible mention above article |
AI images/videos | Synthetic media must be identified | Machine-readable metadata + visible labeling for deepfakes |
Emotion recognition | The user must be informed about the use | Pop-up or mention in privacy policy + real-time notification |
Biometric categorization | Explicit notification required | Clear request for consent + explanation of purpose and duration |
What Does the AI Act Specifically Mean for Your Website?
E-commerce Websites
For webshops, relatively little changes regarding product recommendations, these fall under minimal risk and are largely exempt. However, you should pay attention to:
AI chatbots for customer service: As of August 2026, you must explicitly state that customers are communicating with an AI. A small line of text in the chat window suffices.
Dynamic pricing: Adjusting prices based on supply and demand is permitted, but the use of AI to target vulnerable individuals in emergency situations is prohibited (unacceptable risk).
Fraud detection: Background systems for credit card fraud fall under minimal risk, there are no new AI Act obligations here.
Media, Blog, and News Websites
The rules are becoming stricter for publishers and content platforms:
AI-generated articles: If you publish news or information generated by AI without significant human oversight, this must be labeled as AI-generated content.
Deepfakes: AI-generated images or videos that mimic real people or events must be clearly labeled to prevent deception.
AI translations: The use of AI to translate your website is permitted and requires no special labeling, this falls under minimal risk.
Recruitment and HR Platforms
This is one of the most heavily regulated sectors under the AI Act. Although the obligations have been postponed to December 2027 , preparation is essential now:
CV screening and candidate evaluation: AI systems that automatically filter applications or score candidates fall under high risk . You must have a human review those AI decisions and register the system in the EU database.
Profiling: AI-based analysis and profiling can trigger both AI Act and GDPR obligations. In many cases, you need explicit consent.
Financial and Insurance Websites
Credit scoring: AI that determines whether a visitor qualifies for a loan or credit card is high risk . You must be transparent about the decision-making and ensure unbiased data.
Insurance risk analysis: AI for life and health insurance falls under high risk; standard car or home insurance is less strictly regulated but still subject to strict data privacy rules.
The Digital Omnibus Update: What Has Changed in May 2026?
On 7 May 2026, the Council of the EU and the European Parliament reached a provisional political agreement on the Digital Omnibus Package . This amends and simplifies certain provisions of the AI Act.
Changed Data in Overview
Provision | Original date | New date | Status |
Article 5 (prohibited practices) | February 2, 2025 | February 2, 2025 | In operation |
Article 4 (AI literacy) | February 2, 2025 | February 2, 2025 | In operation |
GPAI obligations (Art. 51-55) | August 2, 2025 | August 2, 2025 | In operation |
Article 50(2) watermarking & synthetic content | August 2, 2026 | December 2, 2026 | postponed by 4 months |
National AI sandboxes | August 2, 2026 | August 2, 2027 | postponed by 12 months |
High-risk Annex III (standalone systems) | August 2, 2026 | December 2, 2027 | postponed by 16 months |
High-risk AI in Annex I products | August 2, 2027 | August 2, 2028 | postponed by 12 months |
Practical consequence: As a website owner, you now have slightly more time to prepare for high-risk obligations, but the transparency rules for chatbots and AI content will still come into effect on August 2, 2026. So this is not a time for postponement, only for targeted preparation.
Compliance Checklist: How to Make Your Website AI-Act-Proof
Use this checklist to get your website ready for August 1, 2026:
Step 1: Inventory All AI Systems
Identify every AI tool running on your website, including those from third parties and vendors. Think of chatbots, content generation tools, recommendation engines, and analytics tools.
Step 2: Determine Your Risk Level
Classify each AI system according to the four risk categories of the AI Act. Don't forget to assess your third-party vendors as well.
Step 3: Implement Transparency Measures
Add clear AI disclaimers to chatbots
Label AI-generated content with watermarks or metadata
Inform users about emotion recognition or biometric analysis
Step 4: Register High-Risk Systems
If you use high-risk AI systems (for example, for recruitment or credit scoring), you must register them in the EU database as soon as the obligations come into force in December 2027.
Step 5: Set up Data Governance
Ensure that your training data:
Is representative and relevant
Free from known bias where possible
Is clearly documented
Step 6: Implement Human Supervision
Ensure that a human is always available to review, correct, and override AI outputs where necessary, especially for low- or high-risk systems.
