Perplexity AI and the EU AI Act: A Deployer's Compliance Map
Perplexity AI under the EU AI Act: your duties turn on the use case, not the tool. Most internal research is minimal risk; Art 50 applies if answers go public.
Probably not high-risk. Perplexity is a research and answer engine — you query it, it synthesises an answer from sources, you read the result. For most companies that is internal desk research, which carries no mandatory EU AI Act obligation beyond AI literacy. This page maps your duties as a deployer of an answer engine.
Perplexity runs on third-party general-purpose AI (GPAI) models it does not itself train. Under Regulation (EU) 2024/1689 those upstream models sit in Chapter V through their respective model providers, not as a self-contained risk object you carry. Your obligations attach to your use case and your risk tier.
Most internal research use — drafting, market scans, summarising public sources — is minimal risk. Risk rises in only two places: when answer-engine outputs are surfaced to users or customers (Article 50 transparency), and when the output feeds a consequential, Annex III decision.
Your Role: Deployer of a Third-Party Answer Engine
The GPAI models underneath Perplexity carry Chapter V obligations (Articles 51-55, in force since 2 August 2025) on their respective model providers — technical documentation, a training-data summary, and systemic-risk duties where a model crosses the relevant threshold. That burden is upstream and partial; it is not yours.
Your company, using Perplexity for research, is a deployer under Article 26 of Regulation (EU) 2024/1689 — the lightest mainstream role in the Act. A deployer, per Article 3(4), is a natural or legal person using an AI system under its own authority, except for purely personal non-professional use.
You only shift toward provider status under Article 25 if you embed Perplexity output into a product you place on the market under your own name or trademark, or substantially repurpose the system. Pasting a summary into an internal memo does not cross that line; building and selling a tool around its output can.
A deployer's mandatory duties are minimal unless the use case is high-risk. The heavy provider stack — risk management (Article 9), technical documentation (Article 11), conformity assessment (Article 43), registration (Article 49), the EU Declaration of Conformity (Article 47) — does not attach to ordinary research use.
Classifying Your Perplexity Use Case Across the Four Tiers
The Act does not classify Perplexity; it classifies what you do with it. Run your use case through the four tiers in order.
Minimal risk: internal desk research and drafting
Using Perplexity for internal literature reviews, competitive scans, summarising public sources, or first drafts carries no mandatory EU AI Act obligation. The only live duty is Article 4 AI literacy, in force since 2 February 2025: staff should understand the tool's limits, especially that an answer engine can hallucinate and that its citations are not always reliable.
Limited risk: when answers reach users or customers (Article 50)
If you surface Perplexity-generated answers through a customer-facing chatbot or assistant, you trigger Article 50(1): users must be informed they are interacting with an AI system, unless that is obvious. Where AI-generated text is published to the public, Article 50(2) may require machine-generated marking — those provisions land 2 December 2026. These are disclosure duties, not conformity assessment.
High risk: when research feeds an Annex III decision
Perplexity's output is not high-risk on its own. But if its synthesis materially drives an Annex III decision, the surrounding system can be. The common trigger is Annex III point 4 employment — 4(a) recruitment and selection; 4(b) in-employment decisions — where research summaries screen, rank, or evaluate candidates or staff.
Apply the Article 6(3) filter honestly. A system doing narrow preparatory work that does not influence the human decision can fall outside high-risk. But profiling of natural persons is always high-risk and cannot use the filter. If a person is being evaluated, assume high-risk.
Prohibited: the Article 5 lines you still cannot cross
Article 5 binds regardless of the tool. No subliminal or manipulative techniques; no exploitation of vulnerabilities. These prohibitions have been in force since 2 February 2025, with a new CSAM and "nudifier" prohibition added from 2 December 2026. Most general research and internal knowledge work is not high-risk: most companies land at minimal risk, or — where outputs reach an external audience — at Article 50 limited risk.
Answer-Engine Traps: Citations, Hallucination, Confidentiality
The live risks of an answer engine are not the AI Act tier; they are the things that quietly move your workflow across a line.
