EU AI Act in Practice: What Marketing Teams Must Implement Now

The digital marketing landscape is in constant flux, driven by technological innovations and evolving regulatory frameworks. No development currently underscores this as strongly as the EU AI Act, which will become applicable in its essential parts from mid-2026. For marketing teams at Davies Meyer and elsewhere, this means a profound examination of their own processes, the tools used, and the ethical principles guiding the use of Artificial Intelligence (AI). This expert article highlights what marketing teams must now concretely implement to not only be compliant but also to continue designing innovative and effective campaigns.

The Significance of the EU AI Act for Marketing

The EU AI Act is the world's first comprehensive legal framework for AI. Its goal is to ensure AI systems that respect the fundamental rights and values of the EU. For marketing, this is particularly relevant, as AI has long become a standard tool in many areas – from personalized advertising to content creation and target audience analysis. The Act categorizes AI systems by their risk potential: from minimal to high. Marketing applications generally fall into the "low-risk" category but can, under certain circumstances, be classified as "high-risk," especially if they involve "manipulative techniques" that can significantly influence individuals' behavior, or if they lead to the "evaluation or classification of natural persons" on a broad basis.

The distinction is crucial because high-risk AI systems are subject to significantly stricter requirements, including comprehensive conformity assessment procedures, risk management systems, data governance, and human oversight. Even with lower risk, however, the Act demands transparency obligations and adherence to ethical principles.

Compliance Checklist for Marketing Teams

To best prepare marketing teams for the EU AI Act, we have developed a comprehensive compliance checklist. It serves as a guide for implementing the necessary measures.

1. Inventory and Classification of AI Systems

The first and most important step is a complete inventory of all AI systems used in marketing. This includes:

• Identification of all AI-powered tools and platforms: These include marketing automation software, ad-tech platforms, personalization engines, content generation tools (text, image, video), chatbots, analytical tools with predictive AI, and any other service that uses machine learning or similar AI technologies.
• Documentation of use cases: For each identified system, its specific use must be precisely documented. Examples: audience segmentation, A/B testing, campaign optimization, pricing, personalized emails, dynamic website content.
• Risk assessment according to the EU AI Act: Based on the use cases, an initial risk assessment must be carried out. Is it a low, medium, or potentially high-risk AI system? Article 6 of the EU AI Act, which defines high-risk systems, is particularly relevant here. Questions to ask: Does the application significantly influence consumer decisions? Does it lead to discrimination? Does it use biometrics?

2. Transparency and User Information

The EU AI Act places great importance on transparency. Marketing teams must ensure that users understand when they are interacting with AI and how their data is being used.

• Labeling of AI-generated content: All content significantly created or modified by AI (e.g., texts, images, videos for social media, blog articles) must be clearly and comprehensibly labeled as such. This can be done through visible notices ("AI-generated," "Created with AI assistance") or through metadata.
• Transparency in interaction with AI systems (e.g., chatbots): If a chatbot is used for customer service or lead generation, this must be clearly communicated. Users must know they are communicating with a machine.
• Updating privacy policy and terms of use: The privacy policies and terms of use must detail which AI systems are used, what data they process, for what purpose, and on what legal basis. The rights of data subjects, particularly the right to access and object, must be clearly presented.

3. Data Governance and Data Protection

AI systems are only as good as the data they are trained and fed with. The EU AI Act complements the requirements of GDPR in this regard.

• Ensuring data quality and relevance: The data used for training and operating AI models must be accurate, representative, complete, and free from bias. Poor data leads to discriminatory or ineffective AI results.
• Implementing bias detection and mitigation: Marketing teams must establish processes to identify and address potential discrimination or biases in the data used or the AI outputs. This is particularly important for audience targeting or personalization algorithms.
• Compliance with GDPR principles: All data processing activities related to AI must comply with the GDPR principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. In particular, the collection, processing, and storage of personal data for AI purposes must be based on a valid legal basis.
• Documentation of data flows and processing procedures: Detailed documentation of all data flows, the algorithms used, and the processing procedures is essential to ensure accountability.

4. Risk Management and Human Oversight (for High-Risk Systems)

Even if many marketing AI applications do not immediately fall into the "high-risk" category, it is important to understand the criteria and take preventive measures.

• Risk assessment for each new introduction or substantial change: Before a new AI system is introduced or an existing application is substantially changed, a comprehensive risk assessment must be conducted that considers potential negative impacts on fundamental rights.
• Implementation of human oversight: For systems that are potentially high-risk or have far-reaching implications, human oversight must be ensured. This means that humans must have the ability to understand, interpret, review, and, if necessary, correct or override AI decisions.
• Contingency plans and fallback solutions: In the event that an AI system malfunctions, delivers unethical results, or does not perform as expected, contingency plans and manual fallback solutions must be in place to secure business operations and user experience.

5. Training and Awareness

A successful compliance process depends on the knowledge and willingness of the team to implement the new requirements.

• Regular training for marketing employees: All employees who work with AI systems or are responsible for AI-generated content must be comprehensively trained on the requirements of the EU AI Act, internal policies, and best practices.
• Establishment of internal guidelines and processes: Clear internal guidelines for the use of AI in marketing, including ethical codes and approval processes for AI-generated content, must be developed and communicated.
• Appointment of an AI responsible person/expert team: It can be helpful to appoint one or more employees who specialize in AI compliance and serve as contact persons for the team, as well as an interface with the legal department.

6. Documentation and Audit Trail

The EU AI Act requires comprehensive documentation to demonstrate compliance with the regulations.

• Technical documentation of AI systems: Manufacturers and providers of AI systems must provide detailed technical documentation describing the system's functionality, performance limits, and risk assessment. These documents must be requested and archived by marketing teams.
• Logging of AI-relevant decisions and processes: Every step – from data collection to model training to implementation and tracking of AI results – should be comprehensively logged. This also includes documenting human interventions or corrections.
• Regular internal audits and reviews: Compliance measures and the effectiveness of implemented processes should be regularly audited and reviewed internally to ensure they meet the requirements of the EU AI Act.

Challenges and Opportunities

Implementing the EU AI Act in marketing is undoubtedly a challenge. It requires investment in time, personnel, and possibly new technologies. The biggest challenge will be classifying one's own AI tools and applications, as the line between "low" and "high" risk can often be fluid in the context of marketing. Close coordination with legal experts is essential here.

However, the Act also offers opportunities: Improved transparency and ethical AI use can strengthen consumer trust. Brands that proactively take compliance measures and use AI responsibly can position themselves as trustworthy and ethical actors, which can be a significant competitive advantage in an increasingly skeptical public. Furthermore, engaging with one's own AI systems often leads to an optimization of data quality and processes, which can increase the efficiency and effectiveness of marketing campaigns in the long run.

Conclusion

The EU AI Act is no longer a distant future but an imminent reality for marketing teams. The time until mid-2026 should be actively used to conduct a comprehensive inventory, adapt processes, and create the necessary transparency. Those who act now will not only lay the groundwork for compliance but also for a future-proof, ethical, and trustworthy marketing strategy. At Davies Meyer GmbH Hamburg, we are committed to supporting our clients in this transformation and together exploring innovative paths in line with the new regulatory requirements.

For detailed consultation and individual support in implementing your AI Act compliance strategy in marketing, please feel free to contact us. We help you overcome the challenges and optimally leverage the opportunities of responsible AI use.

Contact