EU AI Act GPAI enforcement begins 2 August 2026: what Irish SMEs using AI tools need to check
Regulatory event dated 2 August 2026. Published 1 June 2026.
From 2 August 2026 the EU AI Office can fine providers of general-purpose AI models up to EUR 15 million or 3 percent of global annual turnover under Article 101 of the EU AI Act.
What changed
- From 2 August 2026 the European Commission's AI Office gains enforcement powers over providers of general-purpose AI (GPAI) models, including the power to fine.
- Under Article 101 of the AI Act, fines on GPAI providers can reach EUR 15 million or 3 percent of total worldwide annual turnover, whichever is higher.
- GPAI provider obligations under Articles 53 to 56 cover technical documentation, transparency to downstream deployers, a policy to comply with EU copyright law, and a public summary of training content.
- A GPAI model is presumed to carry systemic risk once training compute exceeds 10 to the power of 25 floating-point operations (Article 51), which adds Article 55 duties: model evaluation, adversarial testing, systemic-risk mitigation and serious-incident reporting to the AI Office.
- The GPAI Code of Practice, finalised in 2025, is voluntary. Signing it is one route to demonstrate compliance, but it is not legally binding and not mandatory.
What you need to do
- List the AI tools your business uses that are built on a general-purpose model (chat assistants, content generation, support automation, AI features inside your CRM or marketing platform). The obligation sits with the model provider, but your supplier choice is your exposure.
- Ask each AI vendor whether the underlying model provider publishes the Article 53 technical documentation and the public summary of training content, and whether they have signed the GPAI Code of Practice.
- For any tool that processes personal data, keep your GDPR position separate and current. The AI Act sits on top of GDPR; it does not replace your data-protection obligations to the Data Protection Commission.
- Note that models placed on the market before 2 August 2025 have until 2 August 2027 to comply, so a tool's compliance timeline depends on when its model launched.
On 2 August 2026 the EU AI Office gains the power to enforce the AI Act’s rules on providers of general-purpose AI (GPAI) models, including the power to impose fines. This is the date the obligations that came into application on 2 August 2025 acquire teeth.
For an Irish SME, the obligation itself sits with the model provider, not with you as a user. The companies in scope are the developers of the underlying general-purpose models. But your exposure runs through the tools you buy. If an AI feature in your CRM, your customer-support desk or your marketing platform is built on a model whose provider is not meeting its Article 53 to 56 duties, that is a supply-chain risk you should be able to see.
The four core GPAI obligations under Articles 53 to 56 are: maintaining technical documentation, providing transparency information to the businesses that build on the model, putting in place a policy to comply with EU copyright law, and publishing a sufficiently detailed public summary of the content used to train the model.
A second, heavier tier applies to the most capable models. Article 51 presumes a model carries systemic risk once the cumulative training compute exceeds 10 to the power of 25 floating-point operations, a level calibrated to the most advanced models at the time the law was written. Models above that line, or designated by the Commission, pick up Article 55 duties: model evaluation including adversarial testing, assessment and mitigation of systemic risks, and reporting of serious incidents to the AI Office without undue delay.
The penalties are set in Article 101. The AI Office can fine a GPAI provider up to EUR 15 million or 3 percent of total worldwide annual turnover, whichever is the higher figure.
One nuance on timing. Models placed on the market before 2 August 2025 have a grace period to 2 August 2027, while models launched after that date had to comply on launch. So a tool’s compliance posture depends partly on when its model went live.
This page surfaces the regulation and links the primary EU sources. It is not legal advice. Confirm your own obligations, particularly where AI tools process personal data under GDPR, with a qualified adviser.
Vendors signalling eu data residency
Generated live from the Vendors.ie dataset: vendors in the affected categories that carry a verified eu data residency signal, the data point most relevant to this event. This is a starting filter for your own due diligence, not a ruling that any vendor is compliant with the regulation.
- ActiveCampaign Advanced marketing automation and CRM combined, built for businesses ready to go beyond basic email blasts
- Brevo EU-hosted email marketing with a strong free tier - a GDPR-friendly alternative to US-based tools
- Capsule CRM UK-built SME CRM with a generous free tier and strong Xero integration
- ChatGPT Enterprise OpenAI's enterprise AI assistant with advanced reasoning, data analysis, and custom GPTs
- Clio Legal practice management with client CRM, EU hosting and Law Society partnerships
- Dentally Cloud dental practice management with patient portal and recall CRM
- Freshdesk Multichannel helpdesk with a genuine free tier, part of the Freshworks suite
- Freshsales AI-powered CRM from Freshworks with a free tier and EU data centre option
- Gemini Business Google's AI assistant integrated with Google Workspace, with EU data processing for European customers
- HubSpot CRM Free CRM with marketing automation, widely adopted by Irish tech and services firms
- HubSpot Marketing Hub All-in-one inbound marketing platform from HubSpot's Dublin EMEA base, with a free tier and EU data centre option
- HubSpot Service Hub HubSpot's customer service product - ticketing, knowledge base, and feedback tools tied to the CRM
- Intercom Dublin-founded customer messaging platform with AI agent (Fin) for modern support teams
- MailerLite EU-based email marketing with a clean interface and the most generous free tier in the category
- Microsoft Copilot AI assistant integrated into Microsoft 365, with EU data boundary for European customers
- Pipedrive Sales-focused CRM built for small teams with visual pipeline management
- ResDiary Restaurant reservations and table management for Irish hospitality
- Salesflare Belgian-built B2B sales CRM with EU data residency on Google Cloud
- Salesforce Enterprise CRM with EU data centres and a strong Irish partner ecosystem
- Tidio Live chat and AI chatbot for small ecommerce businesses, with a workable free tier
- Zendesk Enterprise-grade support ticketing and omnichannel helpdesk, widely used by Irish scaling businesses
- Zoho CRM Feature-rich CRM with a free tier and EU data centres, part of the broader Zoho ecosystem
Affected categories
Related on Vendors.ie
Sources
- European Commission: regulatory framework for AI
- European Commission: guidelines for GPAI providers
- EU AI Act Article 51: classification of GPAI models with systemic risk
Vendors.ie surfaces the regulation and links the authority's primary document. This is not tax, legal or financial advice. Consult your own adviser before acting.
Last reviewed 1 June 2026