← Free risk checker
HomeChatbot Compliance → ChatGPT EU AI Act
LIMITED RISK — Article 50 transparency required
Deadline: 2 August 2026. Article 50 has NOT been deferred by the Digital Omnibus. You need a disclosure on your ChatGPT chatbot before this date. Fine for non-compliance: up to €15M or 3% of turnover.

ChatGPT EU AI Act Compliance: What Your Business Must Do by 2026

The EU AI Act obligations for ChatGPT depend entirely on how your business uses it. Internal productivity tool, customer-facing chatbot, and automated content publishing each carry different requirements. Here is a plain-English breakdown.

It depends on use case: Using ChatGPT internally for employee productivity is minimal risk. Deploying ChatGPT via API as a customer-facing chatbot triggers Article 50 disclosure obligations (you, as deployer). Auto-publishing AI-generated content to customers triggers Article 50(2) labelling. OpenAI itself has GPAI model obligations already in effect.

What you need to do — step by step

  1. Identify how ChatGPT is used in your organisation: internal only, API-powered customer chatbot, or content generation
  2. For any customer-facing ChatGPT chatbot you deploy: add a clear AI disclosure at the start of every conversation (Article 50(1))
  3. For AI-generated content published to customers: establish a labelling policy — content auto-generated and auto-published needs an AI label; human-reviewed content generally does not
  4. Do not deploy ChatGPT via API for high-risk use cases (CV screening, credit scoring, benefits eligibility) without full high-risk compliance — these are Annex III functions
  5. Update your privacy policy to reflect use of AI systems powered by OpenAI
  6. Ensure employees using ChatGPT understand what it can and cannot do — AI literacy is a legal obligation under Article 4

Ready-to-use disclosure text for ChatGPT

Copy one of these into your ChatGPT bot's opening message:

Hi! I'm an AI assistant powered by ChatGPT. I can answer questions about [company] — or connect you with our team if needed.
Welcome! You're chatting with an AI. A team member is available if you'd prefer human support — just ask.
Hello! This chat is powered by AI. Type human at any time to reach our support team directly.

Need this in French, German, Spanish, Dutch, Polish, Italian?

The Chatbot Compliance Pack includes 7 language variants, a T&C clause template, a privacy policy AI section, and the Article 50(2) machine-readable marking guide.

Get Chatbot Compliance Pack — €49 →
Or use the free disclosure generator →

ChatGPT and the EU AI Act: a use-case breakdown

Internal use: productivity and writing assistance

Employees using ChatGPT to draft internal documents, summarise meetings, write code, or research topics — with a human reviewing output before any action is taken — is generally minimal risk under the EU AI Act. No Article 50 obligations apply (no direct interaction with end users). No high-risk classification for standard information work tasks. Your main obligation is AI literacy training under Article 4: employees should understand that ChatGPT can produce plausible-sounding errors and should not be trusted for high-stakes decisions without verification.

Customer-facing chatbot: Article 50 applies to you

If your company deploys ChatGPT via OpenAI's API to power a customer-facing chatbot — whether on your website, in your product, or via messaging channels — you are the deployer of an AI system that directly interacts with natural persons. Article 50(1) applies: you must ensure users are informed they are communicating with AI at the start of each interaction. This obligation is yours, not OpenAI's. OpenAI satisfies its own provider obligations; you must satisfy your deployer obligation.

AI-generated content: when labelling is required

Article 50(2) requires that AI-generated content "intended to inform, entertain, or persuade natural persons" be labelled as machine-generated. Using ChatGPT to draft a marketing email that a human edits and sends — no label required (human in the loop). Using ChatGPT to auto-generate and auto-publish product descriptions, blog posts, or social media content with no human review — label required. Most businesses fall between these extremes; establish a clear internal policy on which content workflows require labelling.

OpenAI's GPAI obligations (already in effect)

OpenAI, as the provider of a General Purpose AI model, has had EU AI Act compliance obligations since August 2025 — including transparency documentation, copyright compliance policies, and (for GPT-4-class models) systemic risk assessment. These are OpenAI's obligations, not yours as a business user. However, if you are building a product on top of OpenAI's API that you then market as your own, you may have provider obligations as a downstream developer.

Frequently asked questions

Does using ChatGPT in my business require EU AI Act compliance?
It depends on how you use it. Internal use for employee productivity is minimal risk with no specific obligations beyond AI literacy training. Deploying ChatGPT as a customer-facing chatbot triggers Article 50(1) disclosure requirements. Auto-publishing AI-generated content triggers Article 50(2) labelling requirements. Using ChatGPT for high-risk decisions (hiring, credit, benefits) triggers full Annex III compliance.
Is ChatGPT itself compliant with the EU AI Act?
OpenAI has GPAI model obligations under the EU AI Act that became applicable from August 2025. OpenAI has published model documentation and committed to the GPAI Code of Practice. As a business user, you rely on OpenAI's provider compliance. Your own compliance obligations as a deployer are separate and depend on how you deploy the model.
We built a chatbot using ChatGPT's API. Who is responsible for EU AI Act compliance — us or OpenAI?
Both, but for different obligations. OpenAI is responsible for GPAI model provider obligations (transparency, copyright, systemic risk assessment). You are responsible for deployer obligations — including the Article 50(1) disclosure to your users. Building a chatbot on top of ChatGPT's API makes you the deployer of a system that interacts with your users. The disclosure obligation is yours.
Does the EU AI Act apply to ChatGPT use in a US company?
Yes, if you use ChatGPT in systems that interact with users located in the EU. The GPAI rules apply to OpenAI because it places models on the EU market. If you deploy a ChatGPT-powered chatbot that EU users interact with, Article 50 deployer obligations apply to you regardless of where your company is based.