The AI Act, or Regulation (EU) 2024/1689 on artificial intelligence, is the world’s first comprehensive legal framework for artificial intelligence. Its goal is to ensure that AI used in Europe is safe, transparent, and respectful of fundamental rights. It also establishes specific obligations for providers and users of AI systems, particularly in digital environments where these technologies are already a common part of the user experience.
If you have a website, an e-commerce, or any business with a digital presence, you are very likely already using artificial intelligence. Maybe through a chatbot that answers customer questions, a system that recommends products, an AI-powered search engine designed to understand natural language and complex requests, or tools that help generate text and images for your content.
This growing integration of AI into the digital environment has not only transformed the way companies interact with their users but has also driven the need to establish a common framework that regulates its use and ensures its development in a safe and transparent manner.
Therefore,the Artificial Intelligence Act (Regulation (EU) 2024/1689) will become fully applicable on 2 August 2026. From that point on, the obligations set forth in the Regulation will be enforceable against companies and digital operators that use AI systems in their services and websites. It is important to remember that the Regulation applies both to providers established in the EU and to those from third countries whose outputs are used within the Union.
So, we’ll explain what the AI Regulation requires and what changes you should consider if your website uses chatbots, virtual assistants, recommendation systems, smart search engines, or content generated by artificial intelligence.
The first step toward complying with the AI Act is transparency. The use of AI on a website cannot be hidden from users. That is why European regulation require that users be provided with clear information about the systems they interact with. This transparency is a key requirement for ensuring trust in the digital environments we interact with on a daily basis.
To comply with the regulations, websites must include a detailed statement for each active AI system. Therefore, it is highly recommended to establish an “Artificial Intelligence Policy” visible in the footer, detailing aspects such as the following.How does this affect my chatbot?
If your website has a chat assistant or virtual assistant to answer questions, users must be clearly informed that they are interacting with a machine. In this regard, the system must be designed so that users are aware from the very beginning that they are dealing with artificial intelligence. This information must be presented clearly and in a way that is easily distinguishable, at the latest at the time of the first interaction with the chatbot.
It is particularly important to adapt these notices if the system interacts with vulnerable groups, such as minors or the elderly, ensuring that the information is accessible and understandable based on their level of digital literacy.
It is important to note that this notice may only be omitted if the automated nature of the interaction is evident to a reasonably informed and discerning person—a standard that authorities interpret strictly.
Examples of appropriate text for your first message:
“Hello, I am the virtual assistant for [Your Store]. I am powered by Artificial Intelligence and am here to help you.”
“You are interacting with an AI system designed to quickly answer your questions.”
Currently, distinguishing between what is real and what is artificial is one of the greatest challenges to information integrity, especially in contexts where it is increasingly common for e-commerce businesses to use image-generation tools to create or enhance the presentation of their products. To prevent deepfakes, the Regulation imposes obligations to identify them.
The EU has developed a Code of Practice on Transparency to guide compliance with the labeling of AI-generated content.
Many websites incorporate AI-powered answer engines that analyze content and combine information to generate a unique response for each user. The user has the right to know that the results they see are not just a list of products, but that the search logic is mediated by an AI that understands and prioritizes information according to inference algorithms. If your website uses one of these systems, you should inform users that the search process is mediated by AI, which prioritizes and organizes information based on inference algorithms.
This is crucial because these systems can influence user behavior by predicting and suggesting personalized results. This transparency allows users to assess their level of trust in the output and understand that they are being subject to profiling based on their behavior.
Virtual try-on tools are among the most powerful tools in e-commerce today, allowing customers to use their camera or avatars to try on products such as glasses, makeup, or clothing. In this way, by using the customer’s camera, biometric personal data is being processed, and the user must be fully informed about how the system works before granting access to the user’s camera.
This processing must strictly comply with the GDPR’s data minimization principle, collecting only what is necessary for the requested function and ensuring the security and confidentiality of the information.
Violations of the Artificial Intelligence Act (AI Act) are subject to a system of financial penalties designed to be effective, proportionate, and dissuasive. The amount of the fines varies depending on the severity of the violation and the size of the company.
The law is more flexible with regard to small and medium-sized enterprises (PIMES). For these businesses, the fine will always be the lesser of the two amounts (the fixed amount or the percentage), thereby ensuring that the penalty is proportionate.
Several factors are considered when determining the amount of the penalty:
In Spain, the AESIA (Spanish Agency for the Supervision of Artificial Intelligence) will be responsible for ensuring compliance with these regulations and imposing penalties if necessary.
Under the European Union’s Artificial Intelligence Regulation, customers and users have a set of rights designed to ensure transparency, ethics, and safety in the use of these technologies. These rights complement those already established in the GDPR, such as the right not to be subject to fully automated individual decision-making.
The main rights that the new legal framework grants to citizens are as follows:
Users must be informed that they are interacting with an AI system. Therefore, providers must ensure that generated content (audio, images, video, or text) is identifiable as artificial through machine-readable technical markers.
Customers have the right to be informed if content that appears real has been manipulated or generated by AI to simulate people, places, or events (deepfakes).
If a customer is exposed to emotion recognition or biometric categorization systems, the party responsible for their deployment is obligated to inform the customer about how they work.
If a company makes a decision based primarily on the results of high-risk AI that produces legal effects or significantly affects the customer, the customer has the right to receive a clear and meaningful explanation of the role of the AI and the key elements of that decision. For example, if an algorithm denies a credit or insurance application, the user must be able to understand the logic the system followed.
The Regulation establishes mechanisms for citizens to take action in the event of non-compliance:
To comply with the AI Act, the first step is to identify which artificial intelligence systems you use on your website and how they affect the user experience. From there, it is essential to register them and ensure that clear, accessible, and visible information about their use is provided.
In practice, this involves implementing an “Artificial Intelligence Policy” that describes the active systems (chatbots, recommendation engines, smart search engines, or content generators), as well as how they interact with users. Additionally, you must include transparency notices at touchpoints, such as the chatbot’s first message, search interfaces, or AI-generated content. It is crucial that these notices are visible and not hidden in lengthy menus or technical manuals.
It is also advisable to establish labeling and traceability mechanisms for generated or manipulated content, as well as to review whether you process sensitive data—such as biometrics in virtual testing tools—to apply the corresponding prior notices.
In addition, it is essential to keep this information up to date, as the use of AI on websites is constantly evolving and legal obligations may vary depending on the type of system. To streamline this process, there are automated tools that help detect the use of AI on websites and keep your legal documentation in line with current regulations.
To manage all of this easily, remember that tools like Lawwwing’s AI Sentinel automatically scan your website, detect these tools, and keep your legal texts up to date as regulations change. Its detection technology analyzes visual patterns invisible to the human eye with over 98% accuracy. AI Sentinel integrates in under 2 minutes with any CMS, such as WordPress or Shopify, ensuring your e-commerce business remains transparent and ethical at all times.
