The EU AI Act is not a big-tech problem. It's your problem.
Most Irish SME owners I speak to assume the EU AI Act is aimed at Google and Microsoft — the companies building AI. It is not. It applies to any business that uses AI tools, which at this point is almost every business in Ireland.
If you use ChatGPT to draft emails, an AI chatbot on your website, or any software that makes automated decisions about customers or employees — you are in scope. The compliance deadline is August 2nd 2026. That is 89 days away.
Here is what you need to know.
What the EU AI Act actually requires
The Act takes a risk-based approach. Not all AI use is treated the same.
Prohibited AI — certain uses are banned outright. Social scoring systems, real-time biometric surveillance in public spaces, and AI that manipulates people subconsciously. Most SMEs will not be anywhere near this category.
High-risk AI — this is where many businesses get caught out. If you use AI for recruitment screening, credit or loan decisions, or systems that make consequential decisions about people, you are in the high-risk category. This requires formal documentation, a risk management system, and human oversight records.
Limited risk — if you use a customer-facing AI chatbot, you are legally required to inform users they are interacting with AI. This is an Article 50 obligation and it is enforceable from August.
Minimal risk — standard tools like AI writing assistants or spam filters carry minimal obligations, but you still need to know what you are using and why.
The three things every Irish SME should do right now
1. Know what AI you are using
You cannot comply with a regulation covering systems you have not identified. Make a written list of every AI tool your business uses — the name, what it does, who uses it, and what data it touches. This is your AI inventory and it is the foundation of everything else.
2. Write a one-page AI usage policy
This does not need to be a legal document. It needs to state what AI tools are permitted, how they should be used, what staff should not use AI for, and who is responsible for oversight. A clear, honest policy demonstrates intent to comply — and that matters if a regulator ever comes knocking.
3. Train your staff
The EU AI Act includes an explicit AI literacy obligation. Staff who use AI tools need to understand what those tools do, their limitations, and the risks involved. A two-hour workshop counts. Documented is better than undocumented.
What happens if you ignore it
Fines under the EU AI Act are significant — up to €15 million or 3% of global annual turnover for violations, and up to €35 million or 7% for the most serious breaches. For SMEs, the reputational damage from being found non-compliant may matter more than the fine itself.
The good news is that most Irish SMEs are not in a high-risk category and the steps to basic compliance are straightforward. The businesses that will struggle are the ones who leave it until July.
Find out where you stand in five minutes
I built a free EU AI Act Readiness Assessment specifically for Irish businesses. It asks 15 questions about how your business uses AI and gives you an instant Red, Amber or Green result — with a personalised list of actions based on your answers.
It takes five minutes and it is free. No email required to start.