EU AI Act for SaaS Startups: The Founder's Compliance Guide

If your SaaS product has an AI feature and you have any EU customers, Regulation (EU) 2024/1689 applies to you. The question is not whether — it is which obligations and when. This guide gives you the map.

You Are Probably Both a Provider and a Deployer

The first thing to settle is your role, because it determines your entire obligation set.

Provider (Article 16): you developed an AI system and offer it to others under your own name or brand. If you have an AI feature in your product — a chatbot, a classification engine, a recommendation model, a document-drafting tool — and customers use it as part of your SaaS, you are a provider of that AI system. The fact that you are calling an API from OpenAI, Mistral, or Google does not make you a non-provider. You built the application layer: you decided what inputs it takes, what the system does with them, how outputs are presented, and what workflow it sits inside. That application is your AI system.

Deployer (Article 26): you use a third-party AI system in a professional context — your internal operations. If your team uses an AI tool to write support tickets, process invoices, or generate internal reports, you are a deployer of that system. Deployer obligations are lighter than provider obligations, but they are not zero.

Most SaaS companies are both at the same time: a provider of the AI features in their product, and a deployer of the AI tools they use internally to run the business.

The Article 25 Trap

One scenario founders miss: if you take a third-party AI system — say, a general-purpose model — and integrate it so deeply, rebrand it so thoroughly, or substantially modify it that customers experience it as your product, Article 25 may reclassify you as its provider even if you did not originally train it. Putting your brand on a high-risk system, substantially modifying it, or repurposing it outside its intended use triggers full provider obligations. The practical test: if a customer's contract is with you, if the AI output carries your name, and if you control what the system does, the Act treats you as the provider regardless of who built the underlying model.

GPAI Models: You Are Almost Always Downstream

Most SaaS founders ask: "Do GPAI model rules apply to us?" Almost certainly not as a provider. The GPAI chapter (Articles 51–55) covers the organisations that develop and release the underlying foundation models — OpenAI, Mistral, Google DeepMind, and their peers. That layer has applied since 2 August 2025.

If you call a GPAI model's API, you are a downstream user — not a GPAI provider. What benefits you is that Article 53 requires GPAI model providers to give downstream deployers and application builders technical documentation, information about training data, and copyright compliance policies. You can rely on those disclosures to inform your own technical documentation.

The one exception: if you fine-tuned a foundation model extensively enough that it constitutes a new GPAI model that you are placing on the market under your own name, Chapter V applies to you. The threshold is high. A standard fine-tune for a specific vertical task does not typically cross it. If in doubt, the Art 51 systemic-risk classification (the 10²⁵ FLOP presumption) is far above any startup-scale training run.

Triage Your Product: Four Risk Tiers

The Act divides AI systems into four tiers. The obligations cascade from the tier, not from whether you used a language model.

Tier 1 — Prohibited (Article 5, in force since 2 February 2025). These are systems you cannot deploy at all: subliminal manipulation that bypasses a person's free will, exploitation of vulnerabilities of specific groups, social scoring by public authorities, real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions), and several others. Violation ceiling: €35,000,000 or 7% of worldwide turnover, whichever is higher. There is no deadline to meet — these have been illegal since February 2025.

Tier 2 — High risk (Article 6 + Annex III). Eight categories of use cases. If your system falls here, you inherit the full provider stack: risk management system (Art 9), data governance (Art 10), technical documentation (Art 11), record-keeping (Art 12), transparency to deployers (Art 13), human oversight mechanisms (Art 14), accuracy and cybersecurity requirements (Art 15), quality management system (Art 17), conformity assessment before market placement (Art 43), EU Declaration of Conformity (Art 47), CE marking (Art 48), and registration in the EU AI database (Art 49). The compliance timeline for Annex III stand-alone systems is 2 December 2027, deferred from the original August 2026 date under the Digital Omnibus agreed in May 2026.

Tier 3 — Limited risk / transparency (Article 50, applying from 2 August 2026). Chatbots, generative features, emotion recognition tools, and synthetic-content generators must tell users they are interacting with AI. The specific duty: disclose when a system is designed to interact with natural persons, when synthetic content is generated, and when emotion recognition or biometric categorisation is in use. These are disclosure-only obligations, but they apply to almost every SaaS with a chat feature or generative output.

Tier 4 — Minimal risk. Everything else. No mandatory obligations under the Act, though voluntary codes of conduct are encouraged.

High-Risk Triage: The Annex III Checklist

Annex III lists eight areas. Run each AI feature in your product through this list:

1. Biometrics — remote biometric identification, biometric categorisation, emotion recognition in consequential contexts.
2. Critical infrastructure — safety components in digital networks, road traffic, utilities.
3. Education and vocational training — admission decisions, progress evaluation, exam-monitoring.
4. Employment, workers management, and self-employment — CV screening, candidate ranking, performance monitoring, task allocation, promotion and termination decisions, work scheduling with consequential effects.
5. Access to essential services — creditworthiness and credit scoring (excluding fraud detection), health and life insurance risk pricing, emergency dispatch, public-benefits eligibility.
6. Law enforcement — risk-of-offending assessments, polygraphs, evidence reliability, profiling.
7. Migration, asylum, border control — risk assessment, document verification, application examination.
8. Administration of justice and democratic processes — assisting courts; influencing elections or referenda.

