EU AI Act compliance for retail-tech and POS SaaS

Retail-tech SaaS spans store operations, POS, inventory, recommendations, biometric checkout, and workforce scheduling. The AI Act exposure varies by feature: workforce features fall under Annex III point 4, biometric checkout under Annex III point 1, and personalisation features approach Article 5 manipulation concerns. Article 50 transparency applies broadly. Penalty ceilings: €35M or 7% for Article 5, €15M or 3% otherwise.

Is your product high-risk under Annex III?

Annex III points that catch retail-tech: point 1 biometric identification (face-pay, biometric loyalty, age verification by face), point 4 employment (workforce scheduling, performance monitoring of cashiers, AI-driven staffing decisions). Recommendation engines, dynamic pricing, inventory AI, and standard POS analytics are NOT in Annex III but raise Article 5 concerns for aggressive personalisation.

Article 50 transparency obligations

Article 50(1): in-store AI assistants, smart-mirror chatbots, AI-powered customer service must disclose AI nature. Article 50(2): AI-generated product descriptions, AI-personalised marketing copy, AI-curated recommendations presented as content must be marked. Article 50(3): if you deploy emotion analysis on shoppers (heat-mapping, dwell-time + sentiment), disclosure is required. Article 5(1)(a) and 5(1)(b) concern: dynamic pricing that detects financial distress or exploits vulnerability sits close to the prohibition line.

Self-audit checklist before 2 August 2026

Seven checks:

  1. Inventory AI features: recommendation, search, pricing, biometric checkout, workforce scheduling, loss prevention, customer analytics.
  2. Tag Annex III features (biometric, workforce) and plan Article 43 conformity assessment.
  3. Tag Article 5 proximity features (dynamic pricing, urgency UX, personalisation) and document design rationale.
  4. Add Article 50(1) disclosure to all customer-facing AI.
  5. Mark AI-generated content (descriptions, recommendations, marketing).
  6. If biometric features are deployed, add explicit on-screen disclosure before capture.
  7. Build human-override controls for workforce scheduling decisions.

Penalties and enforcement

Penalty ceilings: €35M or 7% for Article 5, €15M or 3% for Article 50 and Annex III. Worked example: retail-tech SaaS with €7M ARR faces theoretical maximums of €490,000 (Article 5) or €210,000 (Article 50/Annex III). Bigger cost: retailer procurement. Carrefour, Tesco, IKEA, H&M, and major retail groups require AI Act attestation as of 2026 vendor onboarding.

Last updated: 2026-05-28