09
May
2026

EU AI Act in Germany: What Companies Need to Do Before Summer 2026

Starting in August 2026, key parts of the EU AI Act will become fully applicable across the European Union. For businesses in Germany, this means more than just new technical standards — it introduces additional compliance obligations.

The changes will primarily affect companies using artificial intelligence in HR, customer service, marketing, finance, construction, and internal business operations.

Why the topic is becoming urgent now

Since spring 2026, German regulators and business associations have started publishing practical guidance on how companies should prepare for the EU AI Act.

The reason is simple: serious violations may result in fines of up to €35 million or 7% of a company’s global annual turnover.

At the same time, many businesses still do not fully understand whether their existing AI tools fall under the new regulation.

Which AI systems may be affected

The EU AI Act introduces several risk categories for AI systems. Higher-risk systems may include:

  • AI tools used in recruitment;
  • automated candidate evaluation;
  • credit scoring systems;
  • employee monitoring tools;
  • AI solutions used in construction and infrastructure projects.

Even standard company chatbots may be subject to transparency requirements in certain situations.

What companies should do now

German businesses are advised to conduct an internal AI audit as early as possible. Companies should identify which AI systems are currently being used and whether personal data is processed.

It is also recommended to introduce internal AI policies and review contracts with external AI providers.

Particular attention should be paid to liability issues related to AI errors, automated decision-making, and data protection compliance.

What risks businesses may face

The main legal risk is the uncontrolled use of AI systems without proper internal governance.

Possible consequences include:

  • regulatory fines;
  • data protection investigations;
  • employment disputes;
  • liability claims;
  • reputational damage.

For many companies, AI compliance is gradually becoming as important as GDPR compliance was several years ago.

Why businesses should not wait until 2026

Even companies that do not develop their own AI systems may still fall within the scope of the EU AI Act if they use third-party AI tools.

Construction companies, employers with automated HR processes, and businesses in the financial and service sectors should consider reviewing their internal processes well before the new rules begin to apply.

Wir nutzen essenzielle Cookies auf unserer Website.
Personenbezogene Daten können verarbeitet werden (z. B. IP-Adressen), z. B. für personalisierte Anzeigen und Inhalte oder Anzeigen- und Inhaltsmessung. Weitere Informationen über die Verwendung Ihrer Daten finden Sie in unserer Datenschutzerklärung.
Einige Services verarbeiten personenbezogene Daten in den USA. Mit Ihrer Einwilligung zur Nutzung dieser Services stimmen Sie auch der Verarbeitung Ihrer Daten in den USA gemäß Art. 49 (1) lit. a DSGVO zu. Der EuGH stuft die USA als Land mit unzureichendem Datenschutz nach EU-Standards ein. So besteht etwa das Risiko, dass US-Behörden personenbezogene Daten in Überwachungsprogrammen verarbeiten, ohne bestehende Klagemöglichkeit für Europäer.
Data protection