EU AI Act Enforcement 2026: The SaaS Compliance Checklist

The EU AI Act is now enforced. Prohibited practices took effect February 2, 2025; general-purpose AI obligations took effect August 2, 2025; Annex III high-risk system obligations apply from August 2, 2026 (with embedded-product rules extending toward 2027-2028). If your SaaS has any AI surface and any EU user, you are in scope. This is the engineering checklist we use when we ship.

TL;DR — the 6 things every AI SaaS must do (May 2026)

The minimum compliance baseline for an AI SaaS serving EU users:

1. Classify every AI feature — prohibited, high-risk, limited-risk (chatbots / generative content / emotion recognition / biometric categorization), or minimal-risk. The classification drives every other obligation.
2. Disclose AI to users at first contact — a chatbot must say it's a chatbot, generated images must carry provenance markers, deepfakes must be labeled.
3. Keep model and prompt logs for 6 months minimum — input, output, model ID, system prompt version, user-facing labels at time of generation.
4. Build a human-oversight path for any decision the AI makes that affects a person — reject, escalate, override.
5. Document your AI system — provider name and version of any LLM you use, intended purpose, known limitations, training data summary (for any model you fine-tune), and accuracy metrics for high-risk features.
6. Watermark / label generative AI output — text, image, video, audio. The labeling can be machine-readable (C2PA) or visible. Both is safer.

Below the checklist, the engineering details.

Risk class	Examples	Core obligations	Penalty tier
Prohibited	Social scoring, real-time biometric ID in public, emotion recognition at work	Ship none of this. Audit existing features.	Up to €35M or 7% turnover
High-risk	Hiring AI, credit scoring, education grading, critical infrastructure	Risk management, data governance, technical documentation, logging, human oversight, accuracy + robustness reporting, registration in EU database	Up to €15M or 3% turnover
Limited-risk (transparency)	Chatbots, generative content, emotion recognition, biometric categorization	Disclosure to users, labeling of AI output	Same penalty tier as high-risk
General-purpose AI (provider)	The LLM vendor — OpenAI / Anthropic / Google / Meta	Model card, eval results, training-data summary, copyright compliance	Up to €15M or 3% turnover
GPAI deployer (you, as the SaaS)	Anyone using a third-party LLM	Transparency + logging only	Limited
Minimal-risk	Spam filter, recommendation engine, A/B test ML	None mandatory	Voluntary codes of conduct

The biggest classification mistake we see: teams assuming their feature is "limited-risk" when one of the Annex III categories actually bites it as high-risk. Read Annex III before you assume.

What changed in 2025-2026 enforcement

Three structural shifts since the Act passed in 2024:

1. GPAI obligations are live. Anthropic, OpenAI, Google, Meta, and Mistral all publish model cards, evaluation summaries, training-data summaries, and copyright-compliance statements as of late 2025. As a deployer, you can usually point to these — you don't have to recreate them. Keep a copy of the vendor statement that was in effect when you deployed; vendors update these and your audit trail needs the version-at-the-time.

2. The AI Office has issued enforcement guidance. The European Commission's AI Office endorsed the final General-Purpose AI Code of Practice in mid-2025 and has continued publishing Commission guidelines for GPAI providers. The materials clarify what counts as a "general-purpose AI model with systemic risk" — anchored to the 10²⁵ FLOPs training-compute presumption in Article 51. Most SaaS deployers are below this threshold even if they fine-tune.

3. National DPAs are coordinating with the AI Office. Member-state Data Protection Authorities (Ireland's DPC, France's CNIL, Germany's BfDI) are the de facto enforcers for cross-border AI compliance, and they coordinate via the European Data Protection Board. Expect investigations to move faster than under early GDPR.

The headline implication: enforcement is no longer theoretical. The Commission has signaled that 2026 is the year of "active supervision" — formal inquiries are starting on the largest GPAI providers and on high-risk SaaS deployers in finance and healthcare.

The classification step — the only one that matters first

Before anything else, classify each AI feature in your product. Get this wrong and the rest of the checklist applies to the wrong things.

