In brief: the EU AI Act entered into force on 2 August 2024 and applies in phases: prohibited practices from February 2025, rules for general-purpose AI models from August 2025, and high-risk systems and transparency obligations from 2 August 2026. For most Lithuanian companies using chatbots or AI tools, this means the limited-risk tier: the core duty is to tell people they are interacting with AI and to label AI-generated content.
There is plenty of talk about the EU AI Act, but little of it is concrete. Many small and medium-sized business owners ask the same thing: "does this affect me if I only have a chatbot on my website or use AI to write text?" In this article we explain the regulation in plain terms — when each part takes effect, what the risk tiers are, and what you should do in practice.
Note: this is general information, not legal advice. For an assessment of your specific situation, please consult a lawyer.
What the EU AI Act is and when it took effect
The EU AI Act is the world's first comprehensive regulation of artificial intelligence. It sets out how AI systems may be developed, supplied and used within the European Union. The regulation entered into force on 2 August 2024, but its provisions do not all apply at once — they are introduced gradually over roughly 36 months.
The underlying idea is simple: the greater the risk an AI system poses to people, the stricter the requirements. This is known as a risk-based approach.
Phased application: the key dates
The regulation rolls out in waves. The most important dates for business are:
| Date | What starts to apply |
|---|---|
| 2024-08-02 | The AI Act enters into force (transitional periods begin) |
| 2025-02 (February) | Prohibited (unacceptable-risk) practices |
| 2025-08-02 | Obligations for general-purpose AI (GPAI) models |
| 2026-08-02 | High-risk systems (Annex III) and transparency obligations |
| 2027-08-02 | Final deadline (remaining high-risk systems, GPAI models placed on the market earlier) |
For most businesses the key date is 2 August 2026, when the transparency obligations begin to apply. These are precisely the ones that affect chatbots and AI-generated content.
The four risk tiers
The AI Act sorts all systems into four categories according to potential harm:
- Unacceptable risk — banned. For example, social scoring, manipulating people at a subconscious level, or emotion recognition in the workplace. Such systems simply may not be used.
- High risk — permitted, but subject to strict requirements. For example, AI used in recruitment, creditworthiness assessment, or critical infrastructure. This calls for risk management, documentation, human oversight and more.
- Limited risk — permitted with transparency obligations. This is where most everyday business tools fall: chatbots and AI content generation. The main requirement is to inform people.
- Minimal risk — almost everything else (for example, spam filters or AI used in photo editing). No special obligations apply.
Good news for most: if you use AI for marketing, customer service or writing text, you are almost always in the limited or minimal-risk zone, rather than among the tightly regulated high-risk systems.
Transparency obligations: what they mean in practice
This is the part that affects the largest number of Lithuanian companies. From August 2026, the following core principles will apply:
- Chatbots. A person must be clearly informed that they are interacting with artificial intelligence rather than a real member of staff — usually at the start of the conversation. In practice, a short note such as "You are chatting with an AI assistant" is enough.
- AI-generated content. Audio, image, video or text content created or altered by artificial intelligence must be labelled so that it is recognisable as generated content (including in a machine-readable format).
- So-called "deepfakes". If you publish artificially created or altered images, audio or video that look real, you must disclose that the content is artificial.
- AI text on matters of public interest. If you publish AI-produced text that informs the public on matters of public interest, this too must be disclosed.
Note that there are exceptions. For example, where content is clearly artistic, creative or satirical, the obligations apply more lightly. For an ordinary business, however, the simplest route is to be transparent and hide nothing.
What an ordinary Lithuanian business should actually do
If you use AI for customer service, marketing or internal processes, it is worth starting with a few simple steps:
- Compile a list of your AI tools. Write down where and which AI solutions you use (a chatbot on the website, AI text generation, automations).
- Assign a risk tier. In most cases this will be limited or minimal risk. If you work with recruitment, credit or similar areas, check whether you fall into the high-risk category.
- Add transparency notices. Indicate that the bot is AI and, where needed, label AI-generated content.
- Train your team. So that employees know what is and isn't allowed with AI — structured AI training helps here.
- Implement it properly. When introducing new AI features to your website or systems, it is best to build in the transparency requirements from the outset — that is what we do when delivering AI integrations.
What about general-purpose AI (ChatGPT and the like)?
The obligations for general-purpose AI models (such as large language models) fall first and foremost on their developers and providers, not on every business that uses them. This means that, as a user, the part that matters most to you remains transparency: making clear where AI is used and labelling the content it creates. The compliance of the tool itself is largely the service provider's responsibility.
Why it's worth seeing this as an opportunity
Transparency about AI is not just red tape. Customers increasingly value clarity — when they see that a company openly states that an AI assistant is replying to them, trust grows rather than diminishes. Well-organised AI automations and transparent communication become a competitive advantage, not an obstacle. Businesses that get this right early will avoid rushed fixes later on.