The EU AI Act is coming for CX. Are you ready?

The biggest compliance questions facing CX teams, and how to prepare before the rules hit harder

Woman with long hair talking on cell phone looking at computer

The EU AI Act was adopted in 2024, but its obligations are landing in phases. The date CX leaders need to have circled is 2 August 2026. This is when key transparency rules for AI disclosures, deepfakes, emotion detection, and more come into effect, and the penalties are steep:

  • Up to 3% of a company's global annual turnover (or €15 million – whichever is higher) for violating transparency obligations.
  • Up to 7% of global turnover (or €35 million – whichever is higher) for using completely banned, unacceptable-risk AI practices.

For CX leaders, this is about more than simply understanding the regulation. The bigger task is understanding where AI is already influencing the customer journey, including the places where it may not be immediately obvious.

To help unpack the legal and operational realities of the legislation, I spoke with two of our internal experts at TTEC Digital:

In this article, I’ll walk through how the EU AI Act applies to common CX use cases, where risk is most likely to show up in your tech stack, and the practical steps you can take now to build a clear, defensible path toward readiness.

[cta-1]

Where are CX teams most at risk under the EU AI Act regulations?

It’s natural to focus first on the AI tools customers can see. But in my experience, some of the bigger risks are often sitting behind the scenes, in back-end operations and employee management tools.

A lot of CX teams have assumed that internal, employee-facing AI is automatically “safer” than client-facing automation because it’s not exposed to the public. The AI Act challenges that assumption. Tools used to monitor, evaluate, or predict human behaviour in an employment context now face serious regulatory scrutiny.

Georgi explains where the line needs to be drawn for internal systems:

"Utilising an AI tool in the context of an employment relationship brings very serious governance processes. The AI tool should not be (and should not be perceived as) the main driver of employment-based decisions. It should only be supporting what would ultimately be a human-based decision."

- Georgi Georgiev, Senior Corporate Counsel, TTEC, EMEA

A simple example makes this easier to see. Imagine an internal analytics system tracking agent response times. If thesystem flags that an employee's speed has slipped over the past month, a non-compliant setup might automatically trigger a written warning or place them on a disciplinary track based purely on that algorithmic data.

That’s where the risk appears. In a compliant framework, AI should flag the drop in performance to a team leader, who can then carry out a human-led review and decide whether the employee needs coaching, training, or personal support. The technology should act as a helpful tool. It shouldn’t make the management decision.

Action item: If an AI system independently initiates automated disciplinary tracks or rankings without clear human intervention, it introduces significant corporate liability. That’s why building human-in-the-loop safeguards into these systems should happen immediately.

What CX leaders need to know about unseen AI under the EU AI Act

AI is no longer limited to one obvious platform or initiative. It’s often introduced gradually through platform upgrades, third-party tools, or vendor-managed features.

That creates a real gap between perception and reality. You may think you’re using AI in a few visible areas, while in practice, AI may already be shaping decisions across much more of the customer journey.

The challenge is simple: if you can’t clearly account for where these systems are operating, you may already have a compliance issue.

Amanda explains why this hidden operational risk is so important:

“The Act can apply to pretty much anything you have in your operation. It seeps into a lot of nooks and crannies... and I think a lack of technical understanding is driving a lack of conversation. True readiness means choosing to stop, look, and understand exactly how that technology is making your life easier.”

- Amanda Panks, Senior Manager, Strategy & Operations, TTEC Digital, EMEA

Action item: You can’t govern what you can’t see. Step one of readiness is taking inventory of all AI usage. Procurement, IT, legal, and CX operations should collaborate to determine which tools meet the AI Act definition of an AI system and involve all relevant stakeholders in the conversation.

The non-EU trap: Why UK and US operations are not exempt

One misconception I hear often is that geography provides a natural shield. If a contact centre is based in the United Kingdom or the United States, it can be tempting to assume the EU AI Act doesn’t apply.

But the Act isn’t only concerned with where your operation is physically based. What matters is where the output of your AI system is used and whose data is being processed. If your automated systems process data for people in the European Union, support cross-border customer interactions, or touch overseas territories, your platform may fall within scope.

Amanda puts that operational blind spot into practical terms:

“I hear people say, ‘my contact centre is in the United Kingdom. We’re not in the EU. How much really does that impact me?’ Are all of your customers sitting in the United Kingdom and not anywhere else? Because if they’re in Ireland or you’ve got overseas territories and customers that are living abroad, then the EU AI Act could be an issue.”

