EU AI Act takes effect in August: what changes for companies with European clients

On August 2, 2026, the transparency rules of the European Union's AI Act take effect. This is the first real enforcement milestone of the most comprehensive AI legislation ever passed by an economic bloc — with implications for any company serving clients or users in Europe, regardless of where the company is headquartered.

The August rules are about transparency: AI systems must inform users they are interacting with an AI when it is not evident. AI-generated content must be identified as such. Deepfakes require labeling. High-risk AI systems (credit, hiring, health, critical infrastructure) must be registered in a public EU database.

What takes effect in August vs. December 2027

August 2026: transparency rules and general-purpose AI systems (like GPT-4, Claude, Gemini).

December 2027: rules for high-risk AI systems in critical sectors. Here are the heavier obligations: conformity assessment, registration, technical documentation, mandatory human oversight, explanation rights.

For most companies using chatbots, marketing automation, recommendation systems and data analysis — August is the relevant deadline now.

What companies need to do

AI identification: if a chatbot responds to clients, it must disclose that it is an AI system when not obvious.

Generated content: texts, images, videos and audio generated by AI must be identifiable — via watermark, metadata or explicit declaration.

Deepfake: any content manipulating the appearance or voice of real people must be marked as synthetic.

GPAI (General Purpose AI): models like Claude, GPT-4 and Gemini, when used in European products, require documentation on capabilities, limitations and training data.

The real risk of non-compliance

AI Act fines reach 7% of global annual revenue — or €35 million, whichever is greater — for the most serious infractions. For transparency infractions specifically, the limit is 1.5% or €7.5 million. These numbers are not theoretical: the EU showed with GDPR that it is willing to enforce fines.

For Brazilian companies

Any Brazilian company with users, clients or operations in Europe is subject to the AI Act — the same way it is subject to GDPR. It is not necessary to be headquartered in Europe. If the product processes data of European residents or offers them services, the Act applies.

For 10Dobro, which builds AI systems for clients: documenting that systems use AI, maintaining automated decision logs and ensuring human oversight in high-impact decisions is already part of our practice. European regulation is not distant — it is the floor that will pull the global market upward.