Do I need to label my AI-generated social media posts?

No. Normal marketing texts you create with AI do not need to be labelled as "AI-generated". Exception: deepfakes — AI-generated images or videos in which a real person is recognisably depicted.

Do I need a certificate to prove AI competency?

No, a formal certificate is not required. Art. 4 of the EU AI Act requires deployers to ensure adequate AI knowledge — meaning basic understanding of how AI works and its risks. How this is demonstrated is not specified. Documented training or courses are suitable ways to fulfil this requirement.

Are there exceptions for SMEs?

Yes. SMEs and start-ups receive prioritised and free access to so-called Regulatory Sandboxes — safe testing environments where AI applications can be tested under regulatory supervision. Each EU member state must provide at least one such real-world lab by August 2026. In addition, simplified documentation forms, reduced fees for conformity assessments, and lower fines are provided. SMEs can also participate in the AI Advisory Forum and contribute technical expertise to standard-setting.

What happens to my data when I enter something into ChatGPT?

Inputs are processed on the provider's servers — often outside the EU. If you enter personal data (e.g. customer names or email addresses), you are required under GDPR to conclude a Data Processing Agreement (DPA) with the provider. Many providers such as OpenAI offer such an agreement — check whether it is active for your account. Many providers also use inputs to train their models by default, unless you opt out in the privacy settings. Confidential customer or business data should generally not be entered into AI tools unfiltered.

Where can I find the currently applicable deadlines of the EU AI Act?

The deadlines are set out in Article 113 of Regulation (EU) 2024/1689. Current status: EUR-Lex or your national supervisory authority.

AI & Law

EU AI Act for Founders and Solopreneurs: Obligations, Deadlines and What You Need to Do Now

March 24, 2026 6 min. reading time by Annette Schneider-Desgranges

Since February 2025, the first prohibited AI practices of the EU AI Act are in force. Many founders and solopreneurs are unaware of this — or wonder: does this actually affect me?

The answer is yes. But the really important message follows right away.

Legal notice: This article is a personal summary of publicly available legislation, in particular Regulation (EU) 2024/1689. It does not constitute legal advice. For binding legal assessments, please consult a qualified legal professional. Current status: EUR-Lex.

Provider or Deployer — Which Role Do You Fall Into?

The law distinguishes two main roles:

AI providers (Providers) develop AI systems — for example OpenAI (ChatGPT), Anthropic (Claude) or Adobe (Firefly). As a founder or solopreneur, you are almost certainly not one of these.

AI deployers (Deployers) use finished AI systems for their business activities. If you use ChatGPT for texts, Canva AI for graphics or an AI tool for social media — then you are a deployer.

As a deployer, you have significantly fewer obligations than a provider. That is the really important message.

Which AI Tools Fall Under Which Risk Level?

The EU AI Act evaluates AI applications by risk level. What matters is not just the tool itself, but above all the specific use case and context.

Prohibited: Covert manipulation, social scoring, deliberate exploitation of vulnerabilities (e.g. towards children or elderly people)
High-risk: AI systems for personnel decisions, credit assessment, medicine, critical infrastructure or biometric identification
Limited risk: Systems with transparency obligations, e.g. chatbots or AI-generated content
Minimal risk: Many everyday AI applications such as text assistance, AI image editing or spam filters

Important: The risk classification often depends on the specific use. A tool like ChatGPT can be minimal risk in marketing, but fall under stricter rules in an HR or credit assessment process.

Examples:

ChatGPT for blog posts → usually minimal risk
AI-assisted candidate assessment → potentially high-risk
AI chatbots in customer service → transparency obligation (users must know they are interacting with AI)

Must I Label AI-Generated Content?

Normal marketing texts — social media posts, newsletters, blog articles — as a rule do not need to be labelled as “AI-generated”. An exception applies when content could be misleading — in that case, transparency may be required from a consumer protection perspective.

Deepfakes must be labelled. This applies to synthetic content that resembles real people, places or events — not just obvious depictions of people, but also realistic simulations.

Chatbots must make it recognisable to users that they are AI — for example through a clear notice in the interface or at the start of the interaction. No exact wording is prescribed; what matters is that the AI nature is clearly recognisable.

Caution with Data Inputs

What you enter into an AI tool leaves your computer and is processed on the provider’s servers — often outside the EU. This has two consequences:

EU AI Act: No confidential business data (customer lists, contracts, employee data) unfiltered. Use anonymised examples or fictional data.

GDPR: If you process personal data with AI, this must be mentioned in your privacy policy. EU AI Act and GDPR apply simultaneously — one does not replace the other.

Checklist — What You Need to Do Now

AI inventory: Which AI tools do you use? Name, provider, purpose. A brief note is enough.
Label chatbot: Do you have an AI chatbot? Does it make clear that it is an AI?
Check data inputs: Are you entering confidential customer or business data? Replace with anonymised examples.
Check privacy policy: Do you mention AI use where personal data is processed?
Demonstrate AI basic knowledge: Since August 2025, deployers must ensure basic AI competency (Art. 4).

These five points sound simple — but anyone who wants to implement them in a legally sound and traceable way will quickly realise: there are questions an article cannot answer.

How do I demonstrate AI competency when I work alone?

In the course AI Competency for Marketing we go through exactly that step by step — practical, without legal jargon, tailored to founders, solopreneurs and SMEs.

Key Deadlines

Date	What applies
2 February 2025	Prohibited AI practices (Art. 5) — already in force
2 August 2025	AI competency obligation (Art. 4) — already in force
2 August 2026	High-risk AI systems (Annex I)

Current status: EUR-Lex or your national supervisory authority

Conclusion

The EU AI Act is not a bureaucratic monster for founders, solopreneurs and SMEs. The core is manageable: no manipulation, label chatbots, no confidential data in AI tools — and be able to demonstrate basic AI knowledge.

Those who know this and implement it in a structured way are on the safe side.

Sources

European Parliament & Council of the EU: Regulation (EU) 2024/1689 — Artificial Intelligence Act
European Commission: EU AI Act — Official Overview
Future of Life Institute: EU AI Act Explorer
Bundesnetzagentur: Information on the AI Regulation
Federal Ministry for Economic Affairs: EU AI Regulation

Author

Annette Schneider-Desgranges

Marketing expert with over 25 years of experience · Founder of AI Marketing LearnAgency in Karlsruhe · Lecturer · Certified KI Architect – AI Agents Expert · Certified AI Marketing Innovation Leader · Certified AI Prompt Engineer.

View LinkedIn Profile

This article was created with AI assistance and editorially revised.