The classification questions, in order:

1. Does this feature fall under any Article 5 prohibition? (Social scoring leading to detrimental treatment, real-time remote biometric ID in public spaces for law enforcement, emotion recognition in workplaces or education, purely profiling-based criminal-risk prediction, vulnerability exploitation, manipulative or deceptive AI causing significant harm, untargeted facial scraping, sensitive-attribute biometric categorization.) If yes — kill the feature. There's no compliance path.
2. Does it match an Annex III high-risk category? (Critical infrastructure, education, employment, essential services, law enforcement, migration, justice + democracy.) If yes — full high-risk obligations apply.
3. Is it a chatbot, generative content, emotion recognition, or biometric categorization? If yes — transparency obligations apply (disclosure + labeling) even though it's not "high-risk."
4. Are you using a third-party GPAI model (Claude / GPT / Gemini / Llama)? If yes — you're a deployer. Your obligation is transparency + oversight; the provider handles GPAI documentation.
5. None of the above? Minimal-risk. No mandatory obligations, but voluntary codes of practice exist.

The trap: most SaaS founders we work with want to be in class 4 or 5. They are sometimes in class 2 without realizing it. Examples:

• An HR SaaS with an "AI shortlisting" feature → Annex III high-risk (employment).
• An EdTech platform with "AI-graded essays" → Annex III high-risk (education).
• A fintech with an AI credit-risk scoring feature → Annex III high-risk (essential services + creditworthiness).
• A customer-support chatbot → limited-risk (transparency only).
• An AI sales-email writer → limited-risk (transparency only).

When in doubt, classify high. Penalty asymmetry is severe: an over-cautious classification costs you engineering time; an under-cautious one costs you turnover.

The SaaS engineering checklist

These are the items we implement on every AI SaaS we build for production with EU users:

Disclosure at first contact

Every AI feature must tell the user it's AI on first interaction. A chatbot's first message must state it's an AI. A generative-content feature must label its output. A button that triggers AI processing should say "Powered by AI" or equivalent before the user clicks.

The implementation: add a data-ai-disclosure boundary on every component that mediates an AI interaction. Audit those boundaries in QA. Don't trust marketing to remember.

Output labeling / watermarking

Every piece of AI-generated text, image, audio, or video must be labeled as such. The Act allows machine-readable (C2PA, IPTC Photo Metadata, SynthID) and visible labels. Both is best practice.

For text: a small visible disclosure plus a metadata field in the API response. For images: C2PA manifest in the file. For audio/video: SynthID-equivalent or watermark in the encode step. Tag the watermarking approach in your technical documentation.

Logging — 6-month minimum retention

For every AI-mediated decision or content generation, log:

• Timestamp (ISO 8601 with timezone)
• Model ID and version (e.g. claude-4-5-sonnet-20260315)
• System prompt version hash (don't store the full prompt; reference a version)
• User input (or a hash if the input is PII — anonymize)
• Output (or a hash if the output is sensitive)
• User-facing labels and disclosures that were active at generation time
• Outcome (accepted / rejected / overridden) for decision-making AI

The Act doesn't mandate 6 months specifically — it mandates "appropriate" retention for high-risk features. In practice, 6 months is the floor most compliance vendors recommend. Some sectors (finance) push to 5+ years.

Human-oversight path

For any AI that makes or strongly influences a decision affecting a person — hiring, credit, education, healthcare, justice — there must be a documented path for a human to:

• See the AI's reasoning (or at least the inputs and outputs)
• Override the decision
• Escalate to a senior reviewer
• Permanently reject the AI's recommendation without that being treated as an exception

In code: a /override endpoint, an audit log of overrides, and a dashboard that surfaces the override rate. If override rate is near-zero, your humans aren't really overseeing — they're rubber-stamping.

Technical documentation

For every high-risk AI feature, maintain:

• A model card or equivalent for the underlying LLM (link to vendor's published card)
• A system card for your composed AI system (prompt scaffolding, retrieval pipeline, tool use, post-processing)
• Intended purpose and limitations (explicit list of what the feature does and doesn't do)
• Known accuracy / robustness metrics from your internal evals
• Risk-management notes — what could go wrong, what mitigations are in place

This documentation must be available to authorities on request. The format is flexible; the substance must be present.

EU database registration (high-risk only)

High-risk AI systems must be registered in the EU AI database before they're placed on the market. Limited-risk and minimal-risk features do not require registration. If you build for the public sector or critical infrastructure, this applies. Most B2B SaaS does not need to register unless it crosses into Annex III.

