In short

On August 2, 2026 Article 50 of the EU AI Act (Regulation 2024/1689) starts applying. The same rules take effect across all 27 EU member states on the same day, including Poland. The Polish legislator has no authority to delay or weaken them.

The rules apply if your company website has at least one of: an AI chatbot, an AI voice assistant, images created by tools like Midjourney or DALL-E, AI-generated voiceover, deepfake video, or articles written with the help of ChatGPT or Claude on publicly significant topics (health, finance, law, politics).

Fines for non-compliance reach EUR 15 million or 3 percent of global annual turnover. For incorrect information given to a supervisory authority, the limit is EUR 7.5 million. For micro-businesses the lower of the two thresholds applies, which still means very high sums.

Most companies will handle the obligations with three changes: a clear notice at the chatbot's first message, marking AI-generated images in the media library, and a short note under articles where AI helped with writing. All three can be added in WordPress without a developer: with a ready-made plugin, with a setting in your existing chat tool, or with a short code snippet in your theme file. All three paths are below, step by step.

What the AI Act is in plain language

AI Act is the short name for Regulation (EU) 2024/1689 of the European Parliament and Council of June 13, 2024. It is the world's first comprehensive law on artificial intelligence. It entered into force on August 1, 2024, but full application is spread over three years to give companies time to adapt.

A small business owner typically thinks: "I don't build AI, I don't train models, so it doesn't apply to me". That is the first and most common misunderstanding. The AI Act divides the world into two groups.

The first group is providers of AI systems, the companies that build models. Anthropic, OpenAI, Google, Meta. Most obligations fall on them. They have to document how they trained their models, what data they consumed, how much electricity they used. Most companies are not in this group.

The second group is deployers of AI systems. Every company that uses someone else's AI in its own product or service. A WooCommerce store with a ChatGPT-powered chatbot. A blogger decorating posts with Midjourney art. A marketing agency writing with Claude's help. They are all "deployers" under the AI Act and have obligations, though much lighter than the model creators.

Key rule: the AI Act does not require national parliaments to pass a law that brings it into national legal systems. It is a Regulation, not a Directive. It applies directly. Identically in Warsaw, Berlin, Paris and Madrid. The national act, which is being drafted in the Polish parliament right now, is only technical. It will state that the President of UODO is the supervisory authority for parts of the rules, clarify complaint procedures and similar. But the obligation to mark "you are talking with an AI chatbot" stems from the Regulation itself. Even if the Polish act is delayed until the end of 2026, the obligations bind you from August 2.

The best analogy is the GDPR. It took effect on May 25, 2018 across all EU member states on the same day. The Polish data protection act followed two months later, but that did not mean the law was not in force in those two months. It was, because it stemmed from the EU Regulation itself. Same with the AI Act.

Why you must deal with this, even if you think you do not use AI

Three reasons why it is worth spending a week on this now, in July 2026, instead of waiting for the first inspection.

Reason one: you probably use AI without being told. In the last two years, dozens of WordPress plugins have added AI features. Some do it visibly (chat on the site, product description generator). Others do it quietly. The SEO plugin that "suggests content improvements" often asks ChatGPT in the background. The translation plugin that "supports 50 languages" uses DeepL or OpenAI. The image generator built into WooCommerce. Trace what your plugins actually do and you will find AI in three or four of them.

Reason two: image and customer trust. Customers are increasingly annoyed when they discover that the "advisor" on the chat is a chatbot and that "expertise" on the blog is written by ChatGPT. Pointing out that you are AI Act-compliant is a marketing argument today. Lack of such information is a risk of losing trust when the customer figures it out on their own.

Reason three: fines are real. First European Commission decisions on the AI Act are expected in Q4 2026. Likely from Germany or France, where regulators are most aggressive. After the first high-profile cases, the Polish UODO will start its inspections. Better have this sorted before you get a request to explain. Post-incident audits cost twice as much and carry the risk of a fine that could have been avoided with preparation.

