AI Act 2026: what changes on August 2 for your micro-business (even if you just use ChatGPT)
On August 2, 2026, the key obligations of the European AI Act apply. What really changes for you as a solopreneur — no jargon, no scaremongering, with a decision tree by profile.
Legal disclaimer: this article is an explainer, not legal advice. I'm a developer and solopreneur, not a lawyer. For your specific case, especially if you use AI in sensitive contexts (recruitment, health, scoring, biometric data), consult a legal professional or the competent authorities: in France the CNIL (the reference data-protection authority), complemented by the DGCCRF and Arcom depending on the topic. The official texts prevail in the EU's 24 official languages — the AI Act is a European regulation, directly applicable without national transposition.
I code CodingQueen40 entirely on my own. I use Claude, Claude Code, ChatGPT and image-generation tools daily (the detail of my AI stack is here: AI tools for solopreneurs — my honest take). I took a few days to read the official sources (European Commission, AI Act Service Desk, IAPP) and turned them into this guide. Not to scare you. So you know exactly where you stand and what to do depending on your case.
Because August 2, 2026 is a real date, its obligations are real, and the noise around it is so messy that half of the women 40+ building their business with an AI stack in 2026 no longer know whether to worry, act, or ignore it.
What really changes on August 2, 2026
The AI Act came into force on August 1, 2024, but its obligations apply in waves. The big wave that concerns you arrives on August 2, 2026. On that date, three major blocks become applicable.
Article 50 — Transparency. If you have humans interact with an AI system (a chatbot, for example), you have to tell them. For deepfakes (video, audio or image imitating a real person) that you publish: mandatory labeling, no way out. For other AI-generated images, videos or audio (a Midjourney visual, an ElevenLabs voiceover on a landscape, a blog illustration): it's the tool itself that must embed an invisible technical marking — you have no obligation. For text published on matters of public interest: mandatory labeling unless you reviewed it and take responsibility for it (that's the 50(4) exception — I come back to it below, it changes everything for solopreneurs who review what they publish).
Article 26 — Obligations of deployers of high-risk AI systems. If you use an AI system classified as high-risk (recruitment, credit scoring, evaluative education, certain biometric devices), you must follow the provider's instructions, ensure human oversight, and guarantee the quality of input data.
Regulatory sandboxes. Each member state must open at least one regulatory "sandbox" with priority access for SMEs and startups, and protection against enforcement during the good-faith testing phase.
Note: a text called the "Digital Omnibus" proposes to defer certain high-risk obligations. As I write (May 2026), it's only a proposal. Don't bet on it.
I'm simplifying here the information you'll need. You'll find all the articles and references at the end of this article.
Are you concerned? The 3 solopreneur profiles facing the AI Act
This is where most articles let you down. They put all solopreneurs in the same basket. Wrong. You fall into one of these three profiles, and your obligations change radically.
Profile 1 — Personal user (not a "deployer" in the AI Act sense)
You use ChatGPT, Claude or Cursor for your own work: writing a draft you rework, brainstorming an idea, debugging your code. The final result passes through your brain and your hands before reaching your client or your blog.
You are NOT a "deployer" of an AI system in the AI Act sense. You're an end user of a tool. The compliance obligation rests on the model provider (OpenAI, Anthropic, Google), not on you.
What you must do concretely:
- Nothing specific under the AI Act
- Keep applying your usual GDPR obligations if the tool processes third parties' personal data
- Keep a written trace of your "idea → AI → human review" chain for your portfolio (it's not mandatory, but it's useful if a client asks)
Profile 2 — Creator of published AI content (Article 50 transparency)
You use AI to generate text, images, videos or audio that you publish without substantial editorial review: an article 100% generated by ChatGPT and published automatically, untransformed Midjourney visuals, an ElevenLabs voiceover on a YouTube video, a deepfake.
You fall under Article 50 — but not in the same way depending on the format.
Text published on matters of public interest: mandatory labeling unless you review, correct, and take editorial responsibility (the Article 50(4) exception). Concretely, the solopreneur who asks Claude for a draft, reworks it, adds her own point of view and publishes it under her signature is exempt — no text-labeling obligation. The Commission's draft Code of Practice specifies that the review must be substantial (not cosmetic) and traceable. Keep a minimal internal log (date, who, nature of corrections): that's what lets you invoke the exception in case of an audit.
Deepfakes (a real person's face or voice imitated, in image, audio or video): mandatory labeling with no exception. The artistic exception for fictional images doesn't apply as soon as there's fraudulent use or a risk of misleading.
Other AI images, audio or video (a Midjourney landscape, an illustration, a fictional character's voiceover): no obligation for you on the deployer side. The AI Act puts that obligation on the tools themselves (invisible technical marking). Labeling remains good practice — but it's not the law.
Profile 3 — Deployer of an AI system for your users
You integrate an AI model into a product or service you provide to third parties: a chatbot on your site, a "5-question AI diagnosis" lead magnet, a SaaS tool offering automated recommendations, an agent that answers clients in your place.
There, you are a "deployer" in the full AI Act sense. Your obligations depend on your system's classification: minimal, limited, high or unacceptable risk.
