logo Lawwwing

AI Act Checklist: 10 Obligations Before August 2nd

The EU AI Act will become applicable on August 2, 2026. If you run an e-commerce business and use AI on your website, this regulation applies to you. That's why we've prepared this checklist with the 10 key obligations you should review before that date. 1. Audit ALL the AI systems your business uses, not […]
Legal Lawwwing
July 8, 2026

The EU AI Act will become applicable on August 2, 2026. If you run an e-commerce business and use AI on your website, this regulation applies to you.

That's why we've prepared this checklist with the 10 key obligations you should review before that date.

1. Audit ALL the AI systems your business uses, not just the most obvious one

Before you can comply with anything, you need to know what you have.

Make an inventory:

  • Image generator
  • Customer service chatbot
  • Product recommendation engine
  • Dynamic pricing tool
  • AI-powered email marketing personalization
  • Conversational search assistants

2. Check that you're not using any prohibited AI practices

The Regulation bans specific AI uses, such as subliminal manipulation of consumer behavior or certain profiling systems. Review your personalization, dynamic pricing, and product recommendation tools to make sure none of them crosses these limits.

3. Ensure a minimum level of AI education across your team

The Regulation requires that people who use AI systems within your company have a sufficient level of understanding about how they work, their risks, and their limitations.

4. Identify and label any interaction with conversational AI

If your customer service uses an AI-powered chatbot or voice assistant, the Regulation requires that the person know, from the very first contact, that they're talking to an AI system and not a human, unless this is obvious from the context. Review your chat widget and any conversational assistant on your website: is it clear that it's AI, or could it be mistaken for a human agent?

5. Review emotion recognition or biometric categorization, if you use them

Some ecommerce businesses are starting to test AI that analyzes facial expressions or tone of voice during customer service video calls, or systems that categorize people based on biometric data. If you use any of these tools, you must expressly inform the person exposed to the system and process their data in accordance with GDPR.

6. Make an inventory of all AI-generated or AI-manipulated images on your website

Product photos, banners, blog, emailing, social media: any image that has been substantially generated or retouched by AI falls within the scope of Article 50 obligations. This also includes content delivered by suppliers and external agencies, even if you didn't generate it directly.

  • Don't forget your historical catalog, not just new content.
    The labeling requirement doesn't apply only to content published from August 2nd onwards; it also covers AI-generated content that's already published. You have until December, but we recommend having it ready by August.

7. Implement a visible labeling system for AI images

The AI Act requires that, if an AI-generated or AI-manipulated image could be mistaken for real content (deepfake), this must be clearly disclosed at the moment the user views it.

8. Verify the true origin of your stock images and those delivered by agencies

Much of the compliance risk doesn't come from what you generate yourself, but from what third parties deliver to you without informing you that AI was used in the process.

9. Check whether you publish AI-generated text on matters of public interest

The AI Act also requires disclosure when AI-generated or AI-manipulated text is published to inform the public about matters of public interest. This is relevant if your ecommerce has a corporate blog, an industry news section, or editorial content generated with AI without human review. If that content goes through human editorial review with responsibility for publication, the disclosure obligation doesn't apply; if you publish it directly from a model without supervision, it does.

10. Document your entire compliance process

Although as a deployer your documentation burden is much lighter than that of a provider, you should be able to demonstrate to a supervisory authority or to a client who asks about it, what process you follow to detect and label AI-generated content, and since when you've been applying it.

Blog

Related Articles

Businesses trust Lawwwing to ensure their legal compliance, keeping their documents up-to-date and avoiding penalties.
cross