×marble
all posts
Jun 25, 2026·12 min read

The EU AI Act and Recommendation Systems: What Changed in 2025

The EU AI Act now binds recommender systems and personalization providers. The actual obligations for engineers, with citations to specific articles.

Alex Shrestha·Founder, ×marble

The EU AI Act and Recommendation Systems: What Changed in 2025

TL;DR.

  • The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024. The bulk of the obligations applies from 2 August 2026, with the prohibitions and AI literacy duty live since 2 February 2025 and the general-purpose AI rules since 2 August 2025.
  • "Recommendation system" is not a category in the Act. The legal label depends on what the system decides — a movie recommender is "limited risk", but a recommender ranking job candidates, scoring credit, or pricing insurance is high-risk under Annex III.
  • Limited-risk recommenders owe disclosure under Article 50 (the user must know they are interacting with an AI system). High-risk recommenders owe documentation (Article 11), human oversight (Article 14), logging (Article 12), and post-market monitoring (Article 72).
  • The Digital Services Act Article 27 already obliges recommender providers operating online platforms to disclose the main parameters of their recommender in plain language. The AI Act adds engineering requirements on top of that, not in place of it.
  • The practical engineering work is real but bounded: a system card, a deployer-facing user manual, a logging path you can prove keeps six months of inference traces, an opt-out, and an oversight UI for a human reviewer. Most teams already have 60% of this built and don't know it.

If you run a recommender that touches European users and you read the EU AI Act as "the chatbot law", you have a problem. Regulation 2024/1689 binds personalization systems directly. The interesting question for engineers is which obligations apply to your system, when they kick in, and what the actual code changes look like. This post answers all three with citations to the specific articles, so you can plan the work without paying a six-figure outside-counsel bill to be told the same thing.

What the EU AI Act actually says about recommendation systems

The AI Act doesn't define "recommendation system" or "personalization" as discrete legal terms. It defines AI systems broadly (Article 3(1)) and then sorts them by risk: prohibited (Article 5), high-risk (Article 6 + Annex III), limited-risk transparency obligations (Article 50), and minimal-risk (everything else). A recommender lands in one of these buckets based on what it ranks and for whom.

The classification matters because the obligations differ by an order of magnitude. A consumer media recommender is minimal-risk plus Article 50 transparency. A recommender used to surface job candidates to a hiring manager is high-risk under Annex III, with a full conformity-assessment regime, registration in the EU database, a quality management system, and post-market monitoring. The same underlying ML model can fall into either bucket depending on the deployment context — which is why "is my recommender high-risk?" cannot be answered from the model card alone.

Two regulations apply in parallel and engineers conflate them: the AI Act governs the system, and the Digital Services Act governs platform behaviour. DSA Article 27 already requires online platforms to disclose the "main parameters" of their recommender systems in plain, intelligible language and to offer users a way to modify them. DSA Article 38 obliges very large platforms (VLOPs) to provide at least one recommender variant that does not rely on profiling under the GDPR. The AI Act sits on top of this — it does not replace the DSA.

The 2025 timeline and what is already live

The compliance dates are non-negotiable and staggered. We covered them in our piece on the marketing engineer's personalization stack, but here is the recommendation-system slice:

  • 1 August 2024 — entry into force. Nothing applies yet; the clock starts.
  • 2 February 2025 — Article 5 prohibitions apply. AI literacy (Article 4) applies. If your recommender uses subliminal techniques, exploits vulnerabilities of minors, or scores social behaviour in a generally applicable way, it became illegal that day.
  • 2 August 2025 — General-purpose AI provisions (Chapter V) apply. Governance, market surveillance, penalties (up to 7% of global turnover under Article 99) became live. Notified bodies were stood up.
  • 2 August 2026 — the date most teams should plan for. High-risk obligations (Chapter III) and Article 50 transparency obligations apply. If your recommender is in Annex III scope and you ship to the EU on that day without conformity, the fine clock starts.
  • 2 August 2027 — Article 6(1) safety-component obligations bite (recommenders embedded in regulated products like medical devices).

The two-year ramp is deliberate. Teams that wait until July 2026 to read this guide are not going to make it. Most of the work is procedural — documentation, oversight workflows, logging plumbing — not algorithm changes.

How to know whether your recommender is high-risk

You walk Annex III. We've seen engineering teams misclassify their system in both directions, so the order of operations matters.

First, identify the decision domain of the recommendation. Annex III lists eight high-risk categories: biometrics, critical infrastructure, education, employment, essential services (credit, insurance, social benefits), law enforcement, migration, and justice/democratic process. A "ranked list of items the user might like" is high-risk only if those items are people for a hiring decision, mortgage applicants, candidates for a benefit, or similar consequential gates.

