The SME guide to the EU AI Act
What the Act actually asks of a small or medium firm, the obligations in force now, and what changes by 2 December 2027. Written for non-lawyers.
18 pagesComing soon
Resources
Make sense of the AI Act, without the legalese.
Plain-English guides, explainers, and templates for small and medium firms in regulated industries, plus links to the primary sources we work from. Free to read. No login. Written by the team building cosantio.
Featured downloads
Guides and templates you can use today.
Practical documents your team can pick up and run with. We will email you the PDF; no account required.
AI inventory & risk register
A ready-to-fill register to list every AI system your firm uses and classify each against Annex III. The first artefact any auditor asks for.
TemplateComing soon
Article 4 AI literacy checklist
The training-and-evidence steps behind the AI literacy obligation that has applied since February 2025, with a simple log you can keep.
6 pagesComing soon
Explainers
Short reads on the parts that matter.
No gated content here. Straight answers to the questions regulated firms actually ask.
Deadlines
When the AI Act actually applies to you
The dates that matter, by obligation: prohibitions and AI literacy since February 2025, transparency from August 2026, and the high-risk regime from 2 December 2027 under the provisional Digital Omnibus agreement.
Coming soonClassification
Is your AI system “high-risk”? A plain-English test
How Annex III works, what counts as high-risk in insurance, lending, and hiring, and the prohibited uses that are banned outright rather than merely restricted.
Coming soonRoles
Provider or deployer? Why it changes everything
The single distinction that decides which obligations land on your firm, and the Article 25 trap that quietly turns a deployer into a provider.
Coming soonEvidence
What a Fundamental Rights Impact Assessment involves
Who has to do a FRIA, who does not, and how it differs from the DPIA your firm may already run under the GDPR.
Coming soonPrimary sources
Go straight to the source.
We always work from the primary texts. Here are the ones we trust and reference most.
01
The official AI Act texteur-lex.europa.eu
Regulation (EU) 2024/1689 on the EU's official legal portal. The authoritative text, the Official Journal version, available in all official languages.
02The European AI Officedigital-strategy.ec.europa.eu
The European Commission body that supports implementation of the Act and publishes official guidance and implementation timelines.
03AI Act Explorerartificialintelligenceact.eu
A well-maintained, searchable browser for the Act text, run by the Future of Life Institute. An independent reference, not an official EU site, but a genuinely useful one.
External links open in a new tab. cosantio is not affiliated with the European Commission, the AI Office, or the Future of Life Institute. For advice specific to your firm, the Scorecard is the fastest place to start.
Start here
Reading is good. Knowing where you stand is better.
Eight questions. Three minutes. A regulator-grade PDF that classifies your AI, names what's in force today, and gives you a prioritised plan. No login required.