All articles
AI Insights

EU AI Act Transparency Obligations: Why Many Swiss Companies Can (Still) Ignore Them

Chris Jon Graf · AI Strategist & CEOPublished on 18 July 2026
EU AI Act Transparency Obligations: Why Many Swiss Companies Can (Still) Ignore Them

In short

On 2 August 2026, the EU AI Act transparency obligations become binding – but far from every Swiss company must comply. The extraterritorial effect only applies if your AI output is actually used in the EU. Pure Switzerland-focused providers without EU customers can ignore the rules and concentrate on the coming Swiss AI legislation instead. Many C-level executives reflexively copy EU compliance – when a targeted, pragmatic approach would be smarter and cheaper.

The GDPR trap: Why Swiss companies should think differently this time

When GDPR came into force in 2018, many Swiss companies reflexively overhauled their entire data protection infrastructure – even though they barely had EU customers. Fear of fines and industry herd mentality led to million-franc compliance projects that later proved unnecessary. When Switzerland introduced its own revised DPA in 2023, it was significantly more pragmatic, less bureaucratic, and nowhere near as strict as the EU variant.

The EU AI Act threatens the same trap. The European Commission published the Code of Practice on Transparency in June 2026, and panic is spreading again. But this time a sober look is worthwhile: **Who is really affected? And who can better invest resources in their own AI strategy instead of preemptive EU compliance?**

Extraterritoriality does not mean universality

The rule operates extraterritorially – but only where your AI output actually reaches the EU. No EU customers, no EU output? Then only Swiss law applies to you.

When the EU AI Act really applies to Swiss companies

The transparency obligation (Article 50) covers three main categories: General-Purpose AI models (GPAI) like ChatGPT in interactive applications, deepfake and synthetic media generators, and publicly accessible emotion recognition systems. It applies **only when** your AI system or its output is used in the EU. The European AI & Society Fund analysed in February 2026 that approximately 40 percent of Swiss SMEs have no relevant EU customer base – and are therefore effectively unaffected.

Concretely, this means: Do you operate a GPAI-based chatbot on your website that is **also used by EU visitors**? Then the labelling obligation applies. Do you generate synthetic product images appearing on German, French, or Austrian marketplaces? Then you must label them. Do you use deepfake videos for marketing in EU countries? Then disclosure is mandatory.

  • **Affected:** Swiss companies with EU customers whose AI output (chatbot, images, videos) is consumed in the EU
  • **Not affected:** Pure Switzerland-focused providers without EU touchpoints – e.g. local tradespeople, regional service providers, CH-only SaaS
  • **Grey area:** B2B providers with EU business partners who use your AI system internally – here it depends on usage agreements

The geographic location of your headquarters is irrelevant – what matters is the **usage location of the output**. If you are uncertain, check your analytics: How much traffic comes from the EU? How many of your customers are located there? If the share is below 10 percent and not strategically relevant, you can safely put EU compliance on the waiting list.

What applies instead for pure Switzerland-focused providers?

Switzerland is currently working on its own AI legislation. The Federal Council launched a consultation on handling AI in 2025, and initial drafts suggest a **pragmatic, risk-based approach** – comparable to the revised DPA: clear principles, less bureaucracy, focused on genuine risks instead of formal compliance theatre.

For Swiss companies without EU touchpoints, existing regulations apply until then: **revised DPA** (data protection), **UCA** (Unfair Competition Act for misleading advertising), **CO** (Code of Obligations for liability from faulty AI systems), and sector-specific supervision (e.g. FINMA for financial services). Transparency is already expected today – but in the Swiss way: **clear, honest, without a 15-page disclaimer PDF**.

Swiss AI governance: less is more

Instead of blind EU emulation: Focus on genuine risks, clear processes, and trustworthy AI. This creates competitive advantages – not compliance overhead.

€15M or 3%

Maximum fine for violations – but only with actual EU usage

The three scenarios: How to decide correctly

Depending on business model and customer base, three clear scenarios emerge:

Scenario 1: Significant EU customer base (>20% revenue or strategically relevant)

Here you must act. Inventory all AI systems with EU touchpoints, identify GPAI chatbots, deepfake tools, and synthetic content generators. Implement the labelling obligations from Article 50: chatbots must identify themselves as AI at first contact, synthetic content needs machine-readable metadata, deepfakes require visible labels. The deadline is 2 August 2026 – technical watermarking for legacy systems has until 2 December.

Scenario 2: Marginal EU presence (<10% revenue, not strategic)

Here the rule is: weigh pragmatically. Often it is cheaper to exclude EU visitors (geo-blocking, disclaimer 'Only for Swiss customers') or forego risky AI features in EU markets than to build the full compliance machinery. Document your decision cleanly – if the strategy changes, you can catch up later.

Scenario 3: Pure Switzerland focus (no EU output)

Here you can safely ignore the EU AI Act. Concentrate instead on the coming Swiss AI legislation, on genuine governance (who decides on new AI tools? How are risks assessed?) and on **transparency as a competitive advantage**, not as a compliance obligation. Customers and partners appreciate open communication – but it must fit your market, not Brussels.

