EU AI Act Compliance Checklist for Irish SMEs
11 May 2026 · Ask Alice
EU AI Act Compliance Checklist for Irish SMEs
The EU AI Act officially becomes enforceable on 2 August 2026 — less than three months away. If your business is using AI tools in any capacity, you need to understand what this means for you.
The good news: most Irish SMEs using standard tools like ChatGPT, Microsoft Copilot, or Google Gemini are in the minimal risk category. But “minimal risk” still comes with documentation obligations, and the clock is ticking.
Here’s what you need to know.
What is the EU AI Act?
The EU AI Act is the world’s first comprehensive AI regulation. It classifies AI systems by risk level and imposes obligations on both the companies that develop AI and the businesses that use it.
For Irish SMEs, the relevant questions are:
- What AI tools are you using?
- What are those tools used for?
- Are any of those uses in a high-risk category?
Risk Classifications
Unacceptable Risk (Banned)
These AI applications are prohibited entirely:
- AI that manipulates people’s behaviour without their knowledge
- Social scoring systems used by governments
- Real-time biometric surveillance in public spaces (with narrow exceptions)
Almost no Irish SMEs will be anywhere near these applications.
High Risk
These require significant compliance work: documentation, human oversight, conformity assessments.
Examples relevant to SMEs:
- AI used in recruitment and hiring decisions (CV screening, interview scoring)
- AI used in credit assessment for lending decisions
- AI used in access to essential services (healthcare triage, benefits eligibility)
If you’re using AI to screen job applications or make credit decisions, you have more work to do.
Limited Risk (Transparency obligations)
- Chatbots and AI assistants must disclose that users are interacting with AI
- AI-generated content must be labelled as such where required
If you have an AI chatbot on your website, it needs to clearly identify itself as AI.
Minimal Risk
Standard business AI tools fall here:
- ChatGPT / Claude / Gemini for writing, summarising, drafting
- AI-powered email tools
- CRM AI features (HubSpot, Salesforce AI, etc.)
- Marketing automation with AI elements
No specific compliance requirements, but good practice documentation is wise.
Your 10-Point Compliance Checklist
Work through this before August 2026:
1. Audit your AI tools Make a list of every AI tool your business uses. Include: ChatGPT, Copilot, Gemini, any AI features in your CRM, accounting software, or marketing tools.
2. Classify each tool by use case For each tool, note how you’re using it. “Writing marketing copy” is minimal risk. “Scoring job applications” is high risk.
3. Check if any uses are high-risk Are you using AI for recruitment, credit decisions, or access to services? If yes, you’ll need a conformity assessment and additional documentation.
4. Review your chatbot disclosures If you have an AI chatbot on your website (including AI live chat tools), ensure it clearly states it’s AI, not a human.
5. Label AI-generated content appropriately Where required — particularly in regulated sectors like financial services or healthcare — label AI-generated content clearly.
6. Document your AI use Create a simple register of: what AI tools you use, what you use them for, who has access, and any risks you’ve identified. One page per tool is enough for minimal-risk applications.
7. Check your contracts and suppliers If a supplier is providing you with an AI system, check their terms of service for compliance obligations. Under the Act, obligations flow down the supply chain.
8. Review your data practices AI tools often process personal data. Ensure your use of AI is covered in your GDPR documentation and privacy policy.
9. Appoint an AI point of contact Designate someone in your business (even if it’s just you) who is responsible for AI compliance oversight.
10. Plan for the full timeline Some obligations phase in over 2026-2027. Check the specific deadlines for any high-risk applications you’ve identified.
The Bottom Line for Most Irish SMEs
If you’re using AI for writing, customer communications, admin, and marketing automation, you’re in the minimal risk category. The primary obligations are:
- Document what you’re using and why (a simple internal register)
- Disclose AI chatbots clearly to users
- Review your GDPR compliance in light of AI tool usage
That’s manageable. The businesses that are at real risk are those using AI for recruitment decisions or financial assessments without realising it qualifies as high-risk.
Next Step
Take the Ask Alice AI Readiness Quiz. Your results include a compliance overview based on the AI tools and use cases you describe. It’s free and takes 2 minutes.