Rollout timeline stage by stage

The AI Act takes effect in stages. Some rules are already in force, some only start. The key dates:

Date	What starts applying
February 2, 2025	Ban on the most dangerous AI practices (Article 5). Social scoring of citizens, subliminal manipulation, predictive policing based on personal traits. Most companies are not affected.
August 2, 2025	Obligations for general-purpose AI model providers (Anthropic, OpenAI). Technical documentation, copyright policy, energy consumption report. Only affects creators of large AI models.
August 2, 2026	Transparency obligations for all companies using AI (Article 50). The European Commission gets enforcement powers for fines against model providers.
August 2, 2027	Full application of obligations for high-risk AI systems (Article 6 and Annex III). Recruitment AI, credit scoring, education, critical infrastructure.

For a typical small business owner the most important date is August 2, 2026. Earlier stages affected a small group of entities. This stage affects everyone using AI on their site in a way visible to the user.

Check yourself whether the obligations apply

Go through the table below. For each row answer "yes" or "no". If even one row is "yes", you must change something before August 2, 2026.

Situation on your site	Falls under Article 50?	What you concretely need to do
I have chat on my site where first replies are written by AI (Tidio, Intercom, WPBot, Crisp with AI enabled)	Yes (§ 1)	Clear notice "You are talking with an AI assistant" in the first message
I have an AI-based voice assistant (IVR) handling customer calls	Yes (§ 1)	Voice notice "This is an AI assistant" before the call starts
I publish blog posts written partly or fully by ChatGPT, Claude or Gemini on publicly significant topics (health, finance, law, politics, education)	Yes (§ 4)	Note under the article "First draft generated by AI, edited by a human"
I have images on my site created by tools like Midjourney, DALL-E, Stable Diffusion (on the blog, in the store, in the portfolio)	Yes (§ 2 and § 4)	HTML data-ai-generated attribute, alt text with "AI-generated image" prefix, optionally a visible watermark
I use AI voiceover (Eleven Labs, OpenAI TTS) in video or podcasts	Yes (§ 2 and § 4)	Notice at the start of the material and in the audio file metadata
I publish videos where a person's face is generated or replaced by AI (deepfake)	Yes (§ 4) URGENT	Full visual and text disclosure, plus the depicted person's consent
I have AI-powered product recommendations in my WooCommerce store	No (§ 1, obvious from context)	Optional note in the privacy policy, not required
I use an AI-based spam filter, fraud detection or OCR	No	No external obligations
I have a plugin that automatically tags photos in the media library (image classifier)	No	None
I auto-generate meta descriptions through AI, but only in the background, invisible to the user	Marginal	No required notice if not shown to the user
I translate content through DeepL or the Google Translate widget	No	None
I generate slugs, file names or internal notes through AI	No	None

The boundary rule I apply with clients: if AI creates something the user sees or hears as content, Article 50 almost always applies. If AI works in the background (classification, filtering, process automation), usually it does not.

Text exception: Article 50 § 4 requires labelling only text published "for the purpose of informing the public on matters of public interest" and only when the text has not been subjected to "human editorial control and editorial responsibility". So a post about "Ten ways to decorate your balcony", 90 percent AI-written and edited by the gardening company owner, technically does not need a note. Low harm, human editing, no public interest. A post about "How to plan retirement after the 2027 tax reform" does. Publicly significant matter, affects people's financial decisions.

In practice with clients I use a simpler rule: add a note under every article where AI played a significant role. One minute of work per text. The fine for missing the note on a KSeF news story can run into millions.

The four Article 50 obligations explained simply

Article 50 has four paragraphs with specific transparency obligations. Each covers a different situation.

Paragraph one says that interaction with AI must be recognisable. If a natural person interacts with an AI system, the system must be designed so that the person knows they are not talking to a human. Exception: the context makes it obvious (for example a voice assistant on a phone screen where the app name is "Siri").

Paragraph two imposes the obligation to mark synthetic content. Providers of models generating images, video, audio and synthetic text must build digital watermarks into their models (for example Google's SynthID, the C2PA standard for images). This is a provider obligation, not yours as a user. But importantly, do not strip these watermarks during processing (for example by compressing an image or changing its format in a way that destroys the marking).

