You create content with AI tools every day — texts, images, chatbot responses. The EU AI Act directly affects this work. Not as a developer, but as someone who uses AI systems for their work.
This article explains what that means in practice: what is permitted, what must you label, and what applies to customer data?
Legal notice: This article is a personal summary of publicly available legislation, in particular Regulation (EU) 2024/1689. It does not constitute legal advice. For binding legal assessments, please consult a qualified legal professional. Current status: EUR-Lex.
The law distinguishes AI providers (those who develop AI — e.g. OpenAI, Adobe) and AI deployers (those who use finished AI systems). As a marketing professional, you are almost always a deployer — and therefore have significantly fewer obligations than a provider.
The law applies to all companies that offer or use AI in the EU — regardless of where the company is based.
EU AI Act · Regulation (EU) 2024/1689
The 4 Risk Classes of the EU AI Act
Which rules apply to which AI applications?
Prohibited practices — not permitted in the EU
Covert manipulation, social scoring, deliberate exploitation of vulnerabilities
High risk — strict audit obligations
Personnel/Recruiting, credit assessment, medicine, critical infrastructure, education, law enforcement — extensive documentation required
Limited risk — transparency obligation
Chatbots, AI-generated content — users must know they are interacting with AI
Minimal risk — typical marketing
Text generators, spam filters, AI image optimisation, social media content — almost no restrictions
As a marketing professional, you operate mostly in the lower two categories. But even there, there are rules you need to know — especially around content, chatbots and customer data.
Important: The classification depends not only on the tool, but on the use case. ChatGPT for blog posts is minimal risk — the same provider in an HR tool for candidate assessment can fall into the high-risk category.
Covert manipulation — AI may not be used to deliberately exploit emotional vulnerability and force purchasing decisions. Personalised advertising is permitted. Free will must not be deliberately undermined.
Social scoring — evaluating and disadvantaging people based on their social behaviour: prohibited in the EU. This also applies to marketing systems that discriminate against customers.
Deliberate exploitation of vulnerabilities — vulnerable groups (children, elderly people, people in difficult life situations) must not be deliberately manipulated.
Normal marketing texts — social media posts, newsletters, blog articles, advertising copy — as a rule do not need to be labelled as “AI-generated”. An exception applies when content could be misleading — in that case, transparency may be required from a consumer protection perspective.
Deepfakes must be labelled. This applies to synthetic content that resembles real people, places or events — not just obvious depictions of persons, but also realistic simulations.
Chatbots must make it recognisable to users that they are AI — for example through a clear notice in the interface or at the start of the interaction. No exact wording is prescribed; what matters is that the AI nature is clearly recognisable.
When directly asked, transparency applies. If a customer asks whether content is AI-generated, the answer should be honest — not a legal obligation, but a matter of trust.
The EU AI Act does not replace the GDPR — it complements it. For marketing professionals this is particularly relevant:
Customer data does not belong in AI tools unfiltered. If you enter personal data (names, email addresses, behavioural data) into an AI tool, GDPR applies. You need a Data Processing Agreement (DPA) with the provider — many such as OpenAI offer one, but it must be actively set up.
Check your privacy policy. If your company uses AI tools where personal data is processed, this must be mentioned in the privacy policy.
Training opt-out. Many providers use inputs to train their models by default — this can usually be disabled in the settings.
A simple internal overview is enough as a starting point:
| Date | What applies |
|---|---|
| 2 August 2024 | EU AI Act enters into force |
| 2 February 2025 | Prohibited AI practices (Art. 5) and AI competency obligation (Art. 4) — already in force |
| 2 August 2025 | Rules for general-purpose AI models (GPT-4, Claude etc.) — already in force |
| 2 August 2026 | High-risk AI systems (Annex I) |
Current status: EUR-Lex or your national supervisory authority
The EU AI Act does not make AI work in marketing more complicated — it makes transparent what should apply anyway: no manipulation, honest labelling, responsible handling of customer data.
Those who understand this and apply it in their daily work use AI consciously — and that becomes a trust signal for customers.
Want to use AI in marketing in a targeted and informed way? In the course AI Competency for Marketing we explain the EU AI Act in plain language — for marketing professionals, founders, solopreneurs and SMEs without legal background knowledge.
Author
Annette Schneider-Desgranges
Marketing expert with over 25 years of experience · Founder of AI Marketing LearnAgency in Karlsruhe · Lecturer · Certified KI Architect – AI Agents Expert · Certified AI Marketing Innovation Leader · Certified AI Prompt Engineer.
View LinkedIn ProfileThis article was created with AI assistance and editorially revised.
These courses go deeper into the topics covered in this article.
Online-Selbstlernkurs · Sofort verfügbar nach Kauf
5 hours
149 € incl. VAT
Regular price 399 € incl. VAT
Online-Selbstlernkurs · Sofort verfügbar nach Kauf
7 hours course content + exercises
299 € incl. VAT
Regular price 349 € incl. VAT
Discover our courses and workshops - and put what you have learned into action.