A B2B SaaS with a general-purpose writing assistant, a customer-support chatbot, a search feature, or a dashboard that summarises data for humans to act on — none of those land in Annex III. A B2B SaaS that ranks job applicants, scores loan applications, or allocates work tasks to employees does.

The Article 6(3) Filter

Landing in an Annex III area is not automatically disqualifying. Article 6(3) carves out systems that pose no significant risk of harm to health, safety, or fundamental rights — for example, systems performing a narrow procedural task, improving a previously completed human activity, detecting decision patterns without replacing or influencing human assessment, or doing purely preparatory work. The important caveat: any system that profiles natural persons is always high-risk, regardless of the 6(3) argument. If you think the filter applies to your system, document the analysis and register the outcome anyway — Article 49 requires it.

The Realistic Obligation Stack for a Typical SaaS Startup

Strip away the complexity for a moment. Here is what most SaaS founders actually face:

Already in force — Article 4, AI literacy. Since 2 February 2025, you are required to ensure that your staff have adequate AI literacy — appropriate to their role, the systems they use, and the risks involved. This is not a certificate programme mandate. It is a documented competence-building commitment. For most startups, a 90-minute internal session with a written record satisfies the spirit. The obligation is on you as employer and provider.

From 2 August 2026 — Article 50, transparency. If your product includes a chatbot, a generative-text feature, an image generator, or any system that interacts conversationally with users, you must disclose the AI nature of the interaction at the point of first contact. If you generate synthetic images, audio, or video, you must mark them. Failure to comply falls under the €15,000,000 or 3% fine ceiling — and 2 August 2026 is roughly two months away. This is the near-term obligation most SaaS founders are underestimating.

From 2 December 2027 — the full high-risk stack. Only if your system lands in Annex III. If it does not, Articles 9–15, 17, 43, 47, 48, and 49 do not apply to you. The December 2027 deadline sounds generous. It is not — assembling Annex IV technical documentation, running a conformity assessment, and establishing a quality management system for the first time takes months, not weeks. Starting the documentation build in parallel with product development is the right approach.

The Enterprise Sales Angle: Compliance as a Sales Asset

Enterprise buyers in regulated industries — financial services, healthcare, HR technology, legal — have changed their vendor evaluation process. Procurement teams and legal departments now run structured AI vendor questionnaires as part of security and compliance reviews. The questions are specific: What is your AI Act classification? Do you have technical documentation under Article 11? What human oversight mechanisms does your system provide? Can you produce an EU Declaration of Conformity?

A startup that can answer these questions with documentation in hand closes enterprise deals faster than one that says "we plan to be compliant by the deadline." The compliance posture has become a commercial differentiator, particularly in the EU market and for US-headquartered SaaS companies expanding into Europe.

Being audit-ready at series A or B — before a major enterprise pilot — is increasingly the threshold buyers set. Building the compliance foundation now positions you for those conversations.

Fines and the SME Cap

The Act's penalty framework (Article 99) has three tiers:

• €35,000,000 or 7% of total worldwide annual turnover — for Article 5 prohibition violations.
• €15,000,000 or 3% — for most other obligations: high-risk requirements, provider and deployer duties, Article 50 transparency failures.
• €7,500,000 or 1% — for supplying incorrect or misleading information to authorities or notified bodies.

Each tier applies whichever amount is higher — the fixed sum or the percentage of turnover. For a large company, the percentage governs. For a startup with modest revenues, the fixed sum governs and those ceilings are severe.

Article 99(6) provides a meaningful protection for startups and SMEs: the fine is capped at the lower of the percentage or the fixed amount. A startup with €500,000 in annual revenue would face a ceiling of 3% (€15,000) rather than €15,000,000 for a first-time Article 50 violation — assuming no aggravating factors. This is a proportionality provision, not a shield against enforcement.

Your First 30 Days: A Pragmatic Starting Checklist

This is not a compliance programme — it is the minimum structured work that gives you a clear picture of where you stand and what you need to build.

Week 1 — Inventory and triage. List every AI feature in your product (not your internal tools — your customer-facing product). For each, write one sentence describing what the system takes as input, what it does, and what decision or output it produces. Run each against the Annex III list above. Flag any that touch employment, credit, biometrics, education, or critical infrastructure.

Week 1 — Article 5 check. For each feature, confirm it does not perform subliminal manipulation, exploit individual vulnerabilities, or engage in prohibited biometric practices. This is a legal-team conversation, not a technical one. If you use real-time biometric inputs for consequential decisions, flag it now.