Paragraph three covers emotion recognition and biometric categorisation systems. If you use AI that analyses faces or voices to categorise users (age, gender, emotions), you must inform the natural persons who are exposed to it. Most companies are not affected. If you have an AI-equipped CCTV camera, this applies.

Paragraph four is the broadest and covers deepfakes and publicly significant AI-generated content. Two obligations packed into one paragraph.

First: any video, image or audio generated or manipulated by AI, depicting existing persons, places or events (i.e. deepfake), must have its synthetic or manipulated nature disclosed. No exceptions, no "it was just a joke".

Second: text generated or manipulated by AI, published for the purpose of informing the public on matters of public interest, must have its AI authorship disclosed. Exceptions: human editorial control and responsibility, or satire (parody, artistic creation).

Paragraph five adds that the information must be provided to the natural person "in a clear and distinguishable manner, at the latest at the time of the first interaction or exposure". So tiny print in the privacy policy is not enough. It must be visible where the interaction takes place.

How to implement in WordPress, path A: ready-made plugins

The simplest path. Suitable if you do not want to touch code and prefer to have everything in the WordPress admin panel.

Go to the admin panel, click Plugins, then Add New. In the search box type one of the names below, click Install, then Activate. Configuration usually takes 10 to 15 minutes.

WP AI Transparency Notice (recommended). Plugin created in response to the AI Act. Adds a configurable banner in the footer of every page and inserts an AI welcome message into popular chat plugins (Tidio, WPBot, Crisp, Drift). Lets you mark images as AI-generated directly in the media library. Also adds a "Use of AI" section to the privacy policy generated by WordPress.

AI Content Disclosure from WPMU Dev. Lets you mark individual posts as "partly written by AI" and automatically adds a note under the article. It also generates Schema.org structured data informing Google AI Overviews about the AI role in the content.

Cookie Notice & Compliance version 3.0 (since April 2026 includes an AI Act module). If you already have this plugin for cookie management, enable the new module.

Complianz version 7.x. A comprehensive plugin for GDPR, ePrivacy and now the AI Act. Bigger, heavier, but if you run a store and need full GDPR + AI Act compliance in one tool, it is a good choice.

Borlabs Cookie, the German version. Very thorough AI Act implementation, more expensive, but if you have German clients, worth considering.

Short procedure after installing one of these plugins (example for WP AI Transparency Notice):

After activation go to Settings → AI Transparency.
In the Banner tab write the text shown on pages with chat: "This site uses an AI assistant. The first reply is generated by a language model." You can add a link to the privacy policy.
In the Integrations tab tick which chat tools you use (Tidio, WPBot etc.). The plugin will automatically inject the AI welcome message.
In the AI Images tab tick "Add checkbox to media library". From now on every uploaded image will have a "AI-generated" field.
In the Privacy Policy tab click "Generate AI section". The plugin will add ready text to your privacy policy (review and adjust).
Save settings.

After this configuration most Article 50 obligations are met automatically. Every two or three weeks come back and check whether a plugin update has changed the settings.

How to implement in WordPress, path B: settings in your existing chat tool

If you already have chat on your site, you probably do not want to install a separate plugin. Most popular chat platforms added AI Act compliance settings during 2025 and 2026. Quick orientation map. For US-based SMBs the typical stack is HubSpot Chat or Intercom. For B2B conversational marketing it is Drift. For enterprise support Zendesk Chat. For European SMBs Crisp (France) is the most common, followed by Tidio (international, founded in Poland) and LiveChat (international, founded in Poland). Tawk.to is the dominant free option globally. Step by step guide for the seven most common tools across these markets.

Intercom (USA, popular for SMB and mid-market B2B). In the Intercom panel click Settings, then Channels, then Messenger. Enable "AI Disclosure" (available since version 2026.5). Configure the text in your site language. If you use Fin AI (Intercom's AI agent), additionally check Settings → Fin → Brand identity. Add "AI" to the Fin display name so customers see clearly they are talking to AI.

