
EU AI Act: What actually applies from 2 August for SMEs — and what the Omnibus package changes
From 2 August 2026, Article 50 transparency obligations for chatbots, deepfakes and emotion analysis apply — unchanged. The Omnibus package significantly extended other deadlines. A four-week checklist for SMEs.
2 August 2026 is less than four weeks away and with it, the first real compliance date in the EU AI Act that directly affects mid-sized businesses. At the same time, the so-called Omnibus package has significantly shifted the landscape: some deadlines have been extended, others remain unchanged. Time for a clear overview of what actually applies.
For companies running chatbots, producing AI-generated content, or using systems for behaviour and emotion analysis, the time to act is now regardless of whether they consider themselves an 'AI company' or not.
What becomes binding on 2 August 2026
Article 50 of the EU AI Act has not been touched by the Omnibus package. Three transparency obligations apply from 2 August without restriction:
- Chatbots must identify themselves as AI: users must not be left believing they are talking to a human — the obligation applies as soon as an interactive AI communicates with external parties.
- Deepfakes require a visible label: AI-generated or AI-manipulated images, videos, and audio must be marked as such.
- Systems for emotion recognition and biometric categorisation must inform the people affected before being used.
What the Omnibus package has postponed
In May 2026, the EU Council and Parliament reached a political agreement on an Omnibus package adjusting key AI Act timelines. The formal adoption is still pending — until then, the original timelines technically remain in force. The politically agreed direction nevertheless provides planning certainty:
- Watermarking obligations for AI-generated content (text, image, audio, video — Article 50(2)) are deferred to 2 December 2026.
- High-risk AI under Annex III (biometrics, critical infrastructure, education, employment, etc.): standalone systems receive time until 2 December 2027; product-embedded high-risk AI until August 2028.
- Extended SME threshold: simplified compliance requirements are set to apply to companies with up to 750 employees and €150 million in annual revenue — more room for larger mid-sized companies.
What this means for DACH SMEs in practice
Most mid-sized companies do not develop high-risk AI as defined in the Annex III catalogue — that is the good news for the August deadline. The decisive question, however, is not 'Are we an AI company?' but: 'Do we use AI in customer-facing contexts?' Anyone running an AI chatbot on their website, producing texts or images for external communication with AI tools, or using systems that evaluate the behaviour or emotions of customers and staff is directly affected. Non-compliance carries fines of up to €15 million or 3% of global annual turnover — also for smaller companies.
The relevant question is not whether a company sees itself as an AI company — but whether it uses AI in customer-facing contexts. That is what determines the compliance obligation from 2 August.
Your checklist for the next four weeks
- Create an AI inventory: which AI systems do you use internally and in customer-facing applications? Build a complete list — this is the foundation for everything else.
- Chatbot check: does the user clearly know they are talking to AI? If not, add a disclosure — usually a one-time technical step.
- Deepfake review: are AI-generated images, videos, or audio used in marketing? Ensure labelling is in place before August.
- Emotion analysis: does the company use systems that evaluate emotions or biometric characteristics? Clarify the disclosure obligation to those affected.
- Clarify responsibility: who is accountable for AI compliance internally? A named person creates accountability.
- Check suppliers: which AI tools are procured — do providers supply conformity information? Review contract terms.
For most SMEs, implementation is not a major hurdle — it is about a targeted review and a few concrete adjustments. If you are looking for structured support assessing your AI use or want to develop AI solutions with a built-in compliance approach, get in touch with experts.