AI Act for Telecommunications: Which AI Systems Are High-Risk and What You Must Do

Under the EU AI Act (Regulation 2024/1689), the following AI applications in Telecommunications are classified as high-risk and require full conformity assessment. Article 50 transparency obligations apply from 2 August 2026; Annex III high-risk obligations are expected 2 December 2027 under the Digital Omnibus (pending formal adoption — until then, the original 2 August 2026 deadline remains law):

Network security AI as critical infrastructure, automated customer service, fraud detection

These systems fall under Annex III category 2(a) critical infrastructure, NIS2 interaction. Providers must implement risk management (Article 9), maintain technical documentation (Article 11), ensure data governance (Article 10), and enable human oversight (Article 14).

Critical infrastructure conformity. NIS2 + AI Act dual compliance. Network resilience requirements. Customer transparency.

Providers (developers of AI systems) bear primary compliance responsibility: conformity assessment, CE marking, EU database registration, and post-market monitoring.

Deployers (companies using AI systems) must ensure human oversight, conduct Fundamental Rights Impact Assessments where required, and maintain usage logs.

AI Act Article 50 transparency obligations take effect 2 August 2026. Annex III high-risk obligations are expected 2 December 2027, pending formal adoption of the Digital Omnibus. No AI Act enforcement precedent currently exists. This page will be updated as enforcement cases emerge.

Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover for prohibited practices, and EUR 15 million or 3% for other violations.

• AI Act High-Risk Classification Guide
• Conformity Assessment: Step-by-Step
• Fines and Penalties Across EU
• August 2026 Deadline Checklist