Drift (USA, B2B conversational marketing). In the Drift dashboard click Settings, then Conversational AI, then AI Transparency. Enable "Mandatory bot identification". Drift will auto-prepend "You are chatting with our AI assistant" to every bot-led conversation. Review your Playbooks (conversation scenarios) and edit any opening message that does not yet identify AI.

HubSpot Chat (USA, popular for SMBs running HubSpot CRM). In HubSpot navigate to Settings → Inbox → Chat. Open the Chatflow you use, click Edit, then go to Welcome message. Insert "Hi, I'm an AI assistant for [your company]. The first reply comes from a language model. Type 'human' to be connected with an agent." If you use HubSpot's Breeze AI for replies, also enable Settings → Breeze → Customer notice.

Zendesk Chat (USA, enterprise support). In Zendesk Admin Center go to Channels → Messaging → Customer notices. Enable "AI agent disclosure". Zendesk will automatically prepend a configurable notice to any conversation handled by Answer Bot or generative AI. Review the default text and adjust for your locale.

Crisp (France, popular in European SMBs). In the Crisp panel click Settings, then AI, then Disclosure. Enable "Show transparency notice". If you use Magic Reply (Crisp's AI feature), additionally enable "Tag AI replies in chat" (every AI reply gets a small "AI" badge).

Tidio (international, founded in Poland). Go to the Tidio panel (panel.tidio.com), click Settings, then AI Disclosure. Enable "Show AI disclosure to visitors". In the Custom message field write the notice in your site language. Tick "Show on first message only". In the Lyro tab (Tidio's AI bot) also check the Bot name field. Avoid names like "Anna" or "Mark" without the word "AI". A name like "AI Assistant [Your Brand]" works well.

LiveChat (international, founded in Poland). In the LiveChat panel (my.livechat.com) click Settings, then Chat widget, then AI Disclosure (tab added in 2026). Enable "EU AI Act compliance mode". Fill the First-message notice with your language. If you use Copilot AI or ChatBot connected to LiveChat, also check ChatBot → Settings → AI Identification and enable "Show 'AI' badge next to bot responses".

ChatBot.com (global, LiveChat group). In the ChatBot.com panel click Settings, then Compliance, then AI Act 2026. Enable the default notice. ChatBot has ready templates in several languages.

Tawk.to (free, global). In the Tawk.to dashboard click the Administration icon, then Widget Appearance, then Pre-Chat Form. In the Privacy Notice field write your AI notice. If you use Tawk.to's Apollo AI, enable "Show AI badge on automated responses" in the Apollo settings.

What to check regardless of the platform:

Is the "Conversation with AI assistant" notice preserved in the conversation transcript? Some platforms show it only live, and it disappears from the archive. This can be a problem in case of an inspection, because you cannot prove the notice was shown.
Does the bot icon or avatar clearly differ from a human? A human-face avatar without a written AI notice can be considered misleading.
Do phrases like "Connecting you with an agent" actually connect with a human? If an LLM is still in the background, it is misleading.
Is the AI notice in the same language as the rest of the site? Plugins often default to English. A French customer on a French site should see French text.

If you use another tool (Olark, Userlike, Smartsupp, Acquire, Front), the principle is the same: find the compliance, transparency or AI disclosure section in the panel and enable it. Most platforms added such settings in the first half of 2026 in response to the AI Act. If your platform lacks it, contact support and ask about AI Act compliance. If they do not respond by mid-July 2026, consider switching to another platform or adding the notice with your own code (path C below).

How to implement in WordPress, path C: your own code in the theme

If you have a developer, use a custom theme, or just prefer full control without another plugin, you can do everything with a few code snippets.

