EU AI Act Starter Pack — Transparency, Deployer Notices, and AI Literacy

Four templates covering the obligations most founders miss: The Article 50 transparency notices. The Article 26 deployer notices that nobody reads until procurement asks. The Article 4 AI literacy obligation that's already been enforceable since February 2025. And the 15-question buyer DDQ bank with side-by-side provider and deployer answers. Reviewed against the consolidated AI Act text and Commission guidance current to May 2026.

Problem: You don't know which EU AI Act obligations actually apply to you

Provider or deployer? High-risk or limited-risk? GPAI provider or downstream modifier? EU AI Act layers obligations by role and risk class, and getting it wrong in either direction is expensive.

You don't know which EU AI Act obligations apply to you.

Provider or deployer, high-risk or limited-risk, GPAI or downstream modifier? Getting it wrong is costly. The Art. 50 trigger map and DDQ Q1–4 give you a defensible written answer in thirty minutes.

EU AI Act obligations already in force.

Article 4 (AI literacy) and Article 5 (prohibited practices) have been enforceable since February 2025. GPAI obligations since August 2025. The AI Literacy Starter turns a live obligation into a signed attendance log next week.

Improvising loses deals.

The same DDQ questions appear in nearly every AI Act-aware procurement process in 2026. Answers depend on whether you're provider or deployer, and how the Act crosses with GDPR, DORA, and ISO/IEC 42001. The Q&A Bank gives you side-by-side prepared answers.

What's inside the template pack

Four core templates plus two bonuses. Built to be read and used during the two business days you're waiting for module access. This is guaranteed to make the module dramatically more useful when access lands.

Article 50 Transparency Notice Pack

A one-page decision tree that tells you which of the four Art. 50 obligations apply to your system, plus four sub-templates covering chatbot and voice-agent disclosure, synthetic content marking, emotion recognition and biometric categorisation notice, and deep fake and AI-generated text disclosure. Each one identifies whether the obligation falls on you as provider or deployer.

Article 26 Deployer Notice Pack

The notices most founders miss because they self-identify as deployers thinking that's the lighter obligation set. Workplace notification to workers and their representatives under Art. 26(7), notice to natural persons subject to high-risk decisions under Art. 26(11), and a one-page checklist of the seven things deployers of high-risk systems must do.

Article 4 AI Literacy Starter

A framework page, a thirty-minute training outline you can run next week, and an evidence template with attendance log and signed attestation block. The cheapest binder artefact to produce and the one auditors and procurement teams ask for first.

Buyer / DDQ Q&A Bank

Fifteen questions enterprise buyers and regulated-sector procurement teams ask in 2026, with sample answers in two columns — what a provider says, what a deployer says — side by side. Covers role and risk classification, documentation status, operational obligations, and the crossover with GDPR Art. 22, DORA Art. 6, and ISO/IEC 42001.

Bonus 1: "While you wait" Action Guide

A single page with three concrete things to do during the two business days before module access lands: identify your role, run the Art. 50 trigger map against your features, schedule the Art. 4 training session. About an hour of work. Arrives the module already knowing what your system is.

Bonus 2: EU AI Act Enforcement Timeline

A one-page reference card showing what's already enforceable (Art. 4, Art. 5, GPAI Chapter V) versus what applies from August 2026 (Annex III high-risk) versus August 2027 (Annex I product safety). Cuts through the "August 2026" misconception that has cost most companies eighteen months of preparation.

Send me the free pack!

Four templates, two bonuses, zero euros. Module access follows in two business days. Because "we'll figure out the AI Act later" is not a procurement answer.

Lorem ipsum dolor sit

EU AI Act Template FAQ

Do I need EU AI Act compliance templates if my company is outside the EU?

Yes, if your AI system is placed on the EU market, used in the EU, or produces output used in the EU. The Act applies extraterritorially under Article 2. A US SaaS company with EU users, a Canadian startup selling to EU enterprises, and a UK company exporting AI-generated content into the EU are all in scope. Templates that only address US disclosure laws (NY AI Disclosure Law, Colorado AI Act, California AB 2013) will not cover your EU exposure. The Grecta starter pack is built for companies in scope of the EU Act regardless of where they're headquartered.

