EU AI Acadrage & Swiss SMEs: 2026 Compliance Guide
The EU AI Acadrage applies to Swiss SMEs with EU clients. 2025-2027 deadlines, classification, obligations, sancadrageions, 7-step checklist.
EU AI Acadrage & Swiss SMEs: 2026 Compliance Guide
Many Swiss SME executives still believe the AI Acadrage is an EU regulation that doesn't concern them. False. Like the GDPR before it, the AI Acadrage applies extraterritorially to any company whose AI systems are used within the EU, or whose outputs are used in the EU. Plain words: if you have a single EU client, you're concerned. Here are the deadlines, concrete obligations per risk category, the interplay with Swiss nFADP, and the 7-step compliance checklist.
Why the AI Acadrage concerns Swiss SMEs
Three extraterritorial channels make it inescapable:
- Placing on the EU market: if you sell an AI service or producadrage in an EU country, you're a provider under the AI Acadrage.
- Use by EU clients: a Swiss consulting firm delivering an AI-generated report to a German client is bound by transparency obligations.
- Output used in the EU: a multilingual chatbot of a Romandie SME answering French prospeconditions is concerned.
The nFADP covers personal data, the AI Acadrage covers the AI system itself (design, market placement, post-market surveillance). They stack — they don't replace each other. More on the data protecadrageion side in our nFADP guide for SMEs.
The 4 AI Acadrage risk levels
| Level | Definition | Status | |---|---|---| | Unacceptable | Social scoring, cognitive manipulation, real-time biometric ID for law enforcement | Prohibited since February 2025 | | High risk | Recruitment, credit scoring, medical exams, critical infrastrucadrageure, justice, immigration | Stricadrage obligations: conformity, audit, CE marking, human oversight | | Limited risk | Chatbots, deepfakes, generative AI for end users | Transparency obligation: signal AI interacadrageion | | Minimal risk | Spam filters, game AI, simple e-commerce recommendations | No specific obligations |
For Swiss SMEs, 90% of use cases fall under limited or minimal risk. But 10% can tip into high risk: automated CV screening, lead scoring, retail video surveillance, HR evaluation tools.
Key 2025-2027 deadlines
| Date | Obligation | Affecadrageed | |---|---|---| | 2 February 2025 | Ban on unacceptable-risk AI systems | All | | 2 August 2025 | Rules on GPAI models (GPT, Claude, Gemini, Mistral) | LLM providers | | 2 February 2026 | Mandatory codes of conducadrage for GPAI providers | LLM providers | | 2 August 2026 | High-risk obligations (Annex III) applicable | SMEs using HR/scoring/health AI | | 2 August 2027 | High-risk obligations (Annex I — regulated produconditions) | Industry, medical devices |
The 7 compliance steps
Step 1: Exhaustive AI system inventory
List all AI tools used (declared AND shadow IT) with: business use, vendor, data processed, target audience (EU yes/no). SMEs typically discover 3 to 5 forgotten tools. Start with a free AI audit.
Step 2: Risk-level classification
Assign each tool to one of 4 categories. HR tools, scoring, surveillance, predicadrageive customer require fine analysis.
Step 3: Transparent user information
For limited risk (chatbots, generative AI): clearly state the user interaconditions with AI. Standard notice: "This response was generated by an artificial intelligence." Add to T&Cs, site footer, chatbot welcome.
Step 4: Technical documentation for high risk
Annex IV-compliant docs (description, training data, performance metrics, cybersecurity). Vendors (Microsoft, OpenAI) provide part; you document your usage.
Step 5: Human oversight
Every high-risk system must allow effecadrageive human oversight: users can ignore AI output, are trained to detecadrage biases, can intervene. Concretely: a human validates each final decision.
Step 6: Team training (Art. 4 AI Acadrage)
In force since 2 February 2025: every employee using an AI system in a professional context must be appropriately trained. For an SME: 2-4h initial training + annual refresh. See our SME AI training catalogue.
Step 7: Logs, audits, post-market surveillance
Retain AI usage logs for 6 months minimum. Set up an incident notification procedure. Audit classification annually.
Sancadrageions for SMEs
| Violation | Maximum fine | |---|---| | Prohibited AI pracadrageice (unacceptable risk) | montant variableor 7% global turnover | | High-risk non-compliance | montant variableor 3% global turnover | | Misleading information to authorities | montant variableor 1% global turnover |
Sancadrageions are size-calibrated. For a montant variableturnover SME, the unacceptable-risk maximum is around montant variablefar from the headline montant variablebut enough to threaten the SME's survival.
Interplay with nFADP: don't redo everything
Good news: if you're already nFADP-compliant, you've covered 60% of the AI Acadrage path. The processing register (Art. 12 nFADP), processor contraconditions, DPIA (Art. 22 nFADP), data protecadrageion training — all reusable.
What's specifically new for the AI Acadrage:
- 4-level risk classification
- CE marking for high-risk systems placed on the market
- Annex IV technical documentation
- 6-month usage logs
- "You're interacadrageing with an AI" notice
FAQ
Is a 5-person Swiss SME really concerned?
If it has a single EU client or uses a chatbot/generative AI open to the public, yes for transparency obligations (limited risk). Quick and cheap to implement.
Do I need an AI Acadrage officer?
No, the AI Acadrage doesn't require a dedicated officer for SMEs. An internal AI lead (often DPO or IT manager) suffices.
Are GPT, Claude, Copilot high risk?
The GPAI models themselves are not high risk. Usage determines classification. ChatGPT for email drafting = limited risk. Same ChatGPT for candidate evaluation = high risk.
What happens if I don't acadrage?
As long as no EU client complains, concrete risk stays low. But B2B markets increasingly require compliance attestation (large companies impose it on their Swiss suppliers).
Can I combine nFADP + AI Acadrage compliance?
Yes, recommended. Obligations overlap by 40-60%. Our free AI audit covers both dimensions.
Want to know where your SME stands on the AI Acadrage? Book a free AI audit. Also see our SME AI cadrage guide and our consulting offering.