- Amanda Panks, Senior Manager, Strategy & Operations, TTEC Digital, EMEA

The wider point is that global compliance is moving quickly. Even if your customer database feels largely domestic today, waiting for local laws to catch up is a reactive strategy. The EU framework is already becoming a reference point for how other markets think about AI governance, privacy, and accountability.

Georgi makes that point clearly:

“I think the EU AI Act is the frontier of what's about to come in other continents as well, including in the US.”

- Georgi Georgiev, Senior Corporate Counsel, TTEC, EMEA

Action item: Assuming geographic immunity is a high-risk compliance strategy. Instead of waiting for a regulatory inquiry to force their hand, global operations must evaluate their compliance stance based on customer data flow rather than office postcodes.

How to meet contact centre AI transparency and chatbot disclosure rules

For the EU AI Act’s 2 August 2026 transparency mandate, the principle is straightforward: people should know when they’re interacting with an AI system, unless that’s already obvious from the context.

In practical terms, disclosures need to be clear, accessible, and presented at the right point in the interaction. For CX teams, that often means examining chatbot greetings, IVR scripts, and other customer-facing touchpoints.

Amanda explains why that transparency changes the customer experience itself:

"Telling people who they're talking to influences what they do and don't share. Most people feel more comfortable sharing sensitive information with humans because their perception is they can understand context and nuances better. If they are talking to a machine, they talk in a very transactional fashion. Customers need to be able to make informed choices, and it's in a business's own interest to get that mindset right."

- Amanda Panks, Senior Manager, Strategy & Operations, TTEC Digital, EMEA

Action item: CX leaders should audit and consider updating all automated touchpoints, such as:

  • Chatbots and voicebots: Reword greetings so they are explicit, for example: "You are speaking with our virtual assistant today."
  • Automated channels: Clearly indicate AI authorship on automated emails, call summaries, or SMS updates.

What good AI governance looks like in practice

It’s easy to feel overwhelmed by the scale of the EU AI Act, the potential fines, and the legal thresholds. But for CX leaders, the real question is much more practical: what do we need to do next?

Governance is a word we use a lot in business, but it can quickly become abstract. In client conversations, I try to bring it back to something simpler. Good governance isn’t there to slow innovation down. It’s there to give teams the confidence to innovate safely.

When you strip it back, practical AI governance usually comes down to three foundations:

1. Cross-functional councils: Good governance shouldn’t sit in one department. A strong model brings security, legal, infosec, and business stakeholders together so new use cases can be reviewed from every relevant angle.

2. Multi-layered approval frameworks: You also need an approval process that balances speed with compliance:

  • Layer 1: Explores the fundamental business case, data mapping, and inherent risk profile.
  • Layer 2: Tailors the deployment to regional legal nuances, data protection compliance, and localised operational context.

3. Unified global data architecture: Rather than building fragmented compliance systems for every region, global businesses can make life easier by designing for the most comprehensive requirements first.

Why AI governance is an innovation accelerator for customer experience

Too many organisations still see compliance as something that gets in the way of transformation. I see it differently. Done well, AI governance can help innovation move faster because it gives teams clearer guardrails and enables responsible scaling across the technology estate.

When review processes are in place early, enterprises can scale advanced models, deploy automation more securely, and turn regulatory readiness into a point of trust with customers.

[cta-1]

Join the LinkedIn Live: The EU AI Act is coming for CX. Are you ready?

Join Georgi Georgiev, Amanda Panks, and Wayne Kay on 22 July 2026 at 1 p.m. GMT for a practical discussion on the biggest compliance questions facing CX teams, where organisations are most exposed, and the steps you can take now to strengthen AI governance before enforcement intensifies.

Does the EU AI Act apply to US and UK contact centres?

The EU AI Act may apply to US, UK, and offshore contact centres where they place AI systems on the EU market, act as deployers located in the EU, or use AI system outputs in the Union. The key test is not EU citizenship alone, but whether the AI system is placed on the EU market, used by EU-based deployers, or produces outputs used in the Union.

About the author
Wayne Kay
Regional Vice President, Sales Leadership, EMEA, TTEC Digital

With over 20 years of global sales, coaching, and entrepreneurial expertise, Wayne is dedicated to driving transformative change and embracing advanced technological solutions in the contact center environment.