Where the GPAI vs high-risk classification actually bites

The most expensive compliance mistake we see is teams treating a high-risk feature as a limited-risk feature because "we're just using GPT-5; the model provider handles the burden."

This is wrong. The deployer of an AI system is responsible for the system's classification, even when the underlying model is third-party. If you use GPT-5 to shortlist job candidates, you are deploying a high-risk AI system. OpenAI's GPAI compliance does not cover your obligations. You still owe:

• Risk management documentation specific to your shortlisting feature
• Human oversight on every shortlisting decision
• Bias and accuracy testing on your specific deployment
• Logging of every shortlisting decision
• Registration in the EU database

The model is third-party. The system is yours. The Act sees through "but we just use the API" reasoning.

Real-world enforcement gotchas

Five operational surprises we've hit working with EU-serving SaaS teams in 2025-2026:

1. Vendor compliance statements update without notice. Anthropic, OpenAI, and Google updated their GPAI compliance pages multiple times in late 2025. Your audit trail needs to capture the vendor statement that was active when you deployed, not the current one. Snapshot vendor compliance pages monthly into your own document store.

2. Member-state interpretations diverge. France's CNIL, Germany's BfDI, and Ireland's DPC have published slightly different guidance on the same Act articles. If you operate across all of them, the safest move is to comply with the strictest interpretation. CNIL has historically been the strictest on AI-specific provisions.

3. The "general-purpose AI with systemic risk" threshold is computed in FLOPs, not parameters. A model crosses systemic-risk if its training compute exceeds 10^25 FLOPs. As of May 2026, only a handful of frontier models cross this. If you fine-tune, you almost certainly stay below. Document your training compute to prove it.

4. The legacy-systems transition window is finite. GPAI models placed on the market before August 2, 2025 have until August 2, 2027 to come into full compliance under the Act's transitional regime. New high-risk Annex III systems placed on the market after August 2, 2026 are in scope immediately; legacy high-risk systems get a phased path. Don't assume an old feature is grandfathered indefinitely — the windows close.

5. "Provider" vs "deployer" classification can flip mid-product. If you fine-tune a model, you become a provider of that fine-tuned model — even if you started as a deployer of the base model. Heavier obligations apply. Most SaaS teams we work with don't fine-tune (RAG + prompt engineering covers their use cases), which keeps them in deployer territory.

When the EU AI Act isn't your biggest concern

For some SaaS teams, the AI Act is not the top compliance priority. Don't reorder your roadmap if:

• You have no EU users and no plans to acquire any. The Act is extraterritorial only when EU users or output exists. If you're a US-only B2B with zero EU presence, focus on SOC 2 + state-level US AI laws (Colorado SB 205, NYC LL 144, California AB 2885) first.
• Your AI feature is genuinely minimal-risk and not user-facing. A spam classifier in your email pipeline doesn't trigger Act obligations. Internal analytics ML is usually minimal-risk.
• You're pre-launch and don't have AI features yet. Build compliance into the architecture from day one — but don't slow your MVP for documentation that has no product to describe.

That said: every SaaS we work with that "won't have EU users" eventually does. Architect for the Act anyway; it's cheaper than retrofitting.

What we help with

ZTABS builds AI-first software and we've shipped multiple production AI features under EU AI Act scrutiny. If you need:

• A compliance audit of your existing AI features (classification + gap report)
• Implementation help on logging, oversight, and watermarking
• Documentation packages for your DPA review or supervisory audit
• Or an opinion on whether a planned feature is high-risk before you build it

Reach out via /contact. We turn around classification audits in 5-7 business days.

Related reading

• AI Governance and Compliance: a practical guide for production AI systems — the broader compliance landscape (HIPAA, SOC 2, GDPR, AI Act)
• Claude vs GPT vs Gemini in 2026 — frontier-model comparison
• Self-hosted LLM guide — when to bring inference in-house for regulated workloads
• AI integration for business — build vs buy frameworks
• ZTABS AI development services
• ZTABS SaaS development services

---

The EU AI Act is a living regulation; specific obligations, deadlines, and AI Office guidance evolve. This post reflects the May 2026 snapshot. Tagged claims are flagged for editorial verification before publish. Not legal advice — for binding interpretation, consult counsel licensed in the relevant member state.