What the EU AI Act Means for Your AI App or Chatbot
Most indie AI apps are not 'high-risk', so the heavy rules will not hit you. But one rule almost certainly does: if users talk to an AI, you have to tell them. Here is the plain version.
For most indie AI apps, the EU AI Act is far less scary than the headlines suggest. The Act sorts AI by risk. A small set of uses are banned outright, a defined set are 'high-risk' and carry serious paperwork, and the vast majority of products, including a typical SaaS with a chatbot or an AI feature, fall into a light-touch tier whose main duty is simple honesty about the fact that AI is involved.
Is my app 'high-risk'?
Probably not. High-risk under the AI Act means AI used in specific sensitive areas: hiring and worker management, access to education, credit scoring, essential services, biometrics, law enforcement, and similar. If your app is a writing tool, a dashboard, a marketing helper, or a chatbot for support and sales, you are almost certainly not high-risk, and the demanding obligations (risk management systems, conformity assessments) do not apply to you.
//One thing to genuinely avoid
The Act bans AI that manipulates people through deceptive or subliminal techniques to distort their decisions. In practice that means do not build dark patterns, fake urgency, or pressure flows powered by AI. This is already enforceable, and it is just good practice to steer clear.
What do I actually have to do?
If you are in the common, light-touch tier, your obligation is transparency, and it is small and concrete.
- 1.Tell people when they are talking to AI. If you have a chatbot or assistant, make it clear it is AI and not a human, right where the conversation starts. A line like 'You're chatting with our AI assistant' is enough.
- 2.Label AI-generated content. If your app produces images, audio, or video that could pass as real, mark them as AI-generated, with a visible note or in the metadata.
- 3.Be clear about AI features generally, so users are not misled into thinking a human did something an AI did.
That is the bulk of it for most products. The transparency obligations become hard law on 2 August 2026, so adding the disclosure now is cheap insurance and good for trust either way.
How do I check my app?
Open your app and look at your chatbot or AI feature as a first-time visitor. Does anything tell them they are dealing with AI before or as they start? If your assistant just says 'Hi, how can I help?' with no indication it is a bot, that is the gap. The Compliance check detects chat and AI features on your site and flags when there is no clear AI disclosure, alongside your GDPR, accessibility, and US privacy gaps, in one private report.
Have a chatbot or AI feature? Run a Compliance check to see if your AI disclosure (and the rest) holds up.
Run a Compliance checkFrequently asked questions
Does the EU AI Act apply to a small startup outside the EU? ▾
If you offer your AI product to people in the EU, the relevant parts apply, much like GDPR. For most small apps that means the transparency rules: disclosing AI interactions and labeling AI-generated content. The high-risk obligations only apply if your use falls into the Act's sensitive categories.
Do I have to tell users my chatbot is AI? ▾
Yes, if EU users can use it. The AI Act's transparency rules require that people are informed when they are interacting with an AI system rather than a human. A short, clear notice where the chat begins satisfies this. It becomes hard law in August 2026.
Is my AI writing or image tool high-risk under the AI Act? ▾
Almost certainly not. High-risk covers specific sensitive uses like hiring, credit, and biometrics. General creative and productivity tools fall into the light-touch transparency tier, where the main duty is disclosing AI use and labeling AI-generated media.
When does the EU AI Act take effect? ▾
It is phasing in. Bans on prohibited practices and some general rules are already in force, and the transparency obligations that affect most apps (AI interaction disclosure and AI-content labeling) apply from 2 August 2026. Getting the disclosure in place now is low-cost.
Does your AI disclosure hold up?
A Compliance check finds your chatbot and AI features and flags missing AI disclosure, plus your GDPR, accessibility, and US privacy gaps, in one private fix list.
Run a Compliance checkKeep reading
Does My SaaS Need to Be GDPR Compliant?
If anyone in the EU or UK can sign up for your app, the short answer is yes. Here is what that actually means for a small, AI-built SaaS, in plain English, and how to find the gaps before a regulator or a demand letter does.
Do I Need a Cookie Consent Banner?
If you have EU or UK visitors and you run analytics or ads, yes, and it has to ask before anything tracks. Here is what a correct banner does, and the version that quietly breaks the rules.
Do I Need a 'Do Not Sell My Info' Link? CCPA for Indie Founders
If you have California users and run ad or analytics tools that share data, you probably need a 'Your Privacy Choices' link, even if you do not think you 'sell' anything. Here is the plain version.
We put every SaaS through the same honest scorecard, then publish the result.