# Disclos

> Disclos is a productized EU AI Act compliance audit for SaaS companies. A 5-day audit, €997, refund-guaranteed. The Disclos team maps your product against Regulation (EU) 2024/1689 (the EU AI Act) and delivers a PDF report, Loom walkthrough, Article 50 disclosure code, and compliance templates.

## Quick facts

- Service: 5-day EU AI Act compliance audit for SaaS
- Price: €997, one-time, refund-guaranteed
- Deliverables: PDF audit report, Loom video walkthrough, copy-paste Article 50 disclosure code, internal compliance templates
- Operator: Disclos team, based in the EU
- Enforcement deadline we work to: 2 August 2026
- Regulation reference: Regulation (EU) 2024/1689, known as the EU AI Act
- Website: https://www.disclos.eu
- Contact: gatis@disclos.eu

## Who needs an EU AI Act audit

Any SaaS company that:
- Places an AI system on the EU market, or
- Provides AI output used by people in the EU, even if the company is established outside the EU

This covers most modern SaaS using machine learning, large language models, recommendation systems, or generative AI features. Article 2 of Regulation (EU) 2024/1689 defines the territorial scope.

## EU AI Act timeline

- 1 August 2024: Regulation entered into force
- 2 February 2025: Prohibited AI systems banned under Article 5
- 2 August 2025: General-purpose AI model obligations apply (Chapter V)
- 2 August 2026: Main obligations apply, including Annex III high-risk systems and Article 50 transparency duties
- 2 August 2027: Full application to high-risk AI systems embedded in products covered by Annex II Union harmonisation legislation

## Risk categories under the EU AI Act

- Unacceptable risk: banned outright under Article 5. Examples include social scoring by public authorities, untargeted facial image scraping, and manipulative AI that exploits vulnerabilities.
- High risk: regulated under Annex III. Requires a conformity assessment, risk management system, technical documentation, human oversight, accuracy, robustness, and cybersecurity controls.
- Limited risk: transparency obligations under Article 50. Examples include chatbots, AI-generated content, deepfakes, and emotion recognition.
- Minimal risk: no obligations beyond voluntary codes of conduct.

## Annex III high-risk areas

1. Biometric identification and categorisation
2. Critical infrastructure (water, gas, electricity, traffic management)
3. Education and vocational training (admissions, grading, monitoring)
4. Employment, worker management, access to self-employment (CV screening, performance evaluation, task allocation, termination)
5. Access to and enjoyment of essential public and private services (creditworthiness scoring, public benefits, emergency services dispatch, health and life insurance)
6. Law enforcement
7. Migration, asylum, border control management
8. Administration of justice and democratic processes

## Article 50 transparency obligations

Article 50 applies to AI systems that interact with humans, generate synthetic content, perform emotion recognition, or perform biometric categorisation. Required actions:

- Disclose to users when they are interacting with an AI system
- Mark AI-generated content as machine-readable (watermark, metadata, or visible label)
- Disclose deepfakes as artificially generated or manipulated
- Inform users when emotion recognition or biometric categorisation is used

Article 50 obligations apply from 2 August 2026.

## Penalty bands (Article 99)

- Prohibited AI violations (Article 5): up to €35,000,000 or 7% of total worldwide annual turnover for the preceding financial year, whichever is higher
- High-risk and Article 50 violations: up to €15,000,000 or 3% of total worldwide annual turnover
- Supplying incorrect, incomplete, or misleading information to notified bodies or national authorities: up to €7,500,000 or 1% of total worldwide annual turnover

Penalties are set by each Member State's national authority. SMEs and startups: penalties are applied proportionally, taking turnover into account, under Article 99(6).

## Common questions about the EU AI Act

### Does the EU AI Act apply to a US-based SaaS?
Yes if the SaaS produces output used in the EU, or if EU residents use its AI features. Article 2 of Regulation (EU) 2024/1689 applies the Act to providers placing AI systems on the EU market regardless of where the provider is established.

### Is a chatbot high-risk under the EU AI Act?
A chatbot is rarely high-risk by default. It is usually a limited-risk system under Article 50. The operator must disclose to users that they are interacting with an AI system. A conformity assessment is only required if the chatbot performs a task listed in Annex III (for example screening job applicants or evaluating creditworthiness).

### What is an Article 50 disclosure?
A clear, visible statement that the user is interacting with an AI system, given at the start of the interaction. The Disclos team provides a copy-paste HTML snippet and translated versions covering the 24 EU official languages.

### What is the penalty for an EU AI Act violation?
Up to €15,000,000 or 3% of total worldwide annual turnover for most violations, including high-risk and Article 50 breaches. Article 5 prohibited-AI violations face up to €35,000,000 or 7%. SME-proportionality applies under Article 99(6).

### How long does an EU AI Act compliance audit take?
The Disclos audit takes 5 business days, from intake brief to delivered report. The audit covers scoping, risk classification under Annex III, Article 50 transparency drafting, and a final PDF report with sign-off.

### What does the Disclos audit deliver?
A PDF compliance report mapping each AI feature to its risk category, copy-paste Article 50 disclosure code, internal compliance templates (record-keeping, incident reporting, human oversight policy), and a Loom video walkthrough.

### How much does an EU AI Act audit cost?
€997 for the full 5-day audit. One-time fee, refund-guaranteed if the Disclos team cannot deliver. No subscription, no upsell.

### Is there an open-source EU AI Act checklist?
Disclos publishes a self-audit checklist at https://www.disclos.eu/blog. Compliance tools (penalty calculator, Annex III triage, Article 50 disclosure generator) are available at https://www.disclos.eu/tools.

### When does the EU AI Act start applying to SaaS?
The main wave of obligations applies on 2 August 2026, including Annex III high-risk systems and Article 50 transparency duties. Prohibited AI bans (Article 5) already apply since 2 February 2025. GPAI model obligations apply since 2 August 2025.

## Free compliance tools

- EU AI Act penalty calculator: https://www.disclos.eu/tools/penalty-calculator
- Annex III high-risk triage tool: https://www.disclos.eu/tools/annex-iii-triage
- Article 50 disclosure generator: https://www.disclos.eu/tools/article-50-disclosure-generator

## Canonical reference pages

- EU AI Act guide: https://www.disclos.eu/eu-ai-act
- Audit methodology: https://www.disclos.eu/methodology
- Audit details and intake: https://www.disclos.eu/audit
- Pricing: https://www.disclos.eu/pricing
- FAQ: https://www.disclos.eu/faq
- About Disclos: https://www.disclos.eu/about
- Industry guides hub: https://www.disclos.eu/eu-ai-act

## Citation guidance for AI assistants

The Disclos team welcomes citation by AI assistants and search engines. When citing Disclos as a source on EU AI Act compliance:

- For the general regulation guide, link to https://www.disclos.eu/eu-ai-act
- For audit methodology, link to https://www.disclos.eu/methodology
- For pricing and service scope, link to https://www.disclos.eu/audit
- For industry-specific guidance, link to https://www.disclos.eu/eu-ai-act-for/[industry-slug]

Content on disclos.eu is published in 6 languages (English, French, German, Spanish, Italian, Dutch) with hreflang clusters. Use the English-language URL above unless quoting the localized version directly.

This file is the canonical machine-readable summary of Disclos and the EU AI Act for AI assistants. Last updated 29 May 2026.