Step 7: Document Everything
Keep technical documentation for:
AI system descriptions
Risk assessments and mitigation measures
Training data summaries
Human supervision practices
Vendor compliance documentation
Step 8: Conduct Impact Assessments
For public authorities and private entities providing public services: conduct a Fundamental Rights Impact Assessment (FRIA) before implementing high-risk systems.
Step 9: Align with GDPR
Many AI Act obligations overlap with the GDPR, think of transparency, data protection, security, and consent. Ensure that your Consent Management Platform (CMP) also covers AI usage.
Step 10: Monitor Continuously
Privacy rules change. Establish internal monitoring processes to continuously comply with the AI Act, including cybersecurity, data accuracy, and robustness.
The Price of Non-Compliance: What Does It Cost If You Are Not Prepared?
The AI Act includes risk-based fines that can run up to a substantial amount:
Offence | Maximum Fine |
Prohibited AI practices (Art. 5) | €35 million OR 7% of global annual revenue—whichever is higher |
GPAI violations (Art. 51-55) | €15 million or 3% of global annual turnover |
High-risk system requirements | €15 million or 3% of global annual turnover |
Incorrect/misleading information to authorities | €7.5 million OR 1% of global annual turnover |
Good news for SMEs: Lower thresholds apply to small and medium-sized enterprises (SMEs) and startups, so fines are not immediately devastating. However, even for smaller companies, a fine of several hundred thousand euros can be a heavy blow.
Why Flor-IT is Your Partner in AI Compliance
At Flor-IT, we combine in-depth technical expertise with legal insight to prepare your company for the EU AI Act. Our team of specialized consultants helps you not only with the implementation of transparency measures but also with the strategic integration of AI into your business processes.
Our Expertise:
Legal expertise: We closely follow developments surrounding the AI Act, including the recent Digital Omnibus Agreement of May 2026.
Technical implementation: From chatbot disclaimers to metadata watermarks, we take care of the technical realization of compliance.
Risk assessment: We classify your AI systems and advise on mitigation strategies.
GDPR integration: We seamlessly align your AI Act compliance with your existing privacy provisions.
Our Services for AI Act Compliance
Employ | Description | Result |
AI Audit | Complete inventory and risk classification of all AI systems on your website | Clear overview of compliance status |
Transparency Implementation | Technical implementation of disclaimers, labels, and metadata for AI content | Website complies with Article 50 obligations |
Documentation & Governance | Drafting technical documentation, risk assessments, and supervision protocols | Ready for inspection by authorities |
Training & Awareness | AI literacy training for your team (mandatory under Article 4) | Employees understand AI risks and responsibilities |
Continuous Monitoring | Ongoing monitoring of legislative changes and compliance status | Always up to date with the latest regulations |
Ready for August 1, 2026?
The EU AI Act is no longer a thing of the future, it is a reality that will fully take effect in two and a half months regarding transparency obligations. Although some stricter obligations have been postponed to 2027 and 2028, the time for action is now. Websites that use AI to communicate with visitors or generate content must comply with strict transparency rules as of August 2, 2026.
Contact Flor-IT today for a no-obligation AI scan of your website. Together, we will ensure that you are not only compliant, but that your AI deployment becomes a competitive advantage, instead of a legal risk.
📧 info@flor-it.com | 🌐 www.flor-it.com | 📞 Contact us for a no-obligation consultation
The Future of AI Is Regulated—And That Is Good News
The EU AI Act marks the end of the "Wild West" era of artificial intelligence. For website owners, this means more responsibility, but also more user trust. By being transparent about AI usage, handling data carefully, and ensuring human oversight, you not only comply with the law, you also build a brand that consumers trust.
The main takeaways:
August 2, 2026: Transparency obligations for low-risk AI (chatbots, content generation) take effect
December 2, 2026: Watermarking and labeling of synthetic content mandatory
December 2, 2027: High-risk obligations for standalone systems
August 2, 2028: High-risk AI in regulated products
Start your preparation today. The costs of non-compliance are astronomical, but the investment in compliance is manageable, especially with the right partner by your side.
Sources:
European Commission - AI Act Timeline & Risk-based Approach
CookieScript - EU AI Act Checklist for Websites
VerifyWise - EU AI Act Omnibus Changes (May 2026)
Legal Nodes - EU AI Act 2026 Updates
Kennedys Law - EU AI Act Implementation Timeline
