AI Act for Retail & E-commerce: Which AI Systems Are High-Risk and What You Must Do

Under the EU AI Act (Regulation 2024/1689), the following AI applications in Retail & E-commerce are classified as high-risk and require full conformity assessment. Article 50 transparency obligations apply from 2 August 2026; Annex III high-risk obligations are expected 2 December 2027 under the Digital Omnibus (pending formal adoption — until then, the original 2 August 2026 deadline remains law):

Generally minimal risk. Exceptions: biometric customer tracking, emotion recognition, dynamic pricing affecting essential services

These systems fall under Article 50 transparency, Article 5 (emotion recognition ban in certain contexts). Providers must implement risk management (Article 9), maintain technical documentation (Article 11), ensure data governance (Article 10), and enable human oversight (Article 14).

Transparency for chatbots/virtual assistants. No emotion recognition for in-store surveillance. Disclosure of AI-generated content.

Providers (developers of AI systems) bear primary compliance responsibility: conformity assessment, CE marking, EU database registration, and post-market monitoring.

Deployers (companies using AI systems) must ensure human oversight, conduct Fundamental Rights Impact Assessments where required, and maintain usage logs.

AI Act Article 50 transparency obligations take effect 2 August 2026. Annex III high-risk obligations are expected 2 December 2027, pending formal adoption of the Digital Omnibus. No AI Act enforcement precedent currently exists. This page will be updated as enforcement cases emerge.

Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover for prohibited practices, and EUR 15 million or 3% for other violations.

• AI Act High-Risk Classification Guide
• Conformity Assessment: Step-by-Step
• Fines and Penalties Across EU
• August 2026 Deadline Checklist