Skip to content
Innopulse Consulting
For: Customer service & product teams

EU AI Act for chatbots: meeting the transparency obligations

Updated: 2026-07

In short

Chatbots usually do not fall under high-risk in the EU AI Act, but they are subject to transparency obligations: users must be able to recognise they are interacting with an AI. Correct classification clarifies what disclosure is concretely required.

Many companies run customer-service chatbots without knowing the AI Act duties. The good news: pure conversational bots are rarely high-risk. The less good: they are still subject to clear transparency obligations.

Specifically, it must be recognisable that an AI is answering — not a human. If the bot is also used for decisions (e.g. creditworthiness or eligibility checks), the classification shifts quickly.

How it works

  1. 01

    Determine the purpose

    Pure support bot, or does it make/support decisions with legal effects?

  2. 02

    Classify

    Check under Article 6: usually limited risk with a transparency duty, not high-risk.

  3. 03

    Implement disclosure

    Make it clearly visible that users are talking to an AI.

  4. 04

    Document

    Record the classification and disclosure decision as evidence.

Why it fits here

AI Risk Check cleanly separates pure transparency duties from actual high-risk — so teams avoid both over- and under-compliance.

The verifiable compliance URLs are suited to proving the classification internally and to partners.

FAQ

Must I label every chatbot?

If users interact with an AI, a transparency duty usually applies. Classification confirms the concrete scope.

Does AI answering make my bot a high-risk system?

Not by answering alone. What matters is whether the bot intervenes in regulated decisions.

Does this apply to internal bots too?

The context of use matters. Internal systems can also trigger duties — classification creates clarity.

Working on something similar?

AI Risk Check

AI Risk Check cleanly separates pure transparency duties from actual high-risk — so teams avoid both over- and under-compliance.

The verifiable compliance URLs are suited to proving the classification internally and to partners.