Add the following code at the end of the functions.php file in your active theme directory (best as a child theme, so a theme update does not overwrite it):

add_action('wp_footer', function () {
    if (is_admin()) return;
    ?>
    <div id="ai-info-banner" role="status" aria-live="polite">
        <strong>AI assistant.</strong>
        The first reply on the chat comes from a language model.
        For complex matters reach out via <a href="/contact">contact</a>.
    </div>
    <style>
        #ai-info-banner {
            position: fixed;
            bottom: 84px;
            right: 24px;
            max-width: 280px;
            padding: 10px 14px;
            background: #fff;
            border: 1px solid #c8d4e3;
            border-radius: 8px;
            box-shadow: 0 4px 12px rgba(0,0,0,0.08);
            font-size: 13px;
            line-height: 1.4;
            z-index: 9998;
        }
        #ai-info-banner strong { color: #d00; }
    </style>
    <?php
});

What the code does: on every subpage adds a fixed pill in the bottom-right corner with the notice that the first chat reply comes from AI. The pill does not block the chat widget itself (it is 84 pixels from the bottom, the chat is 60-70 pixels). The text is in English, red colour highlights "AI assistant".

Chat welcome message

If you use a simple chat plugin with a "Welcome message" field in settings, paste this:

Hi! I am [your name]'s AI assistant. I help with offer questions and route cases to the right people. If your case needs a human, type "human" or click "Connect with an agent" below.

Marking AI-generated images

Add to functions.php (child theme):

add_filter('wp_get_attachment_image_attributes', function ($attr, $attachment) {
    $is_ai = get_post_meta($attachment->ID, '_is_ai_generated', true);
    $ai_tool = get_post_meta($attachment->ID, '_ai_tool', true);

    if ($is_ai === '1') {
        $attr['data-ai-generated'] = 'true';
        if ($ai_tool) {
            $attr['data-ai-tool'] = esc_attr($ai_tool);
        }
        $current_alt = $attr['alt'] ?? '';
        $prefix = 'AI-generated image: ';
        if (strpos($current_alt, $prefix) === false) {
            $attr['alt'] = $prefix . $current_alt;
        }
    }
    return $attr;
}, 10, 2);

Plus add an "AI-generated" field to the media library:

add_filter('attachment_fields_to_edit', function ($fields, $post) {
    $value = get_post_meta($post->ID, '_is_ai_generated', true);
    $tool = get_post_meta($post->ID, '_ai_tool', true);
    $fields['is_ai_generated'] = [
        'label' => 'AI-generated',
        'input' => 'html',
        'html' => '<label><input type="checkbox" name="attachments['
                  . $post->ID . '][is_ai_generated]" value="1"'
                  . checked($value, '1', false) . '> Yes</label>'
                  . '<br><input type="text" name="attachments['
                  . $post->ID . '][ai_tool]" value="' . esc_attr($tool) . '"'
                  . ' placeholder="e.g. Midjourney v7, DALL-E 3">',
    ];
    return $fields;
}, 10, 2);

add_filter('attachment_fields_to_save', function ($post, $attachment) {
    if (isset($attachment['is_ai_generated'])) {
        update_post_meta($post['ID'], '_is_ai_generated', '1');
        if (!empty($attachment['ai_tool'])) {
            update_post_meta($post['ID'], '_ai_tool',
                            sanitize_text_field($attachment['ai_tool']));
        }
    } else {
        delete_post_meta($post['ID'], '_is_ai_generated');
        delete_post_meta($post['ID'], '_ai_tool');
    }
    return $post;
}, 10, 2);

What the two snippets do. The first adds an "AI-generated" checkbox to the media library where you can mark an image and add the tool name (Midjourney, DALL-E, Stable Diffusion). The second ensures that when such an image is shown on the site, the alt text automatically gets the "AI-generated image" prefix and a special HTML attribute that search engines and AI extractors can read.