Fines and enforcement: Real risks vs theoretical scenarios

The European Commission threatens fines up to 15 million euros or 3 percent of global annual turnover. Lexology published an analysis on extraterritorial enforcement in July 2026 and clarified: Swiss companies can be prosecuted once their AI output reaches the EU. Authorities can impose fines, block systems, and compel business partners in the EU to cease cooperation.

**But:** Enforcement occurs through national data protection and competition authorities that are chronically understaffed and concentrate on the big cases. A Swiss SME with 5 percent EU revenue is not on their radar – as long as no complaints are filed. This does not mean you should be reckless. But it means you can proceed **strategically**: ensure compliance with genuine EU business, weigh with marginal risk, invest resources elsewhere with pure CH business.

Assess risk realistically

Enforcement runs through national authorities. Large players with high EU presence are the targets – not every Swiss SME with a ChatGPT chatbot on their website.

The intelligent alternative: Transparency as market advantage, not as mandatory exercise

Regardless of the EU question, transparency about AI deployment is worthwhile – but not because Brussels mandates it, but because it **builds trust**. Customers and partners want to know whether they are speaking with AI or a human. They appreciate honest communication about generated content. Those who label proactively position themselves as responsible – without a 15-page compliance PDF.

Instead of blind EU emulation: Build internal processes that fit your company. Who decides on new AI tools? Who reviews risks? How are updates documented? These questions are **relevant independently of Brussels** – and the answers create long-term competitive advantages.

Transparency is not a burdensome EU obligation but the foundation for trustworthy AI. But it must fit your market – not a regulator who does not even represent your customers.

Compliance checklist: Only if you are genuinely affected

If you belong to Scenario 1 (significant EU customer base), here is the immediate action plan with barely three weeks until the deadline:

  1. Inventory all AI systems with EU touchpoints within 48 hours
  2. Identify which fall under Art. 50 para. 1, 3, or 4 (GPAI chatbots, deepfakes, synthetic content)
  3. Implement chatbot disclaimers ('You are interacting with an AI assistant, not a human')
  4. Add machine-readable metadata to synthetic content (e.g. 'AI-generated')
  5. Review deepfake tools and add permanent labels (visible overlays, audio cues)
  6. Document all measures for future audits
  7. Appoint an internal compliance officer

For GPAI chatbots, a simple welcome message often suffices. For synthetic images, you can embed metadata tags – many content management systems already support this. Work closely with your IT and legal departments to accelerate implementation.

Leverage existing frameworks

If you already have GDPR or revised DPA compliance processes, you can adapt many of them for AI Act transparency. The principle remains the same: clear responsibilities, clean documentation.

Conclusion: Act strategically instead of copying reflexively

The EU AI Act is **not a universal law for all Swiss companies**. It only applies where your AI output actually reaches the EU. Pure Switzerland-focused providers can ignore the transparency obligation and concentrate on the coming Swiss legislation – which will likely be more pragmatic and less bureaucratic.

Instead of reflexively copying EU compliance, you should clarify three questions: **How much revenue do I make in the EU? Is this market strategically relevant? Which AI systems do EU customers concretely use?** The answers determine whether you must act now – or whether you invest resources more wisely in your own AI strategy.

Transparency about AI deployment is worthwhile independently of regulation – but as a **market advantage**, not as a mandatory exercise. Build governance processes that fit your company. And do not let EU panic drive you when your business happens elsewhere.

Frequently asked questions

Does the EU AI Act transparency obligation apply to every Swiss company?
No. The rule only operates extraterritorially if your AI output is actually used in the EU. Pure Switzerland-focused providers without EU customers are not affected and can concentrate on the coming Swiss AI legislation.
How do I find out if I am affected?
Check: How much revenue do you make in the EU? Do EU customers use your AI systems (chatbot, synthetic content, deepfakes)? If the EU share is above 10-20 percent or strategically relevant, you should act. Below that you can review geo-blocking or disclaimer solutions.
Which Swiss laws apply instead for pure CH providers?
Until Swiss AI legislation arrives: revised DPA (data protection), UCA (unfair competition for misleading advertising), CO (liability for damages), and sector-specific supervision (e.g. FINMA). Transparency is expected – but pragmatically, not bureaucratically.
How high are fines for EU transparency obligation violations?
Up to 15 million euros or 3 percent of global annual turnover. But: enforcement runs through national EU authorities that are chronically understaffed and concentrate on big cases. A Swiss SME with marginal EU presence is not on their radar – as long as no complaints are filed.
What is the difference between the August and December deadlines?
Article 50 paragraphs 1, 3, and 4 (chatbot labelling, deepfake/synthetic content labels) take effect on 2 August 2026. Only technical watermarking for existing systems (paragraph 2) has a grace period until 2 December 2026. New systems must be fully compliant from August.

Sources

Would you like to explore this topic for your company?

Check Availability

More articles