Citations and attribution. Synthesised answers with linked sources can still misattribute or hallucinate. If you republish that synthesis, accuracy and copyright are your responsibility as the publisher — independent of the AI Act tier.
Confidentiality and data. Pasting internal documents, client material, or personal data into a research query is a data-protection event before it is an AI Act question. You need a GDPR Article 6 lawful basis and, for special-category data, GDPR Article 9 grounds. Check whether your plan offers a data processing agreement and whether inputs train the upstream model.
Decision-laundering. Treating an answer-engine summary as if it were verified fact can turn a "minimal-risk research tool" into the basis of an Annex III decision — for example, using it to evaluate a person. At that point the Article 6 and Annex III analysis applies to the surrounding workflow.
Article 4 literacy as the practical control. An acceptable-use policy that tells staff what they may not paste, requires source verification before reuse, and records who has been trained is proportionate — and it is the only duty already in force for most research users. None of these traps make Perplexity inherently high-risk; they decide whether your workflow crosses a line.
Use-Case Classification Reference Table
The table maps five common patterns to provision and required action.
| Use case | Risk tier | Governing provision | Mandatory action |
|---|---|---|---|
| Internal desk research / drafting | Minimal | Article 4 | AI literacy + acceptable-use policy |
| Public-facing assistant surfacing answers | Limited | Article 50(1) / (2) | Disclose AI; mark synthetic content (from 2 December 2026) |
| Summaries used to screen / rank candidates | High-risk | Article 6 + Annex III point 4(a) | Full deployer duties (Articles 26, 27) |
| Summaries informing in-employment decisions | High-risk | Annex III point 4(b) | Article 26 oversight; inform worker reps |
| Any use profiling natural persons | High-risk | Article 6(3) filter unavailable | Treat as high-risk |
Your classification turns on the decision the output feeds, not the tool.
Worked Example: A 120-Person Consultancy Using Perplexity
Lindqvist & Hale is a 120-person management consultancy in Stockholm — an SME under the EU AI Act on both headcount and turnover — using Perplexity across three teams.
Scenario A — research team, market scans and first-draft client memos. Minimal risk. The only obligation is Article 4 AI literacy plus an acceptable-use policy that bans client-confidential inputs without a data agreement.
Scenario B — Perplexity answers piped into a client-facing website assistant. Now Article 50(1) transparency applies: tell users they are interacting with an AI system, and published AI-generated text may need machine-generated marking under Article 50(2) from 2 December 2026.
Scenario C — HR team uses research summaries to rank inbound applicants. This drags the surrounding workflow into Annex III point 4(a) high-risk, triggering Article 26 deployer duties — use per the provider's instructions, human oversight, logging, informing worker representatives — and an Article 27 Fundamental Rights Impact Assessment where required.
Penalty exposure scales with the tier. A breach of Article 50 or Article 26 duties sits in Article 99(4) — up to €15 million or 3% of total worldwide annual turnover, whichever is higher — while a prohibited-practice breach sits in Article 99(3) at up to €35 million or 7% of total worldwide annual turnover, whichever is higher. Under Article 99(6) an SME like Lindqvist & Hale is capped at the lower of the fixed amount or the percentage. The firm's real work is policy and verification, not a high-risk conformity project.
Deadlines and the 'Agreed But Not Yet Law' Caveat
The live timeline as of June 2026: Article 5 prohibitions and Article 4 AI literacy in force since 2 February 2025; GPAI obligations (Articles 51-55) since 2 August 2025; the new CSAM and "nudifier" prohibition and the Article 50 content-marking and watermarking provisions landing 2 December 2026.
High-risk timing carries a mandatory caveat. Stand-alone Annex III high-risk obligations (Article 6(2)) still read 2 August 2026 in the statute. The Digital Omnibus reached provisional political agreement on 6-7 May 2026 (COREPER confirmed the text around 13 May 2026) to defer that to 2 December 2027 — but as of June 2026 it is not yet law. It still needs a European Parliament plenary vote, formal Council adoption, and publication in the Official Journal. Plan against 2 August 2026 until the deferral is enacted.
