Compliance with AI regulations in the workplace: Board level responsibility
The use of artificial intelligence in companies is commonplace, for example when HR departments check resumes. However, they must observe data protection regulations and check whether they are subject to compliance obligations. The Ecovis experts show what needs to be considered at board level for legally compliant use.
Artificial Intelligence has moved from experimentation to everyday business use. Marketing departments generate automated content, customer service relies on chatbots, and management increasingly uses predictive analytics for decision-making. However, the legal environment has changed significantly.
Contact us
EU AI law in practice: Obligations and to-dos for companies
With the introduction of the EU AI Act and its gradual application throughout 2025–2026, companies are no longer merely “testing” AI solutions — they may already be subject to compliance obligations. It is important to note that the regulation does not only apply to developers of AI systems, but also to companies that deploy them in their operations.
Certain AI applications — such as automated CV screening, employee performance evaluation, or systems influencing access to services — may qualify as “high-risk” under the new framework. These systems require documented risk assessments, human oversight mechanisms, transparency measures, and robust data governance processes.
Even lower-risk tools, such as customer-facing chatbots or AI-generated marketing materials, may trigger disclosure obligations. Users must be informed when interacting with AI, and companies must ensure that outputs do not mislead or infringe third-party rights.
We support your company in complying with legal regulations, create internal guidelines or implement effective governance frameworks for you.
Dr. Krisztina Tóth, Partner, Attorney-at-Law, ECOVIS Hungary Legal, Budapest, Hungary
The role of the EU General Data Protection Regulation (GDPR)
The intersection with GDPR further increases exposure. Automated decision-making, profiling, and the lack of explainability can result not only in regulatory scrutiny but also in civil liability. In short: AI governance is no longer an IT matter — it is a board-level responsibility.
Formulate clear AI guidelines
Companies should consider conducting an internal AI audit, mapping current AI use cases, and adopting a clear internal AI policy. Early compliance is not only risk mitigation; it is also a competitive advantage in an increasingly regulated digital market. If an organisation is already using AI tools, now is the time to assess whether the legal framework has kept pace with technological innovation.