For extra visibility in Google AI Overviews add a Schema.org ImageObject in the head of the page where the image appears:

<script type="application/ld+json">
{
  "@context": "https://schema.org",
  "@type": "ImageObject",
  "contentUrl": "https://yourdomain.com/uploads/2026/07/ai-diagram.png",
  "creator": {
    "@type": "SoftwareApplication",
    "name": "Midjourney v7"
  },
  "creditText": "AI-generated image",
  "isBasedOn": "https://www.midjourney.com"
}
</script>

Note under articles written with AI help

The simplest way in WordPress is the the_content filter, which appends text under every article tagged as partly AI-written:

add_filter('the_content', function ($content) {
    if (!is_single()) return $content;

    $post_id = get_the_ID();
    $ai_role = get_post_meta($post_id, '_ai_authorship', true);

    if (!$ai_role) return $content;

    $disclosure = '';
    if ($ai_role === 'ai-draft-human-edited') {
        $disclosure = '<aside class="ai-disclosure-footer" '
            . 'style="margin-top:32px;padding:16px;background:#fef3c7;'
            . 'border-left:4px solid #f59e0b;font-size:14px;">'
            . '<strong>AI notice:</strong> the first draft of this article '
            . 'was generated by an AI assistant. Editorial control and '
            . 'responsibility rest with the author.'
            . '</aside>';
    } elseif ($ai_role === 'ai-assisted') {
        $disclosure = '<aside class="ai-disclosure-footer" '
            . 'style="margin-top:32px;padding:16px;background:#fef3c7;'
            . 'border-left:4px solid #f59e0b;font-size:14px;">'
            . '<strong>AI notice:</strong> some sections of this text were '
            . 'created with an AI assistant (research, editing). Text written '
            . 'by the author, verified manually.'
            . '</aside>';
    }

    return $content . $disclosure;
});

Also add a field in the post editor where you can pick the AI role:

add_action('add_meta_boxes', function () {
    add_meta_box('ai-authorship', 'AI role in content', function ($post) {
        $current = get_post_meta($post->ID, '_ai_authorship', true);
        wp_nonce_field('save_ai_authorship', 'ai_authorship_nonce');
        ?>
        <p>
            <label>
                <input type="radio" name="ai_authorship" value=""
                       <?php checked($current, ''); ?>>
                Text written entirely by a human
            </label>
        </p>
        <p>
            <label>
                <input type="radio" name="ai_authorship" value="ai-assisted"
                       <?php checked($current, 'ai-assisted'); ?>>
                AI helped (research, editing), text written by a human
            </label>
        </p>
        <p>
            <label>
                <input type="radio" name="ai_authorship"
                       value="ai-draft-human-edited"
                       <?php checked($current, 'ai-draft-human-edited'); ?>>
                First draft written by AI, edited by a human
            </label>
        </p>
        <?php
    }, 'post', 'side', 'default');
});

add_action('save_post', function ($post_id) {
    if (!isset($_POST['ai_authorship_nonce'])) return;
    if (!wp_verify_nonce($_POST['ai_authorship_nonce'], 'save_ai_authorship')) return;
    if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return;
    if (!current_user_can('edit_post', $post_id)) return;

    $value = sanitize_text_field($_POST['ai_authorship'] ?? '');
    if ($value) {
        update_post_meta($post_id, '_ai_authorship', $value);
    } else {
        delete_post_meta($post_id, '_ai_authorship');
    }
});

What you get: in the post editor on the right side a new "AI role in content" panel appears with three options. Pick the right one, save the post. A yellow box will appear under the article with information about the AI role.

What to add to your privacy policy

Regardless of the implementation path, add a new section "Use of artificial intelligence" to your privacy policy. A template you can copy and adjust:

Use of artificial intelligence

On our site we use artificial intelligence (AI) systems in a manner compliant with Regulation (EU) 2024/1689 (AI Act). Below is a list of uses and information on which data flows through AI systems.

Chat assistant. The first replies in our chat are generated by the [model name, e.g. ChatGPT from OpenAI or Claude from Anthropic] language model. Your message is passed to that provider to get a response. We do not collect sensitive data through chat. If your case requires a human, contact us via the contact form.

AI-generated images. Some images on our site were generated by tools like Midjourney or DALL-E. Such images are marked in the alt text with a description starting with "AI-generated image".

Text content. Some articles on our blog were written with the help of an AI assistant. Every such article includes information about the AI role in the content. Final editing and substantive responsibility rest with the author.

