EU AI Act: Does Your Website Use AI? Here's What to Check

The EU AI Act, adopted in 2024, is the world's first comprehensive law regulating artificial intelligence. If your website uses AI-powered chatbots, personalization engines, analytics, or recommendation systems, you have new compliance obligations. Many website owners don't realize their site uses AI — or that it's now regulated.

What Counts as "AI" on a Website?

The definition is broader than you might think. Common website AI systems include:

*Content moderation AI that affects content visibility or user access can be classified as high-risk.

The Risk Classification System

The EU AI Act uses a risk-based approach with four tiers:

Prohibited AI

• Social scoring systems
• Manipulative AI designed to distort behavior
• Emotion recognition in workplaces and schools
• Real-time biometric identification in public spaces

High-Risk AI

• Requires conformity assessment before deployment
• Must have human oversight, transparency, and accuracy documentation
• Examples: credit scoring, hiring decisions, access to essential services

Limited Risk AI

• Transparency obligation — users must be told they're interacting with AI
• This applies to most AI chatbots on websites
• Must clearly disclose AI-generated or manipulated content

Minimal Risk AI

• No specific obligations (spam filters, basic recommendations)
• Voluntary codes of conduct encouraged

Your Website's Obligations

For most websites, the key requirements are:

1. Transparency for chatbots: If your website has an AI chatbot, users must be clearly informed they're interacting with an AI system, not a human. A simple notice like "You are chatting with an AI assistant" is sufficient.
2. AI inventory: Document what AI systems are deployed on your website, their purpose, risk level, and the provider.
3. No manipulative AI: AI systems must not use subliminal techniques or exploit vulnerabilities to materially distort behavior. This overlaps with dark patterns regulations.
4. Data protection alignment: AI that processes personal data must comply with GDPR. This means purpose limitation, data minimization, and user consent where required.

How to Detect AI on Your Website

Many website owners don't even know they're using AI. Third-party widgets, analytics tools, and plugins often include AI components. Here's how to identify them:

• Run a PrivacyChecker Pro+ scan — our AI Detection module automatically identifies AI systems on your website
• Review all third-party scripts and their documentation
• Check your analytics, chat, and recommendation tools for AI/ML features
• Ask your vendors: "Does this product use machine learning or AI?"

Compliance Timeline

Penalties

• Prohibited AI violations: Up to €35 million or 7% of global annual turnover
• High-risk AI violations: Up to €15 million or 3% of global annual turnover
• Providing incorrect information: Up to €7.5 million or 1% of global annual turnover

Action Steps

1. Run an AI audit on your website to identify all AI systems
2. Classify each system by risk level (prohibited, high, limited, minimal)
3. Add transparency notices for AI chatbots and AI-generated content
4. Document your AI inventory (system, purpose, provider, risk level, data processed)
5. Review AI vendor contracts for compliance commitments
6. Set up ongoing monitoring to detect new AI integrations

PrivacyChecker's AI Detection feature automatically scans your website for AI systems, classifies them by risk level, and provides specific compliance recommendations. Available in Pro+ plans.