{"id":31919,"date":"2026-07-05T08:00:00","date_gmt":"2026-07-05T06:00:00","guid":{"rendered":"https:\/\/pegamento.nl\/niet-gecategoriseerd\/how-will-the-ai-act-affect-customer-service-departments\/"},"modified":"2026-07-05T10:00:38","modified_gmt":"2026-07-05T08:00:38","slug":"how-will-the-ai-act-affect-customer-service-departments","status":"publish","type":"post","link":"https:\/\/pegamento.nl\/en\/contact-center\/how-will-the-ai-act-affect-customer-service-departments\/","title":{"rendered":"How will the AI Act affect customer service departments?"},"content":{"rendered":"<p>The AI Act has direct implications for customer service departments that use AI tools for customer interactions, automation, or decision-making. Depending on how you use AI, you\u2019ll be subject to either light transparency requirements or stricter requirements for high-risk systems. In this article, we answer the most frequently asked questions about what the <a href=\"https:\/\/pegamento.nl\/en\/ai-powered-intelligence\/\">AI Act means for customer service<\/a> and how to properly prepare your organization.  <\/p>\n<h2>Which AI applications in customer service are covered by the AI Act?<\/h2>\n<p>Most AI applications in customer service fall under the <strong>\u201climited risk\u201d<\/strong> or <strong>\u201cminimal risk\u201d<\/strong> categories under the AI Act. Examples include chatbots, virtual assistants, and automated email processing. These systems are largely unregulated, but they must comply with transparency requirements whenever they communicate with people.  <\/p>\n<p>In practical terms, this means that a chatbot or voice-based AI assistant must always clearly inform users that they are communicating with an AI system and not with a human. This will take effect on February 2, 2025, as the transparency requirements are already in force. <\/p>\n<p>However, there are situations in which customer service AI does fall into the high-risk category. This is the case when the system: <\/p>\n<ul>\n<li>Profiling individual customers to make decisions about access to essential services, such as credit or insurance<\/li>\n<li>Automatically determines whether someone is eligible for a service or product based on personal characteristics<\/li>\n<li>Used for emergency calls or urgent services where errors have direct consequences for safety<\/li>\n<li>Emotion recognition applied in the workplace, for example, to monitor employees<\/li>\n<\/ul>\n<p>AI systems that perform only routine tasks, such as forwarding messages or retrieving information from a knowledge base, generally fall outside the high-risk definition. However, as soon as a system makes independent decisions that directly affect customers, the classification changes. <\/p>\n<h2>What are the requirements for high-risk AI in customer interactions?<\/h2>\n<p>If an AI system used in your customer service is classified as high-risk, significantly stricter requirements apply. The most stringent requirements fall on the system provider, but as the deployer\u2014the organization that implements the system\u2014you also have clear responsibilities. <\/p>\n<h3>Requirements for Providers of High-Risk AI<\/h3>\n<p>Companies that develop and market high-risk AI systems must, among other things:<\/p>\n<ul>\n<li>Establish a continuous risk management system throughout the system&#8217;s entire lifecycle<\/li>\n<li>Maintain technical documentation in accordance with the requirements of Annex IV of the AI Act<\/li>\n<li>Enable automatic event logging<\/li>\n<li>Systematically incorporate human oversight into the system&#8217;s design<\/li>\n<li>Apply for CE marking and a declaration of conformity<\/li>\n<li>Registering the system in the European AI database<\/li>\n<\/ul>\n<h3>Requirements for Deployers in Customer Service<\/h3>\n<p>If your customer service department deploys a high-risk AI system from a third-party vendor, you are the deployer. Your obligations are more limited, but they are not without responsibility: <\/p>\n<ul>\n<li>Use the system as specified by the provider<\/li>\n<li>Assign human supervision to qualified and trained employees<\/li>\n<li>Retain logs for at least six months<\/li>\n<li>Informing employees about the use of the AI system before it is put into use (Article 26(7))<\/li>\n<li>Conduct a data protection impact assessment (DPIA) where applicable<\/li>\n<\/ul>\n<p>In addition, under Article 86, customers have the right to request an explanation of decisions made about them by a high-risk AI system. So make sure you are able to provide that explanation. <\/p>\n<h2>When must a customer service department comply with the AI Act?<\/h2>\n<p>The AI Act will be implemented in phases. For customer service departments, three dates are most relevant. The prohibited practices and the AI literacy requirement will take effect on February 2, 2025. The requirements for high-risk systems will become fully enforceable on August 2, 2026.   <\/p>\n<p>Here is the specific timeline:<\/p>\n<ol>\n<li><strong>Effective February 2, 2025:<\/strong> Prohibited AI applications are no longer allowed. Examples include manipulative techniques, emotion recognition in the workplace, and social scoring. The AI literacy requirement is also in effect, which means that employees must have a basic understanding of AI.  <\/li>\n<li><strong>Effective August 2, 2025:<\/strong> Requirements for providers of General Purpose AI (GPAI) models are in effect. Fines may already be imposed. <\/li>\n<li><strong>Effective August 2, 2026:<\/strong> Most requirements for high-risk Annex III systems will become enforceable. This is the date by which customer service organizations that use high-risk AI must be fully compliant. <\/li>\n<\/ol>\n<p>So don\u2019t wait until 2026 to get started. Setting up an AI registry, assessing your systems, and training employees takes time. Organizations that are already taking action now will be in a much stronger position down the road.  <\/p>\n<h2>How does the AI Act differ from the GDPR for customer service teams?<\/h2>\n<p>The AI Act and the GDPR complement each other but address different risks. The GDPR protects personal data and regulates how it is processed. The AI Act regulates AI systems themselves, regardless of whether they process personal data. For customer service teams, this means you must apply both frameworks in parallel.   <\/p>\n<p>A few specific differences:<\/p>\n<ul>\n<li><strong>Scope:<\/strong> The GDPR applies to all processing of personal data. The AI Act applies specifically to AI systems and their impact on people, even when no personal data is involved. <\/li>\n<li><strong>Risk Model:<\/strong> The GDPR is based on the principles of data minimization and purpose limitation. The AI Act uses risk levels to determine how strict the requirements are. <\/li>\n<li><strong>Transparency:<\/strong> Both laws require transparency, but the AI Act adds a specific requirement: users must know when they are interacting with an AI, even if no personal data is being processed.<\/li>\n<li><strong>Overlap in DPIA:<\/strong> For high-risk AI that also processes personal data, both an AI Act compliance assessment and a GDPR DPIA are required. These processes may overlap, and you can combine them effectively. <\/li>\n<\/ul>\n<p>For the day-to-day operations of a customer service department, this means: the GDPR compliance measures you\u2019ve already put in place are a good foundation, but they\u2019re not enough. The AI Act requires additional documentation, risk assessments, and governance specifically related to your AI systems. <\/p>\n<h2>What do customer service representatives need to know about AI transparency?<\/h2>\n<p>Customer service representatives must understand that the AI Act establishes two types of transparency requirements: transparency toward customers and transparency within the organization. Both are relevant to day-to-day work practices. <\/p>\n<p>When it comes to customers, any AI application that communicates directly with people must identify itself as AI. A chatbot that conducts conversations, a voicebot that handles incoming calls, or a system that sends automated emails must clearly indicate this. Employees who receive complaints about AI interactions must know how to handle them properly and where customers can exercise their rights.  <\/p>\n<p>The AI literacy requirement (Article 4) is already in effect. This means that organizations must train their employees in the basics of AI: what it is, how it works, and what its limitations are. Employees do not need to become technical experts, but they must:  <\/p>\n<ul>\n<li>Understanding which AI systems they use every day<\/li>\n<li>Knowing When an AI Decision Requires Human Oversight<\/li>\n<li>Being able to accurately inform customers about the use of AI in customer interactions<\/li>\n<li>Recognizing signs that an AI system is producing inaccurate or biased results<\/li>\n<\/ul>\n<p>Automation bias\u2014the blind reliance on AI recommendations without critical thinking\u2014is a specific risk that the AI Act aims to address. Employees must be trained to view AI as a tool and not as an infallible decision-maker. <\/p>\n<h2>How do you prepare a customer service department for the AI Act?<\/h2>\n<p>Preparing for the AI Act starts with a clear overview of all the AI systems you use. Without that inventory, you won\u2019t know which obligations apply to you. A structured four-step approach will help you get started.  <\/p>\n<ol>\n<li><strong>Create an AI registry:<\/strong> Document all the AI systems you use, including their purpose, vendor, and the role your organization plays (deployer, provider, or something in between).<\/li>\n<li><strong>Classify your systems:<\/strong> Determine the risk level for each system. Most customer service tools fall under the &#8220;limited&#8221; or &#8220;minimal&#8221; risk categories, but be sure to verify this explicitly for systems that make decisions about customers. <\/li>\n<li><strong>Review contracts with suppliers:<\/strong> Ensure that suppliers of AI systems fulfill their obligations as providers. Request technical documentation, user manuals, and information on how human oversight is built into the system. <\/li>\n<li><strong>Train your employees:<\/strong> Invest in AI literacy for everyone who works with AI systems. This is not only a legal requirement, but also a way to improve the quality of your customer interactions. <\/li>\n<\/ol>\n<p>Organizations that use multiple providers for phone services, chat, WhatsApp, and email are at greater risk of compliance gaps. If systems do not communicate with one another and there is no central overview, it is also virtually impossible to properly implement AI Act requirements such as logging and human oversight. <\/p>\n<h2>How Pegamento Helps Ensure AI Act Compliance in Customer Service<\/h2>\n<p>As a customer service department, you want to use AI to better assist customers, not to get bogged down in compliance issues. We help organizations achieve both goals at the same time: smart AI implementation that also complies with the requirements of the AI Act. <\/p>\n<p>Our <a href=\"https:\/\/pegamento.nl\/en\/agentic-ai-for-customer-service\/\">Agentic AI for customer service<\/a> goes beyond traditional automation. Whereas classic RPA bots follow instructions, our Agentic AI assistants take the initiative on their own: they think along with you, act proactively, and scale up when necessary. We don\u2019t do this with expensive custom solutions, but with a smart combination of proven standard building blocks that we configure to fit your situation.  <\/p>\n<p>Here&#8217;s what we specifically offer to help you prepare for the AI Act:<\/p>\n<ul>\n<li>Transparent AI systems that identify themselves to customers, in accordance with transparency requirements<\/li>\n<li>Built-in human oversight, so employees can always take control<\/li>\n<li>Logging and reporting on all customer contact channels from a single central platform<\/li>\n<li>Support for classifying AI systems and preparing documentation<\/li>\n<li>Everything under one roof: from implementation to management and support, without a complex supplier structure<\/li>\n<\/ul>\n<p>We are ISO 27001-certified for information security, supplemented by ISO 9001 and ISO 26000, which means that compliance and quality are systematically ensured at our company. Would you like to know how your customer service department is currently performing and what it takes to operate in compliance with the AI Act? <a href=\"https:\/\/pegamento.nl\/en\/contact-2\/\">Contact us<\/a>, and we\u2019d be happy to help you figure it out. <\/p>\n        <div class=\"wp-block-seoaic-faq-block\">\n            <h2 class=\"seoaic-faq-section-title\">Frequently Asked Questions<\/h2>\n                            <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What happens if my organization does not comply with the AI Act?