{"id":32243,"date":"2026-07-09T08:00:00","date_gmt":"2026-07-09T06:00:00","guid":{"rendered":"https:\/\/pegamento.nl\/niet-gecategoriseerd\/what-does-the-ai-act-mean-for-automated-processes-in-customer-service\/"},"modified":"2026-07-09T10:00:47","modified_gmt":"2026-07-09T08:00:47","slug":"what-does-the-ai-act-mean-for-automated-processes-in-customer-service","status":"publish","type":"post","link":"https:\/\/pegamento.nl\/en\/contact-center\/what-does-the-ai-act-mean-for-automated-processes-in-customer-service\/","title":{"rendered":"What does the AI Act mean for automated processes in customer service?"},"content":{"rendered":"<p>The AI Act has direct implications for automated processes in customer service. Organizations that use AI for customer interactions\u2014from chatbots to automated decisions on service requests\u2014must comply with new European regulations that will take effect in phases between 2025 and 2027. Whether you run a contact center or are responsible for <a href=\"https:\/\/pegamento.nl\/en\/ai-powered-intelligence\/\">AI-driven solutions<\/a> within your organization, the law directly affects you. In this article, we answer the most frequently asked questions about the AI Act and what it means for your customer service organization.   <\/p>\n<h2>Which automated customer service processes fall under the AI Act?<\/h2>\n<p>The AI Act applies to any AI system you use in your customer service process, as long as that system produces output\u2014such as predictions, recommendations, decisions, or generated text\u2014that affects customers or employees. This applies to organizations operating in the EU, regardless of where the technology itself originates. <\/p>\n<p>Specifically, the following applications are covered by the law:<\/p>\n<ul>\n<li>Chatbots and virtual assistants that answer customer questions<\/li>\n<li>Automated call routing via intelligent IVR systems<\/li>\n<li>AI systems that predict customer satisfaction or customer behavior<\/li>\n<li>Automated processing of customer requests or complaints<\/li>\n<li>Systems that provide real-time guidance to employees during a conversation<\/li>\n<li>Process automation in which AI makes decisions regarding service requests<\/li>\n<\/ul>\n<p>Not all of these applications fall into the same risk category. The law makes a clear distinction based on the potential risk posed by a system. Simple FAQ chatbots without decision-making authority are treated differently from systems that determine whether a customer is granted access to an essential service.  <\/p>\n<h2>What are the risk categories under the AI Act for customer service?<\/h2>\n<p>The AI Act identifies four risk levels: prohibited AI, high-risk AI, limited-risk AI, and minimal-risk AI. For customer service, the middle two categories are particularly relevant. Most standard customer service applications fall into the limited-risk or minimal-risk categories, but there are exceptions that require extra attention.  <\/p>\n<h3>Limited risk: transparency requirement<\/h3>\n<p>Most chatbots, virtual assistants, and automated response systems fall into the \u201climited risk\u201d category. The primary requirement for these is transparency: customers must know that they are communicating with an AI system. Further technical requirements are limited, but the obligation to be honest about the nature of the system is binding.  <\/p>\n<h3>High risk: strict requirements<\/h3>\n<p>A customer service system is classified as high-risk when it makes decisions that affect access to essential services. Examples include AI that determines whether a customer is eligible for a loan, insurance, or utility service. Systems that profile natural persons also always fall into the high-risk category, regardless of the context. This is a point that many customer service organizations underestimate when implementing advanced process automation.   <\/p>\n<h2>What requirements apply to high-risk AI in contact centers?<\/h2>\n<p>If you deploy a high-risk AI system in your contact center, significantly stricter requirements apply. The distinction here is between the provider (the party that develops and markets the system) and the deployer (the organization that uses the system). As a customer service organization, you are, in most cases, the deployer.  <\/p>\n<p>As a deployer of a high-risk system, you are required to:<\/p>\n<ul>\n<li>Use the system only in accordance with the provider&#8217;s instructions<\/li>\n<li>Assign human supervision to competent and trained employees<\/li>\n<li>Log files must be retained for at least six months<\/li>\n<li>Informing employees before the system is put into use (Article 26(7))<\/li>\n<li>Conduct a data protection impact assessment (DPIA) where applicable<\/li>\n<\/ul>\n<p>A key concern is the risk of automation bias: employees who rely too heavily on AI recommendations without thinking critically. The law explicitly requires that the design of high-risk systems effectively enable human oversight and that employees are trained to actually exercise this oversight. Furthermore, under Article 86, customers who are subject to a decision made by a high-risk system may request an explanation of the factors that determined the decision.  <\/p>\n<h2>When should a customer know that they are talking to an AI?<\/h2>\n<p>A customer must always be aware that they are communicating with an AI system whenever an interaction occurs that could reasonably be perceived as human contact. This is one of the transparency requirements that apply to low-risk AI systems, and the requirement takes effect on August 2, 2026, for most customer service applications. <\/p>\n<p>In practice, this means that your chatbot, voicebot, or virtual assistant must clearly identify itself as AI at the start of a conversation. It must be clear to the customer whether they are communicating with a human or a machine. This also applies when an AI system generates text that is then sent by an employee, if that text is not marked as AI-generated.  <\/p>\n<p>There is an exception for situations where the context already makes the use of AI second nature to the average person, but in a customer service setting, it\u2019s wise not to rely on this. Furthermore, transparency regarding the use of AI strengthens customer trust, which contributes to a better customer experience in the long run. <\/p>\n<h2>What are the consequences of noncompliance with the AI Act?<\/h2>\n<p>The fines for non-compliance with the AI Act are substantial and comparable in scale to those under the GDPR. The amount depends on the nature of the violation and the size of the organization. The provisions regarding fines will take effect on August 2, 2025.  <\/p>\n<p>The penalty structure has three levels:<\/p>\n<ul>\n<li><strong>Prohibited Practices (Article 5):<\/strong> up to 35 million euros or 7% of global annual revenue<\/li>\n<li><strong>Other liabilities:<\/strong> up to 15 million euros or 3% of global annual revenue<\/li>\n<li>Providing <strong>false information to authorities:<\/strong> up to 7.5 million euros or 1% of annual revenue<\/li>\n<\/ul>\n<p>For SMEs, the lower of the percentage or the fixed amount applies in each case. In addition to financial penalties, noncompliance also carries reputational risks. Customers and partners increasingly value the responsible use of technology, and enforcement action by a regulator can seriously damage trust in your organization. In January 2026, Finland became the first member state to grant enforcement powers to its national authority, a sign that the law is being taken seriously.   <\/p>\n<h2>How do you prepare a customer service organization for the AI Act?<\/h2>\n<p>Preparing for the AI Act starts with a clear overview of all AI systems you currently use or plan to use in your customer service processes. Without this overview, it is impossible to determine which obligations apply to you. <\/p>\n<p>A practical approach consists of the following steps:<\/p>\n<ol>\n<li><strong>Take stock of your AI applications:<\/strong> Identify which systems use AI, including process automation, chatbots, and decision-support tools.<\/li>\n<li><strong>Classify the risk level:<\/strong> Determine which risk category each system falls into based on the criteria set forth in the AI Act.<\/li>\n<li><strong>Check the vendors&#8217; documentation:<\/strong> Ask vendors whether their systems meet the requirements for your use case and whether the necessary documentation is available.<\/li>\n<li><strong>Assign human oversight:<\/strong> Ensure that for each high-risk system, a designated, trained employee is responsible for oversight.<\/li>\n<li><strong>Ensure transparency:<\/strong> Adjust your communication so that customers always know when they are interacting with AI.<\/li>\n<li><strong>Train your employees:<\/strong> AI literacy will be mandatory starting February 2, 2025. Employees must understand how AI systems work and what their limitations are. <\/li>\n<li><strong>Retain logs:<\/strong> Establish processes to retain log files from high-risk systems for at least six months.<\/li>\n<\/ol>\n<p>Be sure to keep an eye on the implementation timeline as well. Most of the requirements for high-risk Annex III systems take effect on August 2, 2026, which is the most relevant deadline for many customer service organizations. So start preparing now to ensure you\u2019re compliant in time.  <\/p>\n<h2>How Pegamento Helps Ensure AI Act Compliance in Customer Service<\/h2>\n<p>We understand that the AI Act can seem complex to many customer service organizations, especially if you\u2019re already struggling with fragmented systems and multiple vendors. Through our \u201cone-stop-shop\u201d approach, we help you not only implement smart technology, but also use it responsibly and in compliance with regulations. <\/p>\n<p>What we specifically offer:<\/p>\n<ul>\n<li><strong>Customized solutions using standard building blocks:<\/strong> No costly custom development, but smart combinations of proven modules that fit your situation and meet the requirements of the AI Act.<\/li>\n<li><strong>Agentic AI for Customer Service:<\/strong> Our <a href=\"https:\/\/pegamento.nl\/en\/agentic-ai-for-customer-service\/\">Agentic AI assistants<\/a> represent an evolution from task-oriented bots to self-thinking assistants that take the initiative on their own. They are designed with human oversight as a fundamental principle, which is fully in line with legal requirements. <\/li>\n<li><strong>Transparent architecture:<\/strong> Our systems are documented and traceable, so you can always demonstrate how decisions are made.<\/li>\n<li><strong>A single point of contact:<\/strong> From implementation to management and support\u2014no complex supplier structures that complicate compliance.<\/li>\n<li><strong>ISO 27001-certified security:<\/strong> Our information security is certified under ISO 27001, supplemented by ISO 9001 and ISO 26000, which aligns with the security requirements of the AI Act.<\/li>\n<\/ul>\n<p>Would you like to know how your customer service organization is faring in terms of AI Act compliance? <a href=\"https:\/\/pegamento.nl\/en\/contact-2\/\">Contact us<\/a>, and we\u2019d be happy to help you figure it out.<\/p>\n        <div class=\"wp-block-seoaic-faq-block\">\n            <h2 class=\"seoaic-faq-section-title\">Frequently Asked Questions<\/h2>\n                            <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        Does the AI Act apply even if we use an AI tool from a U.S. or other non-European provider?