Second, check whether the recommender materially influences the decision — Annex III is about systems "intended to be used" for those decisions. A recommender that surfaces job postings to job-seekers (consumer-facing) reads as employment-adjacent advertising and historically gets treated as limited-risk, with Article 50 disclosure obligations. The same recommender turned around — ranking candidates for a recruiter to interview — is high-risk and triggers the full Chapter III stack.

Third, check Article 6(3). It carves back recommenders that perform a "narrow procedural task" or "improve the result of a previously completed human activity" — there is a real escape hatch for trivial re-ranking layers. The carve-out is narrow and the provider has to document why the carve-out applies. Most production recommenders do not qualify because they do influence the decision, not just dress it up.

If you're building a media, e-commerce, or social recommender ranked by engagement, you are almost certainly limited-risk under the AI Act and the heavy obligations sit with the DSA instead. If you're ranking people for a consequential outcome, assume high-risk and engineer accordingly.

What limited-risk recommenders actually owe under Article 50

Article 50 is the bar for most consumer recommenders. There are three obligations that touch a personalization team.

The user must know they are interacting with an AI system (Article 50(1)). For a recommender, this means a visible disclosure in your UI — usually in the feed header, the "Why am I seeing this?" affordance, or the onboarding flow. The disclosure must be presented "in a clear and distinguishable manner at the latest at the time of the first interaction or exposure". A buried disclosure in your terms of service does not satisfy this.

AI-generated content must be machine-readably marked (Article 50(2)). If your recommender surfaces synthetic content — AI-generated images, AI-translated text, AI-summarized articles — you are in scope for content provenance via C2PA or equivalent. This is a provider obligation: even if you're only the ranker, if the ranking layer modifies content, the watermarking duty travels with you.

Deepfake and emotion-recognition disclosures (Article 50(3)-(4)). Less common in recommenders, but if your feed surfaces deepfakes or your engagement model uses emotion recognition (smile detection in the camera feed, sentiment classification from on-device behaviour), you owe explicit disclosure. This is where explainable recommendations and the path of a recommendation become a compliance asset, not an aesthetic choice.

Article 50 has a 2 August 2026 application date. The European Commission opened a consultation on the Article 50 implementation guidelines in late 2025. The final guidelines will shape how strictly "clear and distinguishable" is interpreted — we'd watch that filing closely.

What high-risk recommenders owe under Chapter III

If your recommender is in Annex III scope, the Chapter III stack applies. This is where engineering work concentrates. We've grouped the obligations by what each one means in the codebase.

Risk management system (Article 9). A living document mapping the foreseeable harms of the recommender and the mitigations. For a hiring recommender: known disparate-impact failure modes, the test suite that catches them, the rollback procedure. We've found that teams who already run A/B testing on personalization typically have 70% of this in their existing runbooks; they just need to format it for an auditor.

Data governance (Article 10). The training data must be examined for biases relevant to the recommender's purpose. You document representativeness, gaps, and the steps you took to mitigate them. Synthetic upsampling and reweighting are explicitly allowed.

Technical documentation (Article 11) and instructions for use (Article 13). A system card sufficient for a notified body to assess conformity, plus a deployer-facing manual telling the customer how to use the recommender within its intended purpose. Annex IV lists what Article 11 documentation must contain — it is long but bounded. About 30-50 pages for a typical recommender.

Logging (Article 12). The system must "automatically record events" enabling traceability across its lifecycle, retained for at least six months under Article 19. For a recommender this is the inference log — input features, model version, output ranking, decision context. Most teams already have this for debugging; the legal step is committing to a retention policy and access controls.

Human oversight (Article 14). A natural person must be able to "fully understand the capacities and limitations" of the system, monitor its operation, decide not to use it for a given case, and override its output. For a hiring recommender: the recruiter sees the ranking, can re-rank, can reject the ML output entirely, and that decision is logged.

Accuracy, robustness, cybersecurity (Article 15). Specified performance metrics, robustness against adversarial inputs, and security against unauthorized modification. The AI Act explicitly mentions resilience against feedback loops in continuously learning systems — relevant for any recommender doing online learning.

Quality management system (Article 17), conformity assessment, registration in the EU database (Article 71), post-market monitoring (Article 72), serious-incident reporting (Article 73). This is the procedural shell of high-risk compliance. It looks heavy and it is, but most of it is paperwork once.

The DSA Article 27 overlap, and why you still owe it

The Digital Services Act has been in force since 17 February 2024 for all online platforms in the EU. If you run a platform that uses a recommender — and that's most consumer products — DSA Article 27 already binds you regardless of where you sit on the AI Act risk axis.