What you must do concretely:
- Inventory: list all the AI systems you deploy for your users
- Classification: for each, determine whether it could fall into Annex III (high-risk) — recruitment, scoring, education, biometrics, critical infrastructure
- Transparency: your user must know they're interacting with an AI (unless it's obvious)
- Documentation: keep a trace of how you use the system, the input data, the human oversight decisions
- If high-risk: reinforced obligations (Art. 26) — provider's instructions, designated human oversight, monitoring, relevant input data
For most Profile 3 solopreneurs, we're on limited risk (support chatbot, product recommendation) — transparency is enough. High-risk cases are rare among solos.
The "microenterprise" lightened regime — Articles 62 and 62a
Good news: if you match the European definition of a microenterprise (fewer than 10 employees AND less than €2M in revenue), you benefit from a lightened regime: simplified documentation, a lighter quality system, priority access to national sandboxes.
Careful: the relief is on the paperwork, not on the substance. If you deploy a high-risk AI system, your system must be compliant — you just have fewer papers to produce.
Article 62 also provides for penalties proportionate to your size. The €35M cap fine you read about in the press won't apply to a micro-business. Authorities take size into account — but there's no full exemption.
What you must do concretely between now and August 2, 2026
Here's the strict minimum, from most urgent to least.
This week: identify your dominant profile (1, 2 or 3). List all the AI tools you use (Claude, ChatGPT, Cursor, Midjourney, etc.) and note for each: personal use, published content, or deployment for your users?
By the end of June: if Profile 2, decide on a standard "AI-generated" wording for your deepfakes (and a bonus for the rest if you want). If Profile 3, do your inventory + classification + transparency plan. If you wonder whether it's "high-risk," it probably isn't — but document your reasoning.
Before August 2: create an "AI Act" folder in your company docs (Notion, Drive — whatever) with inventory, classification, notices, change log. Add an AI mention in your GDPR consent forms if relevant.
To watch: the Digital Omnibus, the Commission's microenterprise templates, the opening of national sandboxes, the CNIL's upcoming positions — your best source in French.
What you do NOT have to do (the false fears)
I've seen quite a bit of nonsense go by in recent weeks. For the record:
- You don't have to stop using ChatGPT in your personal work.
- You don't have to pay for a €5,000 AI compliance audit if you're solo and don't have a high-risk system.
- You don't have to hire a Data Protection Officer if you don't already have one (that role is GDPR, not the AI Act, and is rarely mandatory for solos).
- You don't have to fear a €35M fine if you're acting in good faith, are a micro-business, and have no high-risk system. The authorities will apply the proportionality provided by Article 62.
What you should be wary of, on the other hand: sellers of "turnkey AI compliance" surfing on fear. If you're told you absolutely must buy a €1,500 course or a €5,000 audit, read Article 62a, check that you fall under the microenterprise regime, and keep your money for what really moves your business forward.
My own 90-day method to get compliant (without panicking)
I use my Notion template 90-Day Tech Business Roadmap to manage my own compliance. Phase 1: inventory (30 days). Phase 2: classification + notices (30 days). Phase 3: documentation + milestones (30 days). It's exactly the same method I use to structure any solo-business goal (I detailed this 40+ and AI context here: Digital business after 40: why AI changes everything in 2026).
If you want the same structure, the template is here: 90-Day Tech Business Roadmap →.
What to remember
The AI Act sets obligations proportionate to what you actually do with AI. 84 days before August 2. Short to finish, long to start. Begin by listing your tools this week. The rest flows from there.
Official sources consulted
Official EU text (primary source)
- Regulation (EU) 2024/1689 — official French text on EUR-Lex (HTML)
- Regulation (EU) 2024/1689 — official French text on EUR-Lex (PDF)
- ELI: official permalink in all languages
European Commission and AI Office
- AI Act — Shaping Europe's digital future (European Commission)
- Navigating the AI Act — European Commission FAQ
- Code of Practice on marking and labelling of AI-generated content (European Commission)
- Article 62 — Measures for SMEs and start-ups (AI Act Service Desk)
French authorities
- CNIL — Entry into force of the European AI regulation: first Q&A
- CNIL — AI practical sheets
- CNIL — 2026 work program (includes AI Act support)
- Directorate-General for Enterprise (Bercy) — AI Act breakdown
Scope note — state of official publications as of May 9, 2026: the CNIL was formally designated as the French AI Act supervisory authority by government amendment on February 12, 2026, with the power to impose the watermarking provided by Article 50. As I write, it has not yet published a detailed operational guide on the Article 50(4) exception (human editorial review). Its 2026 work program includes AI Act support; specific publications are expected by August 2026. For the precise reading of the 50(4) exception, I rely on the official EUR-Lex text and the European Commission's Code of Practice (2nd draft consulted up to March 30, 2026, finalization announced for early June 2026).
Individual articles (annotated reading)
Additional analyses
- EU AI Act deployer evidence gaps SMEs will miss before 2 Aug. 2026 — IAPP
- Digital Omnibus & deferral of high-risk obligations — DLA Piper
- Transparency obligations pursuant to Art. 50(4) — Lexology
- Taking the EU AI Act to Practice — Bird & Bird
You'll find more guides in the Tech section.