So I made coffee and went through it, with the product open in another tab. Around hour two I felt a small wave of relief on their behalf – because for a company like this, the answer is mostly the UI copy.

The two questions that decide everything

Before any date or penalty means anything, two classifications decide the entire burden.

• Are you a provider or a deployer? A provider builds an AI system and puts it on the market under its own name. A deployer just uses one. Integrate a foundation model into a product you ship, and you’re usually both: the provider of your own system (the support agent) and a downstream deployer of the model underneath. What you are not is a model maker.
• The model-maker deadline already passed. Aug 2, 2025 was when obligations landed on general-purpose model providers – the OpenAI / Anthropic / Google / Mistral tier. If you train foundation models, that was your day. If you call one through an API and build on top, it wasn’t. Some founders read that headline last summer and panicked about the wrong calendar.
• Which risk tier is your system in? This is the number that sets the size of everything – the obligations, the paperwork, the penalty band.

Find your weight class before investing

The Act sorts AI into four buckets, and I keep picturing them as weight classes. Find yours before you spend a single euro on compliance, because the bracket sets the bill.

• Prohibited. Social scoring, manipulative dark-pattern stuff, certain biometric surveillance. Banned since Feb 2, 2025. A support bot isn’t in this room.
• High-risk (Annex III). The heavyweight bracket – AI that gates hiring, credit, education, essential services. Real audits, real documentation, real human-oversight machinery. This is the bracket that costs you a compliance hire.
• Limited / transparency. Systems that talk to people or generate content. The duty here is mostly to say so. This is where a chatbot lives.
• Minimal. Spam filters, the recommendation widget. Basically nothing.

Here’s the part that changed the founder’s week. The heavyweight bracket just got delayed. Under the Digital Omnibus (a provisional political deal from May 2026), the stand-alone high-risk obligations slid from August 2026 all the way to Dec 2, 2027. So even if you were high-risk, the expensive fight isn’t this summer.

And a customer-support AI usually isn’t high-risk in the first place. It only gets pulled up into the heavyweight class if it stands between a person and an essential service – their electricity, their insurance, their credit. Answering “where’s my order” usually gates nothing.

So the product I was looking at lands squarely in the transparency class, and the whole August milestone collapses into one idea: tell people they’re talking to AI.

What August 2nd actually asks of you

This is the date the post is about, and once you know your weight class it gets almost boring – in the good way. Aug 2, 2026 is when the transparency rules (Article 50) switch on and broad enforcement matures behind them. For a transparency-class product, that’s three things:

• Tell users they’re talking to AI. A system that interacts with people has to make that obvious. In practice: a first-message line, a label in the chat header, a sentence on the page.
• Mark synthetic content as synthetic. Generate images, audio, or video, and it has to be flagged, including machine-readable watermarking. That provider watermarking piece (Article 50(2)) got nudged to Dec 2, 2026, so there’s a little more runway on the technical bit.
• AI literacy. A duty (Article 4) that’s actually been live since Feb 2, 2025 – make sure the people operating your AI have a basic clue what it does. For a small team that’s a doc and a lunch, not a program.

When it stops being simple

I’d be lying by omission if I stopped there, because around hour three I hit the thing I still haven’t resolved.

The startup is B2B. They offer their support AI to other companies who point it at their own customers. So the people actually typing “Can I have a refund?” and reading the reply are shoppers the startup never meets and never sells to. Those shoppers may not always realize there’s an AI on the other end.

My first instinct was clean and comforting: not the startup’s problem. They’re B2B. The shop is the one facing the consumer – letting the shop disclose would be logical.

Then I read Article 50(1) again. The duty to design the system so a person knows they’re talking to AI sits with the provider of that system. Not the buyer – the builder. So “we’re just B2B, disclosure is our customer’s job” stops being a clean exemption. The disclosure follows the conversation, not the contract. Wherever the AI actually talks to a human, the design-time duty seems to reach back up the chain to whoever built it.

I genuinely don’t know where that line sits. The provider-versus-deployer split gets blurry right here – the moment your product talks to someone else’s end users – and it blurs further if you fine-tune the model or wire several together (are you still “just” a deployer then?). This is the spot where I’d stop reading regulations and pay a lawyer for one specific question: as a B2B provider, how much of the end-user disclosure is designed-in on us, versus operationally on our customer? My hunch is “more on us than we’d like”.

The one question left: who owes the truth when it talks to a stranger.

Thanks for reading!

A working analysis, not legal advice – dates and tiers as I read them in June 2026, with the Omnibus delay still provisional. If your AI gates an essential service, or you fine-tune heavily, the easy answers stop applying.