Skip to content
AI automation studio for SMEs

A productized EU AI Act readiness review

Get EU AI Act ready before the deadline. It applies 2 August 2026.

The EU AI Act applies on 2 August 2026, and that is weeks away, not years. Our readiness review inventories the AI systems your SME uses or sells, classifies each by the Act risk tiers, flags the obligations that hit you, and hands you a prioritized action plan. Fixed scope, fixed fee, finished fast. This is an operational readiness review, not legal advice.

Book a free automation auditFree audit · No commitment · The audit is yours to keep
  • Built to SOC 2 controls
  • GDPR compliant
  • Private AI: data never leaves your servers
2 Aug 2026

the date the EU AI Act applies

Fixed scope

a productized review, one fee

Action plan

prioritized, owned by your team

The offer

What the readiness review covers

A fixed-scope review that turns the EU AI Act from a vague worry into a clear, prioritized list of what your business must do, and by when.

AI system inventory

We list every AI system your business uses internally or puts in front of customers, including the tools bought off the shelf and the ones built for you.

Risk-tier classification

Each system is mapped to the Act risk tiers (unacceptable, high, limited, minimal) so you know which carry real obligations and which do not.

Obligation gap analysis

For the systems that matter, we flag the specific duties that apply, from transparency notices to human oversight and record-keeping, and where you fall short today.

Transparency and disclosure check

We check where users must be told they are dealing with AI or AI-generated content, a duty that reaches even low-risk chatbots and generated media.

Prioritized action plan

A plain-language plan ranked by urgency and effort, so your team knows the first three things to fix and what can wait.

Controls built in, not bolted on

Where a fix is technical, we can build the human-in-the-loop oversight, logging, and data controls into the workflow itself, to SOC 2 controls and GDPR.

How the Act sees your systems

The four risk tiers, in plain language

The EU AI Act sorts AI systems into four tiers. Most SME tools land in the lower two, but the transparency duties still reach further than teams expect.

Risk tierWhat it meansWhat it asks of you
UnacceptablePractices the Act bans outright, such as social scoring and certain manipulative uses.Do not deploy. These uses are prohibited, with bans already in force.
High riskAI used in sensitive areas like hiring, credit, or critical infrastructure.Heavy duties: risk management, data governance, human oversight, logging, documentation.
Limited riskSystems people interact with directly, like chatbots, or that generate content.Transparency: tell users they are dealing with AI and label AI-generated content.
Minimal riskMost everyday tools, such as spam filters and basic automation.No specific obligations, though good practice and documentation still help.

Tiering is the heart of the review. Knowing which tier each system sits in tells you exactly how much you have to do.

What this is, and what it is not

This is an operational and technical readiness review delivered by an automation studio, not legal advice, and Code2b is not a law firm. We make your AI systems visible, classified, and defensible, and we will tell you plainly when something needs a qualified lawyer. For sensitive data, our Private AI option keeps everything on your own servers, delivered with our partner Hako Solutions.

Who must care

Who needs this before 2 August 2026

If your SME uses or sells AI in the EU, or serves EU customers, the Act likely reaches you. The review tells you how far.

A fit if
  • You use AI tools internally or put AI in front of EU customers, even off-the-shelf ones.
  • You build or resell AI features, or rely on chatbots and generated content that need disclosure.
  • You want a clear inventory and action plan before the 2 August 2026 application date, not a scramble after.
Probably not if
  • You operate entirely outside the EU and serve no EU users or customers.
  • You need a binding legal opinion or courtroom defense. That is a law firm, and we will say so.
  • You use no AI systems at all, in which case there is nothing here to review yet.

Done-for-you, human-in-the-loop automation that runs in production. Fixed scope, fixed fee. Built to SOC 2 controls, GDPR compliant.

  • Built to SOC 2 controls
  • GDPR compliant
  • Private AI: data never leaves your servers
Why Code2b

Governance is how we build by default

We do not bolt compliance on at the end. Human oversight, logging, and data controls are how every Code2b system ships.

2 Aug 2026

the application date we plan backward from

weeks away, not years

SOC 2 controls

built to SOC 2 controls and GDPR compliant

encryption, RBAC, audit logging

Private AI

self-hosted option so data never leaves your servers

delivered with Hako Solutions

These describe how we build and the controls we hold. This page is informational and is not legal advice.See a real build
FAQ

Questions, answered straight.

The EU AI Act applies on 2 August 2026. Some pieces are already live, including the bans on unacceptable-risk uses and the first obligations for general-purpose AI models, but the broad application date that most SMEs are planning toward is 2 August 2026. That is weeks away, not years, which is why teams are moving now.

Often, yes. The Act applies to organizations that deploy or provide AI systems in the EU or that serve EU users, regardless of size. Many SME tools land in the limited or minimal tiers, but the transparency duties, like telling users they are interacting with AI, can still apply. The review tells you exactly where you stand.

No. This is an operational and technical readiness review delivered by an automation studio, and Code2b is not a law firm. We inventory and classify your AI systems, flag the obligations that appear to apply, and give you a prioritized action plan. Where a question needs a qualified lawyer, we will tell you plainly.

An inventory of your AI systems, a risk-tier classification for each, a gap analysis against the obligations that apply, a transparency and disclosure check, and a prioritized action plan in plain language. Where the fixes are technical, we can also build the oversight and logging into the workflow itself.

It is productized and fixed scope, so it moves quickly. The exact timeline depends on how many AI systems you run, which we confirm during the free audit before agreeing a fixed fee and date.

Yes. Because we are an automation studio, we can build the human-in-the-loop oversight, audit logging, and data controls directly into your workflows, to SOC 2 controls and GDPR, with a Private AI option that keeps sensitive data on your own servers.

The clock is running

Know where you stand before 2 August 2026

Book a free automation audit. We will scope your AI system inventory and the readiness review, and show you the fixed fee and timeline to be ready before the EU AI Act applies. You keep the audit either way.

Book a free automation auditSee pricing
  • Built to SOC 2 controls
  • GDPR compliant
  • Private AI: data never leaves your servers

Free audit · No commitment · The audit is yours to keep

Book a free automation audit