EU AI Act Regulation 2026: What Businesses and Individuals Need to Know Now

If your company uses artificial intelligence — whether a simple chatbot, AI-powered recruitment or an automated customer service system — the EU AI Act regulation (Hungarian: EU AI Act szabályozás) applies to you. This is not just a matter for large corporations: it directly affects Hungarian SMEs, employees and consumers alike. In this practical guide, we explain what obligations you need to prepare for by August 2026 and how a lawyer can help.

Why should you act now on EU AI Act regulation?

A three-phase timeline: what is already mandatory?

The EU AI Act (Regulation (EU) 2024/1689 of the European Parliament and of the Council) entered into force on 1 August 2024, with obligations phased in over three stages. The ban on prohibited AI practices and the AI literacy obligation have been in effect since 2 February 2025. Rules for general-purpose AI models (GPAI) and the sanctions framework were activated on 2 August 2025. The deadline for full compliance regarding high-risk AI systems is 2 August 2026.

This means part of the preparation period has already passed. Any business that has not yet reviewed its systems against the prohibited practices rules is already behind schedule.

How prepared are Hungarian companies?

Deloitte’s 2025 Hungarian AI Survey paints a concerning picture: 38% of companies cannot even determine whether their systems fall under the AI Act. Only 16% have a compliance framework in place, and 21% have taken no AI literacy steps whatsoever — despite this being a legal requirement since February 2025. In our legal practice, we find that most Hungarian SMEs do not even realise they are affected.

What does the AI Act regulate and who does it apply to?

Developers, deployers and importers all fall within scope

The AI Act does not apply solely to AI developers. Its scope extends to every organisation that develops, distributes, imports or deploys an AI system within the EU — regardless of whether the developer is based inside or outside the Union. If a Hungarian business uses an American AI tool whose output affects individuals in the EU, the regulation imposes obligations on both parties. The framework takes a risk-based approach, classifying AI systems across four levels from minimal to prohibited, with obligations scaled accordingly.

Which EU AI Act prohibited AI systems have been banned?

Eight prohibited practices — and fines reaching billions

Article 5 of the AI Act lists eight AI practices that are prohibited in terms of development, distribution and deployment. These include subliminal manipulation, exploitation of vulnerabilities, social scoring, emotion recognition in the workplace and in education, and mass facial recognition in public spaces. If a Hungarian company uses personalised content to influence customer decisions in ways they cannot perceive, this may already breach the prohibition.

These rules have been in effect since 2 February 2025, and the sanctions framework has been active since August 2025. Under the Hungarian implementing legislation (Act LXXV of 2025), the maximum fine for prohibited AI practices can reach HUF 13.3 billion (approximately EUR 34 million).

How does EU AI Act compliance affect Hungarian businesses?

High-risk systems in everyday business operations

The “high-risk” category covers far more companies than one might expect. It includes any AI system used for credit scoring, insurance risk assessment, recruitment, performance evaluation or determining access to public services. A mid-sized company that uses AI to screen CVs will be required to maintain detailed technical documentation, a risk management system and human oversight from August 2026.

AI literacy: the mandatory training that few know about

Article 4 of the AI Act requires every organisation deploying AI to ensure adequate AI literacy (Hungarian: AI literacy kötelezettség) among its staff — with verifiable records. This has been mandatory since 2 February 2025, yet 21% of Hungarian companies have taken no action at all. In practice, this means organising training sessions, internal knowledge bases or e-learning programmes. In our experience, most Hungarian businesses are entirely unaware of this obligation.

GDPR and the AI Act: the dual compliance challenge

The AI Act does not replace the GDPR — it complements it. Where an AI system processes personal data, all GDPR principles remain fully applicable. The greatest practical risk is “Shadow AI”: staff copying customer data and internal reports into AI prompts that no one can subsequently audit. For businesses, practical steps on AI regulation (Hungarian: AI szabályozás gyakorlati teendők vállalkozásoknak) should therefore always begin by strengthening data handling discipline.

How does the AI Act impact employees and individuals?

Employee rights: when must you disclose AI use?

The AI Act impact on employees and individuals is direct and tangible. If an employer uses an AI system to screen job applications, evaluate performance or decide on promotions, it must inform the affected person — including how the AI contributed to the decision. Automatically generated logs must be retained for at least six months. Under Hungarian labour law (Section 11/A of the Labour Code), AI qualifies as a technological tool, meaning all restrictions on workplace technology use apply.

Consumer protection: chatbots, credit scoring, automated decisions

When operating a chatbot, businesses must clearly indicate to users that they are interacting with AI. AI-based credit scoring or insurance risk assessment falls into the high-risk category, requiring non-discrimination safeguards and human oversight. Amazon was forced to shut down a recruitment system in 2018 after it was found to discriminate against women — the AI Act is designed to prevent precisely such outcomes.

Hungarian AI legislation: what new authorities are being established?

A new institutional framework under Act LXXV of 2025

The Hungarian AI Act (Act LXXV of 2025) and its implementing Government Decree (344/2025 (X. 31.)) established the domestic institutional framework. The National Accreditation Authority serves as the AI notifying body, while a nationally competent AI market surveillance authority oversees lawful deployment. The Government has set up a single-window system so that businesses deal with one authority only. The law also created the Hungarian Artificial Intelligence Council, chaired by the Government Commissioner for AI, which issues guidance to support consistent legal application.

What practical steps on AI regulation should businesses take?

Three steps to compliance

The first step is a comprehensive AI audit: catalogue every AI tool and use case within your organisation, including the “invisible” ones — such as the marketing team using ChatGPT for copywriting. Second, carry out a risk classification and prepare an internal AI policy: which tools are permitted, what data must never enter an AI system, and how human oversight is ensured. Third, for high-risk systems, establish technical documentation, logging and staff AI literacy training.

Do you need AI Act lawyer legal advice for compliance?

When should you engage legal counsel?

AI Act lawyer legal advice (Hungarian: AI Act ügyvéd jogi tanácsadás megfelelés) is particularly warranted when your organisation deploys high-risk AI, when data protection questions arise at the intersection of AI and the GDPR, or when you work with contractual AI suppliers. Risk classification, regulatory registration and drafting internal policies require legal expertise. Those who get their AI use in order early not only avoid fines — increasingly, B2B partners expect verifiable AI compliance, making it a genuine competitive advantage.

EU AI Act regulation is not a threat — it is an opportunity

Preparing today is cheaper than paying fines tomorrow

The purpose of EU AI Act regulation is not to hinder innovation but to create a framework for safe and transparent AI use. Those who act now will prepare more affordably and with greater confidence than those scrambling before the August 2026 deadline.

Not sure whether the AI Act applies to your company, or unsure what steps to take? Get in touch with us.

With over 20 years of experience in data protection, technology law and corporate compliance, Madarassy Law Firm helps clients navigate the practical implementation of the AI Act. Contact us at www.madarassy-legal.com.