EU AI Act: What You Need to Know for Compliance

Unacceptable Risk (BANNED) — AI systems that manipulate human behavior, exploit vulnerabilities, enable social scoring by governments, or use real-time remote biometric identification in public spaces. These are prohibited entirely.

High Risk — AI systems used in critical infrastructure, education, employment, law enforcement, migration, and essential services. These require conformity assessments, human oversight, data governance, transparency, and registration in the EU database. Examples: AI hiring tools, credit scoring systems.

Limited Risk — AI systems that interact with people (chatbots, customer support AI). Must disclose that the user is interacting with AI. Must also label AI-generated content (deepfakes, synthetic text). This is where most customer support AI falls.

Minimal Risk — AI systems like spam filters, AI in video games, or inventory management. No regulatory requirements, though voluntary codes of conduct are encouraged.

If you deploy AI chatbots or virtual agents for customer support in the EU, here's what you need:

1. AI Disclosure — Users must be clearly informed they're interacting with an AI system. This is mandatory under the transparency obligations. A simple banner or introduction message suffices.

2. Human Escalation — While not strictly required for limited-risk systems, providing a path to a human agent is considered best practice and may be required if the AI handles complaints or makes decisions affecting customer rights.

3. Record Keeping — Maintain logs of AI interactions, model versions, and any incidents. This supports both compliance and quality management.

4. Content Labeling — If your AI generates synthetic content (emails, responses), it should be identifiable as AI-generated.

GuruSup is designed with EU AI Act compliance in mind: automatic AI disclosure in conversations, configurable human escalation, full interaction audit trails, and transparency dashboards.