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Yes, the AI Act applies to all organizations operating in the EU, regardless of where the technology comes from. As a deployer, you are responsible for complying with the obligations that apply to your use of the system. It is therefore essential to check with your supplier to ensure their system meets the AI Act requirements and that the necessary technical documentation is available.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What if our supplier cannot provide the proper documentation for a high-risk system?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        As a deployer, you are required to use the system exclusively in accordance with the provider\u2019s instructions, including the accompanying documentation. If that documentation is missing, your organization itself runs the risk of non-compliance. In that case, it is advisable to formally request that your supplier provide the documentation, or to consider switching to a provider that demonstrably complies with the AI Act requirements.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        How specific must the notification to customers be regarding their interaction with AI?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        The notification must be clear and understandable to the average customer, preferably at the beginning of the interaction. A short sentence such as \u2018You are now communicating with a virtual assistant\u2019 is sufficient in most cases. Vague wording or fine print in the terms and conditions is not enough; the transparency requirement mandates that the customer be actively and promptly informed, not after the fact.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        Does an AI tool that our employees use internally, but that does not communicate directly with customers, also fall under the AI Act?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        That depends on the system\u2019s function. An AI tool that advises employees in real time during customer conversations, or that supports decisions regarding service requests, does fall under the AI Act. The obligation to inform employees about its use (Article 26(7)) and to ensure human oversight also applies to internal systems. Systems used purely for internal productivity without any impact on customers or service decisions generally fall outside the scope.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        Our organization is an SME. Do the same rules apply to us as to large companies?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        The substantive obligations of the AI Act apply to all organizations, large or small. The difference lies in the fine structure: for SMEs, the lower of a fixed amount or a percentage of annual revenue always applies, which limits the financial impact. The European Commission has also indicated that support measures will be introduced for SMEs, such as access to regulatory sandboxes. Nevertheless, timely preparation is also important for smaller organizations, because the obligations themselves are no less stringent.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What is the biggest practical risk if we don\u2019t take any action now regarding AI Act compliance?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        The biggest immediate risk is that, as of August 2, 2025, you will already be liable for fines for violations of the penalty provisions, while the transparency obligations for most customer service applications take effect on August 2, 2026. In addition to financial penalties, the reputational risk is just as significant: customers and business partners increasingly value responsible AI use, and it is difficult to recover from enforcement action by a regulator. Starting early also gives you the flexibility to implement changes in phases without operational disruptions.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        How do we ensure our AI systems remain compliant after initial implementation?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Compliance is not a one-time project but an ongoing process. Establish an internal management process in which changes to AI systems\u2014such as updates from a vendor or functionality expansions\u2014are routinely assessed against the AI Act requirements. Systematically retain log files, conduct periodic reviews of human oversight, and monitor guidance from the national regulator, as the practical implementation of the law will be further clarified in the coming years through delegated acts and guidelines.                    <\/p>\n                <\/div>\n                        <\/div>\n        ","protected":false},"excerpt":{"rendered":"<p>The AI Act affects every contact center\u2014find out what requirements apply to your automated customer service processes.<\/p>\n","protected":false},"author":2,"featured_media":32244,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[500],"tags":[],"class_list":["post-32243","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-contact-center"],"_links":{"self":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/32243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/comments?post=32243"}],"version-history":[{"count":2,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/32243\/revisions"}],"predecessor-version":[{"id":32246,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/32243\/revisions\/32246"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/media\/32244"}],"wp:attachment":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/media?parent=32243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/categories?post=32243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/tags?post=32243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}