Purpose and legal basis. We use AI to respond to client enquiries faster and to create content. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in efficient website operation and customer service.

AI model providers. We use models from the following providers: [list, e.g. OpenAI Ireland Limited, Anthropic PBC]. Each of them processes data according to its own privacy policy and standards for transferring data outside the European Economic Area.

Your rights. You have the right to know whether content you encounter has been generated or modified by AI. You can request access to your data, deletion, or transfer. Contact us via the contact form.

Copy this template, replace the brackets with your details, add it to your existing privacy policy as a new section. Time: 15 to 30 minutes.

Checklist before August 2, 2026

A short list I recommend going through once before the deadline and then once per quarter as an audit:

AI inventory on the site. List all places where you use AI: chat, text generators, images, voiceover, recommendations, SEO plugins with AI.
Table check. For each item in the inventory see if the table above marks it as covered by Article 50.
Chat: welcome message. The first message in every chat scenario contains the words "AI assistant" or equivalent.
Chat: notice pill. On every page with chat there is a visible pill (or banner) informing about AI.
AI images: tagged in the library. In the media library every AI-generated image has the "AI-generated" checkbox set and the tool name written.
AI images: alt text. Alt text of AI images starts with "AI-generated image".
AI articles: note under the text. Every article with AI involvement has a yellow box with information about the AI role.
Privacy policy. "Use of artificial intelligence" section is added and complete.
Newsletter and mailing. If you use AI to generate email content (subject lines, body, personalisation), add a note to the email footer.
Plugin check. Plugins updated to the latest versions that include AI Act compliance features.

Time for the full list: first pass 4 to 8 hours (depending on how many places use AI). Subsequent quarterly audits: 1 to 2 hours.

Fines and who enforces in Poland

The sanctions system in Article 99 of the AI Act has three tiers.

Type of violation	Max fine
Prohibited AI practices (Article 5)	EUR 35 million or 7 percent of global annual turnover
Other obligations (including Article 50 transparency)	EUR 15 million or 3 percent of global annual turnover
Incorrect or incomplete information to supervisory authorities	EUR 7.5 million or 1 percent of global turnover

For micro and small businesses (Article 99 § 6) the lower of the two thresholds applies (amount or percent), which technically protects small companies from catastrophic fines. In practice these are still very high sums.

In Poland, based on the draft Act on AI Systems (status as of June 2026: in legislative process, likely passage in Q3 2026), supervision will be split between several authorities.

The President of UODO keeps competence wherever AI touches personal data. That covers most small business cases: chatbots collecting user data, profiling, deepfakes of persons.

The Commission for the Development and Safety of Artificial Intelligence (planned name, final may change) will be the authority for high-risk AI in Annex III (recruitment, credit scoring, education, critical infrastructure).

UOKiK (Office of Competition and Consumer Protection) will handle AI in advertising and unfair market practices (for example a chatbot pretending to be human for sales).

KNF (Financial Supervision Authority) for AI in the financial sector, UKE for telecommunications.

Uncertainty about which Polish authority will enforce a specific case is one of the main issues of the early period after August 2, 2026. Practical advice: if you use AI in a way covered by Article 50, document in your privacy policy which models you use, for what purpose and which data flows through. That helps in case of an inspection, regardless of which authority knocks.

Frequently asked questions

Does the AI Act apply to my .pl domain store?

Yes, if you run business activity in Poland or in the European Union, regardless of the domain. The .pl, .com, .eu extension does not matter. What counts is where the company is registered and where services are provided.

Do the obligations apply only to large companies?

No. Article 50 covers every company, regardless of size. A micro-business with a single WordPress site is subject the same way as Allegro. The only difference is in the fine amounts (Article 99 § 6 applies the lower of the two thresholds for small businesses).

Does an old Tidio chat plugin, which does not use AI but only canned rules, fall under the obligations?

No. If the chat is based only on rules like "if the customer writes X, reply Y" without using a language model, it is not AI under the AI Act. However, if you enabled the Lyro AI feature in Tidio or any ChatGPT integration, then yes.

