EU AI Act Compliance: What French SMEs Must Do Before August 2026
Blog

EU AI Act Compliance: What French SMEs Must Do Before August 2026

Auteur Keerok AI
Date 29 Mar 2026
Lecture 7 min

The EU AI Act, effective August 1, 2024, imposes binding compliance obligations on businesses across Europe — including SMEs — with critical deadlines approaching in August 2026. According to AI Acto, only 8 of 27 EU Member States had designated their national competent authorities by August 2025, creating regulatory uncertainty. For French SMEs, the clock is ticking: auditing AI systems, classifying risks, and documenting compliance now is essential to avoid penalties reaching €35 million or 7% of global annual turnover, as outlined by Baker McKenzie.

Why the EU AI Act Directly Impacts French SMEs

Contrary to popular belief, the EU AI Act doesn't only target tech giants. Any company that develops, deploys, or uses AI systems within the European Union falls under its scope — including French SMEs integrating automation tools, machine learning models, or customer data processing systems.

The regulation classifies AI systems into four risk categories:

  • Unacceptable risk (Article 5): Prohibited practices (e.g., social scoring, behavioral manipulation)
  • High risk: Critical systems (recruitment, credit scoring, healthcare, safety) requiring strict compliance
  • Limited risk: Transparency obligations (e.g., chatbots, deepfakes)
  • Minimal risk: No specific obligations (e.g., spam filters)

According to Service Public, French SMEs must identify which category their AI systems fall into to determine their legal obligations. "SMEs that ignore this classification expose themselves to major legal risks, even if their systems appear benign," warns a Baker McKenzie report.

The French Context: Delayed National Authorities

In France, several sector-specific authorities (CNIL, HAS, ARCOM, DGCCRF) are expected to oversee AI Act enforcement, but official designations are delayed. AI Acto reports that only 8 of 27 EU Member States had designated their national competent authorities by August 2025. This administrative lag doesn't exempt companies from compliance: documenting your compliance efforts now protects you in future audits.

For SMEs in Hauts-de-France, particularly around Lille, this regulatory uncertainty compounds the challenges of digital transformation. Our AI implementation expertise helps local businesses anticipate these requirements while optimizing their business processes.

AI Act Compliance Checklist for SMEs: What to Do Before August 2026

Here's a structured action plan to prepare your SME for the August 2026 deadline, when Artificial Intelligence Act.eu notes that each Member State must have established at least one AI regulatory sandbox to test system compliance.

1. Inventory and Classify Your AI Systems

Immediate action: List all AI tools used in your business, whether developed in-house or purchased (SaaS, APIs, language models, automations).

Concrete SME examples:

  • Customer service chatbots (limited risk: transparency required)
  • Automated CV screening systems (high risk: strict obligations)
  • Client scoring tools for credit or insurance (high risk)
  • Marketing content generation assistants (minimal or limited risk depending on use)

Deliverables to produce:

  1. Excel spreadsheet or Airtable base cataloging each AI system
  2. Risk classification for each system (unacceptable, high, limited, minimal)
  3. Identification of vendor, business use case, and data processed

"A comprehensive AI inventory is your first line of defense during inspections: without it, proving compliance is impossible," emphasize SGS experts.

2. Document Governance and Decision-Making Processes

For high-risk systems, the AI Act requires detailed technical documentation (Article 11) and human oversight (Article 14). SMEs must prove their AI systems don't make critical decisions without human supervision.

Concrete actions:

  • Designate an internal or external AI officer (can be outsourced)
  • Draft an AI governance policy (who decides what, how, with what safeguards)
  • Document automated decision criteria (e.g., CV screening algorithm, credit scoring)
  • Implement human review procedures for sensitive decisions

At Keerok, we help SMEs establish these governance processes by integrating human approval workflows into existing automation systems (Make, Airtable, n8n).

3. Assess and Mitigate Bias and Risks

Article 10 of the AI Act imposes strict requirements on training data quality for high-risk systems. SMEs must demonstrate their AI systems don't reproduce discriminatory biases (gender, origin, age).

Action plan:

  1. Audit datasets used to train or feed your AI systems
  2. Test outputs on diverse samples (e.g., CVs from varied profiles)
  3. Document corrective measures (anonymization, data rebalancing)
  4. Establish an AI incident register (Article 62)

According to SGS, the EU Digital Omnibus, adopted in 2025, provides simplification measures for SMEs, including extended timelines (until 2027-2028 for certain high-risk systems) and facilitated access to regulatory sandboxes.

4. Prepare Transparency and User Information

For limited-risk systems (chatbots, deepfakes, AI-generated content), the AI Act mandates transparency obligations (Article 52):

  • Clearly inform users they're interacting with AI
  • Label AI-generated or manipulated content (images, videos, texts)
  • Provide information about system functionality (in accessible language)

Practical example: If your SME uses a website chatbot, you must display from the first message: "You're chatting with an automated assistant. To speak with a human, type 'agent'."