The deferral is fixed calendar dates, not a standards-contingent "stop the clock" — that variant was rejected. Product-embedded Annex I high-risk (Article 6(1)) moves from 2 August 2027 to an agreed 2 August 2028, also not law. For a research deployer the dates that matter are already in force or near; high-risk dates only bite if a use crosses into Annex III.
How Confir Helps
Add Perplexity to your AI inventory and Confir runs a deterministic, rule-based classification — no model inference, no hallucination. A plain-English intake asks about your role, use case, data, and audience, derives your tier, and shows the exact rule that fired. A minimal-risk research use gets a short checklist; an Annex III use gets the full Article 26 deployer stack — oversight, logging, the Article 27 FRIA workflow where it applies, and the Article 4 literacy record.
Frequently asked questions
Is Perplexity AI high-risk under the EU AI Act?
Not by default. Perplexity is an answer engine running on third-party general-purpose AI models, and those upstream GPAI obligations (Articles 51-55, in force since 2 August 2025) sit with the model providers, not you. For your company as a deployer, the tier depends on use: internal desk research is minimal risk, and surfacing answers to customers triggers Article 50 transparency. It becomes high-risk only if its output materially drives an Annex III decision, such as screening job applicants under Annex III point 4(a).
Do I have any EU AI Act obligations if I only use Perplexity for internal research?
Very few. Ordinary internal use — literature reviews, market scans, summarising public sources, first drafts — is minimal risk with no mandatory conformity duties. The one obligation already in force is Article 4 AI literacy, applicable since 2 February 2025: staff should understand the tool's limits, including hallucination and unreliable citations. A short acceptable-use policy covering what may not be entered and requiring source verification before reuse is usually sufficient for minimal-risk research use.
When does Article 50 transparency apply to Perplexity outputs?
Article 50 applies when answers reach people outside your team. If you surface Perplexity-generated responses through a customer-facing chatbot or assistant, you must inform users they are interacting with an AI system under Article 50(1) unless it is obvious. AI-generated text published to the public may require machine-generated marking under Article 50(2); those provisions apply from 2 December 2026. Internal use that never reaches an external audience does not trigger Article 50.
Can using Perplexity make my company a provider rather than a deployer?
Only if you go beyond using the finished answer engine. Querying Perplexity for internal knowledge work keeps you a deployer under Article 26. You shift toward provider status under Article 25 only if you embed its output into a product you place on the market under your own name or trademark, or substantially repurpose the system. Pasting a Perplexity summary into an internal memo does not make you a provider; building and selling a tool around its output can.
What are the data and confidentiality risks of using Perplexity for work?
They arise before the AI Act does. Entering internal documents, client material, or personal data into a research query is a data-protection event: you need a GDPR Article 6 lawful basis, and special-category data needs GDPR Article 9 grounds. Check whether your plan offers a data processing agreement and whether inputs are used to train upstream models. The practical control is an acceptable-use policy that bans confidential or personal inputs without a data agreement.
What penalties could apply, and are SMEs treated differently?
Fines run in three tiers under Article 99. Breaching the Article 5 prohibitions reaches up to €35 million or 7% of worldwide annual turnover (Article 99(3)). Most breaches, including Article 50 transparency and Article 26 deployer duties, reach up to €15 million or 3% (Article 99(4)). Supplying incorrect or misleading information to authorities reaches up to €7.5 million or 1% (Article 99(5)). Under Article 99(6), an SME or start-up is capped at the lower of the fixed amount or the percentage.
Has the high-risk deadline that could affect Perplexity workflows changed?
Not in law yet. The Digital Omnibus reached provisional political agreement on 6-7 May 2026 (COREPER confirmed the text around 13 May 2026) to defer stand-alone Annex III high-risk obligations to 2 December 2027, but as of June 2026 it still needs a European Parliament plenary vote, formal Council adoption, and Official Journal publication. Until then the statute legally reads 2 August 2026, so plan against that date — and only if a use crosses into Annex III.
Related guides
- build your AI system inventory
- ChatGPT under the EU AI Act
- general-purpose AI model obligations
- how to classify LLM-based systems
- provider duties when building on an LLM API
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →