EU AI Act compliance made practical

Navigating EU AI Act obligations with clear, actionable guidance

REGULATORY LANDSCAPE

The AI Act is taking effect, and compliance requirements are mounting

The EU AI Act (Regulation 2024/1689) changes how companies build and deploy artificial intelligence. From simple chatbots to complex algorithms, your systems must now meet clear standards for data transparency and risk control. Failing to comply can result in severe financial penalties, with fines reaching up to €35 million or 7% of global annual turnover.

The clock is ticking: companies have less than 19 months to build their compliance framework before high-risk mandates take full effect.

1
FEB 2025 Effective
AI Literacy and Prohibited practices
The regulation bans all AI systems with unacceptable risk and requires mandatory training for your team.
2
AUG 2025 Effective
GPAI obligations
Strict documentation and training transparency requirements for general-purpose AI models.
3
NOV 2026 Next Milestone
Transparency (Art. 50)
Clear labeling requirements for generated content and any AI systems that interact directly with people.
4
DEC 2027 Upcoming
High-risk systems (Annex III)
Full enforcement of compliance mandates for Annex III high-risk AI systems.
5
AUG 2028 Upcoming
Regulated products (Annex I)
Full integration of compliance mandates for AI systems embedded within existing sectorial product frameworks.
Schedule updated in accordance with the European Parliament’s March 2026 proposal. Until formal adoption of the omnibus, original statutory dates continue to apply.
OUR APPROACH

Three phases to compliance

Phase 1: Assessment

  • AI Systems Inventory
  • Scope & Applicability Analysis
  • Role Identification & Risk Assessment
  • AI Act Readiness Audits

Phase 2: Implementation

  • Compliance Roadmap
  • Technical Documentation & QMS
  • Conformity Assessment Support

Phase 3: Support

  • Regulatory Liaison & Monitoring
  • Training & Workshops
  • Policy & Regulatory Tracking
  • On-call Advisory

Frequently asked questions

What is the AI Act and who is concerned?
Enacted as Regulation (EU) 2024/1689, the AI Act establishes comprehensive rules for how artificial intelligence is engineered, deployed, and utilized within the EU. The law applies to any business worldwide if its AI systems interface with EU markets or residents. It splits market participants into key categories: providers who design and launch AI products, deployers who utilize them in a business setting, and traditional intermediaries like importers and distributors.
Does my business fall under the scope of the AI Act?
In all probability, yes. If your operations involve building, deploying, embedding, or commercializing any form of artificial intelligence, including customer chatbots, recommendation algorithms, automated hiring tools, scoring models, and anomaly detection software, the law applies to you. Your exact compliance burden is determined by three factors: your regulatory classification (provider vs. deployer), your system's assigned risk tier, and applicable enforcement dates.
What are the financial risks for non-compliance?
Fines are tiered based on the nature of the infraction. Deploying prohibited AI practices or committing systemic breaches can trigger catastrophic penalties of up to €35M or 7% of global annual turnover. Failing to meet the mandates for high-risk systems can cost up to €15M or 3% of revenue, while submitting deceptive data to regulators tops out at €7.5M or 1%. For the vast majority of small and medium enterprises, even a fraction of these penalties could prove fatal to both finance and reputation. Securing compliance early is the best way to safeguard your operations.
What is the official implementation timeline for the AI Act?
Enforcement is rolling out in phases. Regulations surrounding banned AI applications and employee AI Literacy took effect in February 2025, followed by General Purpose AI (GPAI) mandates in August 2025. The immediate priority now is the Article 50 transparency deadline on November 2, 2026 – if your company utilizes deepfakes, synthetic media, or automated chatbots, you must act immediately. Comprehensive compliance frameworks for high-risk software will become mandatory on December 2027.
How do we get started?
Getting started is straightforward. Book a short introductory call (free, 15–20 minutes). We assess how your organization uses AI and which regulations apply. You receive an initial AI Act readiness snapshot showing your compliance status. If relevant, we propose clear next steps.

Ready to get started?

Contact us to schedule an introductory call. Let’s evaluate your AI systems and outline your compliance requirements.

compliance@normos.ai

Legal Notice (Impressum)

Information pursuant to § 5 DDG (Digitale-Dienste-Gesetz)

Project / Operator

Project: normos.ai
Operator: Denis Ryazanov

Address

Adolf-Heyden-Straße 5
12555 Berlin
Germany

Contact Information

Email: compliance@normos.ai
Website: https://normos.ai

Dispute Resolution

The European Online Dispute Resolution (ODR) Platform was discontinued as of 20 July 2025, following Regulation (EU) 2024/3228. We are not obliged, and generally not willing, to participate in dispute resolution proceedings before a consumer arbitration board.

For consumer dispute resolution in EU Member States, you may consult the list of certified dispute resolution bodies: https://consumer-redress.ec.europa.eu/dispute-resolution-bodies

Privacy Policy

Last updated: 9 June 2026

normos.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website.

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Denis Ryazanov
Adolf-Heyden-Straße 5
12555 Berlin
Germany
Email: compliance@normos.ai
Website: https://normos.ai

2. Information We Collect

We may collect information about you in the following ways:

Personal Information: When you contact us by email, we may collect personally identifiable information such as your name, email address, company name, and any other information you voluntarily provide.

Usage Data (Server Log Files): When you visit this website, your browser automatically transmits technical data to our hosting provider, including your IP address, browser type and version, operating system, referring URLs, date and time of access. This data is stored temporarily for technical and security purposes and deleted after 7 days. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the website).

Cookies and Tracking Technologies: This website does not use cookies, analytics tools, or tracking technologies of any kind.

3. How We Use Your Information

We use the information we collect for the following purposes:

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: We may share information with trusted third-party service providers (e.g. our hosting provider) who assist us in operating our website, subject to confidentiality agreements and data processing agreements under Art. 28 GDPR.

Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Email correspondence is deleted once the enquiry has been fully resolved and no legal retention obligations apply.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal information:

To exercise any of these rights, please contact us at compliance@normos.ai.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit, www.datenschutz-berlin.de

8. International Transfers

We do not knowingly transfer your personal information to countries outside the European Economic Area (EEA). If any transfer is necessary, we will ensure that appropriate safeguards are in place in accordance with applicable data protection laws (e.g. Standard Contractual Clauses under Art. 46 GDPR).

9. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date at the top.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: compliance@normos.ai