Week 2 — Article 50 inventory. List every point in your product where a user interacts with an AI-generated response or generated content. Map what disclosure currently exists at that point. If you go live with generative features after 2 August 2026 without a disclosure, you are out of compliance from day one of general application.

Week 2 — Internal AI tool inventory (deployer obligations). List the AI tools your team uses internally. Identify which ones are high-risk AI systems (almost certainly none for standard SaaS tooling). Note which GPAI models you call via API — these are your GPAI documentation dependencies.

Week 3 — Article 4 gap close. Run a 60–90 minute AI literacy session for your engineering, product, and customer-facing teams. Document who attended, what was covered, and the date. File it.

Week 4 — High-risk prioritisation (if applicable). If any features flagged in Week 1 are genuinely Annex III-scoped, map the full Article 16 obligation list and estimate what documentation you already have versus what needs to be built. This is your compliance gap analysis — the starting point for the December 2027 build.

How Confir Helps

Confir was built for exactly this profile: a SaaS team that needs to understand and document its AI Act posture without retaining external consultants or building an internal compliance function from scratch.

The intake workflow takes you through role determination (provider or deployer, or both) and plain-English Annex III classification. The engine is deterministic and rule-based — the same answers produce the same classification, and every finding cites the Article that drove it. No hallucination, no ambiguity about where an obligation comes from.

For high-risk providers, Confir generates the Article 11 / Annex IV technical documentation pack and the Article 47 / Annex V EU Declaration of Conformity. The Article 27 FRIA workflow handles the Fundamental Rights Impact Assessment for applicable deployer scenarios. The Compliance Health Score gives you a metric you can share in enterprise sales conversations.

Self-serve. Credit-card checkout. From €600/year. No consultants, no six-month implementation.

Related guides

• determine if the EU AI Act applies
• SaaS-specific compliance requirements
• small business compliance framework
• provider obligations under Article 16
• compliance checklist for providers
• startup-focused compliance roadmap

Frequently Asked Questions

Am I a provider or a deployer if I call a third-party model API? Calling an API does not make you a non-provider. If you built the application layer — you control what goes in, what the system does, and what comes out, and your customers use it under your brand — you are the provider of that AI system under Article 3(3). The API vendor is a separate party with its own GPAI obligations (Articles 51–55). Your obligations as provider are independent of theirs.

My product has a chatbot. When does Article 50 apply? From 2 August 2026, when the general application of the Act takes effect. Article 50 requires you to inform users, at the point of first contact, that they are interacting with an AI system — unless it is obvious from context. If your chatbot generates synthetic content, that content must also be marked. The fine ceiling for non-compliance is €15,000,000 or 3% of worldwide turnover, whichever is higher (Article 99(4)), with the SME cap (Article 99(6)) capping it at the lower of the two.

None of my features seem to land in Annex III. What do I actually need to do? For a minimal-risk SaaS provider with no Annex III exposure and no user-facing AI interaction, your mandatory obligations are: Article 4 AI literacy (in force since 2 February 2025) and Article 5 compliance (prohibited practices — also in force). If you have any user-facing AI interaction or generative output, add Article 50 transparency from 2 August 2026. No conformity assessment, no technical documentation, no registration.

What is the Article 25 trap and how do I avoid it? Article 25 says that a deployer or distributor who puts its name or brand on a high-risk AI system, substantially modifies it, or changes its intended purpose becomes its provider — inheriting the full Article 16 obligation stack. The practical implication for SaaS: if you are reselling or white-labelling a third-party AI system and customers contract with you rather than the original developer, review whether Article 25 reclassifies you as the provider. The answer depends on the degree of modification and rebranding, not just the contractual structure.

The December 2027 deadline seems far away. Is it safe to wait? The deadline for Annex III stand-alone high-risk systems is 2 December 2027, deferred under the Digital Omnibus agreed in May 2026. But assembling complete Annex IV technical documentation, establishing a quality management system (Article 17), running a conformity assessment (Article 43), and registering the system in the EU AI database (Article 49) is not a project you start in October 2027. For a first-time compliance build, six to twelve months is a realistic estimate. Starting in 2025–2026 also means your documentation reflects actual development decisions rather than reconstructed history.

Does the EU AI Act apply if we are not based in the EU? Yes, if your AI system's output affects persons located in the EU — for example, EU-based customers or users. The Act has extraterritorial application for providers whose systems are placed on the EU market or put into service in the EU. Non-EU providers must appoint an authorised representative in the EU under Article 22 before their system is placed on the market.

What fine protection do startups get under Article 99(6)? Article 99(6) caps fines for SMEs and start-ups at the lower of the percentage-of-turnover or the fixed-sum ceiling for each tier. So a startup with €1,000,000 annual revenue facing a tier-2 violation (€15M or 3%) would be assessed against 3% = €30,000, not €15,000,000. This is a genuine proportionality protection. It does not exempt startups from enforcement — it scales the penalty to a level the Act considers proportionate to company size.