The AI Act is here. Is your chatbot ready?
The EU AI Act entered into force in 2024, with enforcement beginning in 2025. It's the world's first comprehensive AI regulation, and it applies to any AI system used in the EU, regardless of where the provider is based. For customer service teams, this means new transparency requirements, risk assessments, and documentation obligations. Here's what you actually need to do.
Most customer service chatbots are 'limited risk' under the AI Act, requiring transparency (tell users it's AI) and record-keeping. Higher-risk classification applies if the bot makes consequential decisions. Key actions: label your AI, log conversations, maintain human oversight, and document your AI system.
- ✓Customer service chatbots are typically 'limited risk': transparency is the main obligation.
- ✓Users must be informed they're interacting with AI, not a human agent.
- ✓Conversation logging and human escalation paths are recommended best practices.
- ✓Non-compliance penalties can reach €35 million or 7% of global annual turnover.
AI Act risk classification for chatbots
The AI Act defines four risk levels: unacceptable (banned), high, limited, and minimal. Most customer service chatbots fall under 'limited risk' because they interact directly with people. The main requirement: clearly inform users they're talking to an AI system, not a human. If your bot handles insurance claims, credit decisions, or access to essential services, it may be classified as 'high risk' with stricter obligations.
Transparency obligations
For limited-risk AI systems like customer service chatbots, Article 50 of the AI Act requires that users are informed they're interacting with an AI. This means: a visible label on the chat widget, a disclaimer at the start of conversations, and clear documentation available about how the AI works. The goal is ensuring no one is deceived into thinking they're talking to a human.
Record-keeping and auditability
While not strictly mandated for limited-risk systems, logging AI interactions is strongly recommended. If a customer complaint escalates to a regulatory inquiry, you'll want records of what the AI said, what sources it cited, and when it escalated to a human. Keloa logs all AI conversations with source citations and confidence scores, giving you an audit trail by default.
Human oversight requirements
The AI Act emphasizes human oversight for AI systems. For customer service, this means maintaining a clear path from AI to human agent. Your chatbot should have: configurable confidence thresholds, automatic escalation to humans, the ability for customers to request a human, and regular review of AI performance by your team.
Practical steps for compliance
1) Label your chatbot as AI-powered in the widget and first message. 2) Log all AI conversations and store them in the EU. 3) Set up human escalation with confidence thresholds. 4) Document how your AI system works, what data it uses, and what decisions it makes. 5) Review AI performance monthly. 6) Choose a vendor that's already built these features in. Keloa has all of this by default.
topics.ai-act-customer-service.faq.h2
When does the AI Act take effect?
The AI Act entered into force on August 1, 2024. Prohibited AI practices were banned from February 2025. Transparency obligations for limited-risk systems (including chatbots) apply from August 2025. High-risk system requirements apply from August 2026.
Does the AI Act apply to non-EU companies?
Yes. The AI Act applies to any AI system used in the EU, regardless of where the provider or deployer is based. If your US-built chatbot serves EU customers, the Act applies. Similar to how GDPR applies to companies processing EU residents' data.
What's the penalty for non-compliance?
Fines for prohibited AI practices: up to €35 million or 7% of global turnover. Fines for other violations: up to €15 million or 3% of turnover. For SMEs, the lower of the two amounts applies. In practice, regulators are expected to start with warnings and guidance before heavy fines.
Do I need to register my chatbot?
Only high-risk AI systems need to be registered in the EU database. Limited-risk systems like most customer service chatbots do not require registration. However, you should maintain internal documentation about how your AI system works and how it's monitored.
How does Keloa comply with the AI Act?
Keloa labels all AI interactions, logs conversations with source citations and confidence scores, provides configurable human escalation, and does not use customer data for model training. These meet the transparency and oversight requirements for limited-risk AI systems under the Act.
topics.ai-act-customer-service.finalcta.title
topics.ai-act-customer-service.finalcta.body