Article 27 requires that your terms and conditions set out, "in plain and intelligible language, the main parameters used in their recommender systems, as well as any options for the recipients of the service to modify or influence those main parameters". The main-parameter disclosure must include the criteria most significant in determining what gets shown and the reasons for their relative importance. This is a different obligation from Article 50 of the AI Act and they stack — you owe both. The DSA also requires that recommender modifications offered to users be "directly and easily accessible from the specific section" where the information is being prioritized.

For very large platforms (DSA Article 38, applicable to VLOPs designated by the Commission), there is an additional obligation to provide at least one recommender option that is not based on profiling under the GDPR. In practice this means a chronological feed alternative or a popularity-based ranker for users who turn off personalization. If you're below the VLOP threshold (45 million EU monthly active users), Article 38 does not apply, but most product teams build the chronological alternative anyway because it ships with the cold-start fix — see our piece on the cold-start problem and day-zero personalization for the engineering side.

The European Board for Digital Services has been publishing reports on how VLOPs implement Article 27 and 38. The early reads suggest that "in plain and intelligible language" is being interpreted strictly — generic statements like "we use engagement signals" are not enough. You need specifics: what features feed the ranker, what the user can change, where the controls are.

How ×marble fits in

We build ×marble as a knowledge-graph personalization engine — the kind of system that, if you ship it into the EU, you'd want to be on the right side of the AI Act on day one. The graph layer makes the regulatory math easier: every edge has a provenance (which signal, which timestamp), every decision walks an explainable path, and the inference log Article 12 wants is the audit log the engine already keeps. Our sub-products Vivo and Video ship in limited-risk territory and we own the Article 50 disclosure UX so our customers don't have to. If you're building toward an AI Act compliant recommender from scratch and the documentation and oversight overhead is starting to look real, talk to us — we've absorbed the compliance work into the platform.

FAQ

Does the EU AI Act apply to recommendation systems?

Yes. The EU AI Act (Regulation 2024/1689) applies to recommendation systems whenever they meet the definition of an AI system under Article 3(1). What it requires depends on the risk classification: most consumer recommenders are limited-risk and owe transparency under Article 50, while recommenders used in hiring, credit, insurance, or other Annex III contexts are high-risk and trigger the full Chapter III compliance regime, including documentation, logging, human oversight, and post-market monitoring.

When did the EU AI Act apply to recommendation systems?

The Act entered into force on 1 August 2024 but applies in stages. The prohibitions in Article 5 and the AI literacy duty in Article 4 applied from 2 February 2025. The general-purpose AI rules applied from 2 August 2025. The transparency obligations of Article 50 and the high-risk obligations of Chapter III apply from 2 August 2026. Article 6(1) safety-component recommenders embedded in regulated products fall under the Act from 2 August 2027.

Is a content recommendation system high-risk under the EU AI Act?

A consumer content recommendation system — for video, news, music, social feed — is not high-risk under the AI Act. It is limited-risk and owes Article 50 transparency disclosure plus, if you operate as an online platform, the DSA Article 27 recommender-parameter disclosure in your terms of service. A recommendation system becomes high-risk only when it is intended to be used in one of the Annex III consequential-decision domains: employment, education, essential services like credit and insurance, law enforcement, migration, justice, or democratic processes.

What is the difference between AI Act and DSA for recommendation systems?

The AI Act regulates the AI system itself — its risk classification, documentation, oversight, and lifecycle. The Digital Services Act regulates the online platform that deploys it — its transparency to users, terms of service disclosures, and (for very large platforms) the obligation to offer a non-profiling recommender variant. They apply in parallel. A consumer recommender on a mid-sized European platform owes Article 27 DSA disclosure plus Article 50 AI Act transparency. A VLOP recommender owes those plus Article 38 DSA non-profiling option, plus any high-risk obligations if its specific use case lands in Annex III.

What are the penalties under the EU AI Act?

Article 99 of the AI Act sets three tiers: up to 35 million euros or 7% of global annual turnover (whichever is higher) for breaches of the Article 5 prohibitions; up to 15 million euros or 3% of turnover for non-compliance with high-risk obligations or with the obligations for general-purpose AI; and up to 7.5 million euros or 1% of turnover for supplying incorrect information to authorities. Penalties for SMEs and startups are capped at the lower of the two figures rather than the higher.

Further reading

the product behind these notes

×marble is the personalization graph.

One API. A living knowledge graph per user. Day-zero ready, explainable by construction. We built it so you don't have to.

See ×marble