When does the EU AI Act actually take effect?

The Act entered into force on 1 August 2024 with a staged application timeline. Article 4 (AI literacy) and Article 5 (prohibited practices) became enforceable on 2 February 2025. GPAI obligations under Chapter V began applying on 2 August 2025. High-risk system obligations under Annex III apply from 2 August 2026. High-risk obligations under Annex I (product safety legislation) apply from 2 August 2027. The "August 2026" framing common in 2025 marketing materials is misleading — substantial parts of the Act have been enforceable for over a year.

What's the difference between a provider and a deployer under the EU AI Act?

A provider develops an AI system or has it developed and places it on the EU market under its own name or trademark. A deployer uses an AI system under its authority in a professional capacity. The same company can be both, for different systems. A company that fine-tunes a GPAI model or substantially modifies an AI system can become a provider under Article 25 even if it originally deployed someone else's system. The provider obligation set is heavier, but Article 26 imposes substantial obligations on deployers of high-risk systems that most founders underestimate.

What is an Article 50 transparency notice and when do I need one?

Article 50 imposes four distinct transparency obligations. Providers of AI systems that interact directly with natural persons must disclose the AI nature of the interaction. Providers of AI systems generating synthetic audio, image, video, or text content must mark outputs as artificially generated in a machine-readable format. Deployers of emotion recognition or biometric categorisation systems must inform exposed natural persons. Deployers generating deep fakes or AI-generated text on matters of public interest must disclose the artificial nature of the content. Which obligation applies depends on your role and the system's function — the trigger map in Template 1 of the Grecta pack walks through this in one page.

Is Article 4 AI literacy actually enforceable, or is it aspirational?

Article 4 has been enforceable since 2 February 2025. It requires providers and deployers to ensure a sufficient level of AI literacy among staff and others operating AI systems on their behalf, taking into account their technical knowledge, experience, education, training, and the context in which the systems will be used. National competent authorities in EU Member States have been designated through 2025–2026 and have Article 4 within their mandate. The obligation is principles-based rather than prescriptive, but evidence of a structured training programme with attendance records is the practical compliance artefact regulators and procurement teams ask for.

Are free EU AI Act templates enough for compliance?

For specific obligations that are template-shaped — Article 50 notices, Article 26 deployer notices, Article 4 training outlines, DDQ responses — well-built templates are a legitimate starting point. For obligations that are not template-shaped — Annex IV technical documentation, Article 17 quality management systems, Article 27 fundamental rights impact assessments, Article 43 conformity assessments, Article 72 post-market monitoring — templates alone are insufficient. Any pack that claims to deliver "complete EU AI Act compliance" through PDFs is misrepresenting what the Act requires.

How does the EU AI Act interact with GDPR, DORA, and ISO/IEC 42001?

The AI Act does not replace existing frameworks — it layers on top of them. GDPR continues to govern personal data processing within AI systems; Article 22 (automated decision-making) overlaps with Articles 26 and 50 of the AI Act on deployer notices. DORA Article 6 (ICT risk management) applies in parallel for financial-sector entities deploying AI systems. ISO/IEC 42001 (AI management system standard) is not mandatory under the AI Act but is the most direct route to demonstrating Article 17 quality management system compliance through certification. Procurement DDQs in 2026 routinely ask about all four frameworks together — Template 4 of the Grecta pack addresses the crossover questions directly.

What's the penalty for non-compliance with the EU AI Act?

Article 99 sets penalties at up to €35 million or 7% of worldwide annual turnover for prohibited practices under Article 5, up to €15 million or 3% of turnover for most other infringements, and up to €7.5 million or 1.5% of turnover for supplying incorrect information to authorities. For SMEs and startups, the lower of the two figures applies. Enforcement is delegated to national competent authorities in each Member State, with the AI Office coordinating GPAI enforcement at EU level. As of mid-2026, no major enforcement actions have been publicly announced, but Member State authorities have entered the operational phase of their mandates.

Download the EU AI Act template pack

Read it tonight. Run the AI literacy session this week. Walk into your next procurement call with the answers already written.

Lorem ipsum

Yes, it's free. In your inbox in sixty seconds. Module access within two business days.