Do I have to inform about AI in every message, or is once enough?

Once is enough, at the first interaction. Paragraph 5 of Article 50 says the information must be "at the latest at the time of the first interaction or exposure". In practice the welcome message of the chat plus a visible pill in the page footer is usually enough.

What if I use AI only internally, to generate notes for myself, but do not publish them on the site?

Internal use of AI is not subject to Article 50. The obligations only cover situations when AI generates something the site visitor sees or hears.

Do images from stock photo banks (Shutterstock, Unsplash) need to be marked?

Traditional photographs from photographers do not. But if you use images from the "AI-generated" section in Shutterstock or Adobe Stock, yes.

Must the information be in the local language, or is English enough?

If the site is aimed at local customers, the information should be in the local language. If you have an English version of the site, in the English version it should be in English. Rule: in the language of the rest of the site.

Does a bot avatar showing a cartoon character (no human face) need additional information?

Yes, it still does. The cartoon itself does not exempt you from the obligation. You need a written notice that this is AI. An avatar showing an animal, robot or abstract graphic is less risky, but the rule of paragraph 1 (interaction with AI must be recognisable) still applies.

Does an article I only ran through ChatGPT for grammar and style checking need a note?

No, if AI only corrected text you wrote yourself. Grammar fixes, style suggestions, spelling check are not "generating text" under paragraph 4. A note is required for text where a significant part was written by an AI model.

How do I prove the article was written by a human if someone challenges?

I recommend keeping a simple log: date of first draft, who wrote it, whether AI was used and to what extent. It can be a simple Google Sheet or a note in the WordPress admin (if you use a revision-tracking plugin).

What about AI translations?

Translating text from one language to another via AI (DeepL, Google Translate) usually does not require a separate notice. Argument: translation is not "generating content", just rendering content written by a human. Practice and Commission interpretation may change, watch UODO communications in late 2026.

Can I use an AI product description generator in WooCommerce without information?

Product descriptions are "text" under paragraph 4. If it is a typical product description (specs, features), low harm and no public interest, technically no note required. I recommend, however, adding a small note in the footer of each product page like "Product descriptions partly generated by AI, reviewed by us for accuracy". It builds trust.

What does not come on August 2, 2026

To avoid misunderstandings, several things from the AI Act arrive later.

Full application of high-risk AI obligations (Annex III: recruitment, credit scoring, education, critical infrastructure) starts on August 2, 2027. Most small businesses are not affected, but if you run for example a recruitment agency with AI CV filtering, you have a year more to prepare.

Full AI Office database (registry of general-purpose AI models, codes of practice) is being built gradually. You do not need to register anywhere as a deployer.

Regulatory sandbox for AI in Poland is planned to launch in 2027 by the Ministry of Digital Affairs. An optional path for companies that want to test innovative AI systems under regulator supervision.

AI Liability Directive (separate act on civil liability for AI-caused damages) is in the EU legislative process, likely entry-into-force 2027 or 2028.

What next

AI Act Article 50 is the beginning of a new era of labelling AI-generated content. After August 2, 2026 expect:

Communications from UODO and the new AI Commission (once established) interpreting specific cases.
The first high-profile enforcement cases in the EU (likely from Germany or France, where regulators are most aggressive) in Q4 2026 or Q1 2027.
Updates to popular WordPress and WooCommerce plugins adding AI Act-compliant features by default.
Emergence of Polish industry standards for AI in hosting, e-commerce and finance.

If you want to go deeper into AI and websites, two related articles:

Generative Engine Optimization (GEO). How to get into ChatGPT and Claude answers. Covers the technical side worth combining with AI Act.
AI agent in your WooCommerce store. How MCP works, how to enable agentic commerce in your store. The obligation to inform about AI also surfaces here.

If you want me to run an AI Act audit for your site (chat check, images, content, privacy policy plus concrete implementation recommendations), reach out through the contact form. A standard audit is 2 to 3 hours of work plus a written report.