5. Anticipate Audits and Certifications

High-risk systems must undergo conformity assessment (Article 43) before market placement. For SMEs, this means:

  • Documented self-assessment (for certain systems)
  • Audit by a notified body (for others, e.g., biometrics, critical infrastructure)
  • CE marking and declaration of conformity

Strategic advice: Leverage the regulatory sandboxes each Member State must establish by August 2026. These controlled environments allow testing system compliance with authority support.

"Regulatory sandboxes are a unique opportunity for SMEs to secure compliance before large-scale deployment," according to Artificial Intelligence Act.eu.

Risks and Penalties: What You Risk for Non-Compliance

The AI Act establishes a deterrent penalty regime, proportional to infringement severity:

Infringement TypeMaximum FineExamples
Prohibited practices (Article 5)€35M or 7% global turnoverSocial scoring, behavioral manipulation
High-risk system non-compliance€15M or 3% global turnoverMissing documentation, uncorrected bias
Inaccurate information to authorities€7.5M or 1.5% global turnoverFalse declarations, incomplete documents

For an SME with €5 million annual revenue, a 3% fine represents €150,000 — a potentially devastating amount. Beyond fines, risks include:

  • Ban on marketing the AI system
  • Product withdrawal from market
  • Reputational damage and customer trust loss
  • Civil liability for AI-caused harm

"For SMEs, AI Act non-compliance isn't just a financial risk: it's an existential threat," warns Baker McKenzie in its 2025 analysis.

Simplification Measures for SMEs: What the EU Digital Omnibus Changes

Recognizing the administrative burden on SMEs, the European Union adopted the EU Digital Omnibus in January 2025, a simplification package:

Extended Timelines ("Stop-the-Clock")

For high-risk systems, compliance deadlines are suspended until harmonized standards are published — potentially until 2027-2028. This offers SMEs breathing room, but doesn't exempt documenting compliance efforts now.

SME and Start-up Relief

  • Priority access to regulatory sandboxes
  • Technical and legal support from national authorities
  • Reduced certification fees for small structures

AI Literacy Promotion

Instead of mandating AI training obligations on companies, Member States must promote AI literacy (understanding AI implications) through public programs. SMEs can access free or subsidized training.

According to SGS, these measures aim to reduce SME compliance costs by 25% while maintaining high citizen protection standards.

How Keerok Supports French SMEs in AI Act Compliance

At Keerok, an automation and AI consultancy based in Lille, we help SMEs across Hauts-de-France and beyond navigate AI Act complexity. Our AI implementation expertise covers:

  • AI audit and risk classification: Comprehensive system inventory, legal obligation identification
  • Compliance documentation: Drafting governance policies, processing registers, risk assessments
  • Human oversight workflow integration: Automation with Make, Airtable, n8n including human validation steps
  • Training and awareness: Workshops on AI Act implications for your teams
  • Regulatory sandbox preparation: File preparation, compliance testing

We work with SMEs across sectors (services, manufacturing, healthcare, retail) to transform regulatory constraints into process improvement opportunities. By documenting and securing your AI systems, you gain not only compliance but also reliability and customer trust.

Get in touch with our team for a free AI audit and personalized compliance roadmap.

Immediate Action Plan: Your Next 5 Steps

To summarize, here's what your SME must do right now to prepare for the August 2026 deadline:

  1. Inventory all your AI systems (internal, SaaS, APIs) and classify them by risk level
  2. Designate an AI officer (internal or external) responsible for compliance oversight
  3. Document your decision-making processes and implement human supervision for critical systems
  4. Audit your training data to detect and correct biases
  5. Prepare a compliance file (policies, registers, risk assessments) for future audits

Don't wait for official French authority designations: proactive documentation is your best protection. Companies that build solid compliance files now will be better equipped to respond to inspections and avoid penalties.

"SMEs acting in 2025 transform regulatory constraints into competitive advantages: they reassure customers, secure partnerships, and anticipate tomorrow's standards," observes an AI Acto report.

Conclusion: Anticipate to Transform Constraint into Opportunity

The EU AI Act represents a major challenge for French SMEs, but also an opportunity to structure and secure AI practices. By auditing systems, documenting processes, and integrating human oversight, you're not just checking regulatory boxes: you're improving AI tool quality, reliability, and ethics.

EU Digital Omnibus simplification measures, regulatory sandboxes, and extended timelines offer SMEs a more accessible framework. But time is running out: August 2026 will arrive quickly, and unprepared companies will face major financial and reputational risks.

At Keerok, we believe AI Act compliance shouldn't stifle innovation but guide it toward responsible, sustainable practices. Contact us for tailored support and transform the AI Act into a growth lever for your SME.

Tags

AI Act EU AI Act compliance SME AI regulation AI governance EU Digital Omnibus
Retour au blog

Besoin d'aide sur ce sujet ?

Discutons de comment nous pouvons vous accompagner.

Discuss your project