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        In the event of non-compliance with the AI Act, regulators can impose substantial fines. For violations of the most serious obligations, such as the use of prohibited AI practices, fines can reach up to 35 million euros or 7% of global annual revenue. For less serious violations, such as failing to comply with transparency obligations, the fines are lower but still significant: up to 15 million euros or 3% of revenue. In addition to financial penalties, you also risk reputational damage among customers who are becoming increasingly aware of their AI rights.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        How do I know if an AI tool from a third-party provider is AI Act-compliant?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Explicitly ask your provider for technical documentation, a statement of compliance, and information on how human oversight is built into the system. For high-risk systems, providers are required to provide this documentation in accordance with Annex IV of the AI Act. Also verify whether the provider has registered the system in the European AI database and whether clear instructions for use are available. If a supplier is vague about this, that is a significant red flag to be critical about the partnership.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        My organization uses a chatbot that sometimes uses human names. Is that allowed?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        No, this violates the transparency requirements of the AI Act, which have been in effect since February 2, 2025. An AI system that communicates with people must always clearly indicate that it is an AI, even if it has a human name or personality. This applies to chatbots, voicebots, and automated email systems. Adjust your chatbot\u2019s settings so that, at the start of every conversation, it explicitly states that the customer is communicating with an AI assistant.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        How do I handle customers who ask for an explanation of an AI decision?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Under Article 86 of the AI Act, customers have the right to request an explanation of decisions made about them by a high-risk AI system, such as a rejection based on an automated assessment. Ensure that your customer service representatives know which AI systems make high-risk decisions and that they have access to the information needed to explain those decisions. Establish internal procedures for how this process will be handled and who is responsible for responding to such requests.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        Does the AI literacy requirement also apply to employees who use AI only indirectly?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        The AI literacy requirement (Article 4) applies to all employees who work with AI systems, even if only indirectly. Think of a team leader who reviews reports generated by AI, or an employee who processes customer files that have been pre-sorted by AI. The level of training does not have to be the same for everyone: employees who actively use AI on a daily basis need more in-depth knowledge than colleagues who only have indirect contact with it. Tailor the training program to the extent of AI use for each role.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What is an AI registry, and how do I start creating one?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        An AI registry is an internal document in which you record all AI systems within your organization, including their purpose, vendor, risk level, and the role your organization plays. Start simple: make a list of all the tools you use for customer contact, automation, or decision-making, and note for each tool who the provider is and what the system actually does. Then, for each system, add the risk level based on the AI Act categories. This register is not only useful for compliance but also for internal governance and supplier management.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        As a deployer, do I need to take any action if my AI supplier ceases operations or makes significant changes to the system?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Yes, as a deployer, you are responsible for ensuring the continuity and proper functioning of the AI system you deploy. If a supplier makes significant changes to the system, you must reassess whether the system still meets the AI Act requirements and whether the risk classification is still accurate. Ensure that contracts stipulate that suppliers inform you in a timely manner of any significant changes, updates, or the discontinuation of the system. This will help you avoid unexpected compliance gaps and allow you to take alternative measures in a timely manner.                    <\/p>\n                <\/div>\n                        <\/div>\n        ","protected":false},"excerpt":{"rendered":"<p>The AI Act is already affecting customer service\u2014find out what requirements apply and how to prepare your organization.<\/p>\n","protected":false},"author":2,"featured_media":31920,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[500],"tags":[],"class_list":["post-31919","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-contact-center"],"_links":{"self":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/31919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/comments?post=31919"}],"version-history":[{"count":2,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/31919\/revisions"}],"predecessor-version":[{"id":31922,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/31919\/revisions\/31922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/media\/31920"}],"wp:attachment":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/media?parent=31919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/categories?post=31919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/tags?post=31919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}