

Customerly & the EU AI Act
The EU AI Act is the world's first comprehensive AI regulation. Here is how it applies to Aura, our AI customer support agent, what Customerly does on the provider side, and what your team needs to cover as a deployer.
What is the EU AI Act?
Regulation (EU) 2024/1689, the AI Act, entered into force on August 1, 2024 and applies in stages through 2027. It takes a risk-based approach: the higher the risk an AI system poses to people's safety or rights, the stricter the obligations. It applies to any company offering AI systems to users in the EU, whether or not the company is based there.
Unacceptable risk
Practices like social scoring or manipulative AI are banned outright since February 2025.
High risk
AI in areas like hiring, credit scoring, or law enforcement faces strict conformity requirements. Customer support AI is not in this category.
Limited risk
AI systems that interact with people, like customer support agents, must be transparent about being AI. This is where Aura sits.
Minimal risk
The vast majority of AI systems, like spam filters, carry no specific obligations under the Act.
How the AI Act classifies Aura
Aura, Customerly's AI customer support agent, is a limited-risk AI system: it interacts directly with people, so the transparency obligations of Article 50 apply. It is not a high-risk system: customer support is not among the Annex III use cases (biometrics, employment, credit, law enforcement, and similar).
Article 50 requires that people interacting with an AI system are informed they are talking to AI, unless it is obvious from the context. The disclosure must be timely and clear, not buried behind extra clicks.
In practice: your customers must know Aura is an AI. Customerly builds that disclosure into the Messenger, and you should never configure Aura to pass as a human agent.
Key dates
The EU AI Act (Regulation 2024/1689) enters into force as the world's first comprehensive AI law.
Prohibited AI practices are banned. The AI literacy obligation (Article 4) applies: teams using AI systems must understand what they can and cannot do.
Obligations for general-purpose AI model providers and the EU governance framework take effect.
The Act becomes generally applicable, including Article 50 transparency obligations for AI systems that interact with people, such as AI customer support agents.
Extended deadline for high-risk AI embedded in regulated products. Not applicable to customer support AI.
What Customerly does
On the provider side, transparency and human oversight are built into how Aura works, not settings you have to remember to turn on.
Transparency by design
Aura is presented as an AI agent in the Customerly Messenger, so your customers know they are interacting with AI from the first message. This is the core requirement of Article 50.
Human escalation built-in
Aura hands conversations to your human team whenever it's uncertain, when the customer asks for a person, or when an issue falls outside its configured scope, with full context attached.
Grounded, reviewable answers
Aura answers from your help center and product knowledge using retrieval-augmented generation, and every AI response can be reviewed in the admin panel.
GDPR-aligned data handling
Conversations processed by Aura follow the same GDPR safeguards as the rest of the platform: EU data residency, encryption, and a Data Processing Agreement.
What you need to do as a deployer
Using an AI agent with your customers makes you a deployer under the Act. For a limited-risk system like Aura, the checklist is short and operational:
- Keep the AI disclosure visible: don't present Aura to your customers as a human agent
- Train the teammates who configure and supervise Aura on what it can and cannot do (AI literacy, Article 4)
- Keep your help center and knowledge base accurate, since Aura's answers are only as good as the content it's grounded in
- Maintain a working human escalation path so customers can always reach a person
- Keep your GDPR documentation in order: privacy policy, DPA with Customerly, and lawful bases for processing
The AI Act complements GDPR rather than replacing it. Our GDPR page and Security page cover how Customerly handles the data protection side.
EU AI Act FAQ
What support teams ask about running an AI agent under the EU AI Act.
No. AI customer support agents like Aura fall under the limited-risk category, governed by the transparency obligations of Article 50. High-risk classification is reserved for AI used in areas like employment decisions, credit scoring, biometrics, or law enforcement listed in Annex III of the Act.
Yes. Article 50 requires that people interacting with an AI system are informed they are talking to AI, unless it is obvious from the context. Customerly handles this by presenting Aura as an AI agent in the Messenger, and you should not configure or brand it to appear human.
The EU AI Act becomes generally applicable on August 2, 2026, which includes the Article 50 transparency obligations. Earlier milestones already in effect are the ban on prohibited practices and the AI literacy obligation (February 2, 2025) and the rules for general-purpose AI models (August 2, 2025).
When you use Aura with your customers, you are typically a deployer: you use an AI system under your authority in a professional context. Customerly acts on the provider side of the system it supplies. Deployers of limited-risk systems mainly need to ensure disclosure to end users, team AI literacy, and correct day-to-day use.
No. The two apply in parallel: the AI Act governs how AI systems are built and used, while GDPR governs the personal data they process. You still need a lawful basis for processing, a Data Processing Agreement with Customerly, and respect for data subject rights.
Breaching the transparency obligations can be fined up to €15 million or 3% of global annual turnover, whichever is higher. Prohibited practices carry higher fines, up to €35 million or 7% of turnover. Regulators are expected to favor guidance and warnings first, but the obligations are binding.
Yes. Aura's AI disclosure, human escalation, grounded answers, and GDPR-aligned data handling cover the technical side of Article 50 compliance. Your side is operational: keep the disclosure on, keep your knowledge base accurate, train your team, and keep your privacy documentation current.
This page is provided for informational purposes only and does not constitute legal advice. For guidance on how the EU AI Act applies to your specific situation, consult a qualified legal professional. The full text of the regulation is available at EUR-Lex (Regulation 2024/1689). Questions? Contact us at legal@customerly.io.

