Ask most association leaders about the EU AI Act and you tend to get one of two responses. Either “that’s a problem for big tech, not us,” or “hasn’t it been delayed anyway?” Both are understandable. Both are wrong, and both can be costly.

The Act is the world’s first comprehensive law for artificial intelligence. It matters to membership organisations for three reasons that are easy to miss.

It regulates use, not industry

The Act does not target an AI sector. It targets what AI is used to do. The same tool is lightly regulated when it drafts a newsletter and heavily regulated when it screens job applicants or scores members for eligibility. No category of organisation sits outside it. A professional body, a charity and a trade association are all in scope the moment they use AI for a regulated purpose, and much of that AI arrives quietly inside platforms you already run: your CRM, your recruitment tools, your member-facing chatbot.

It reaches beyond the EU

Like GDPR, the Act follows the output, not your postcode. If you have EU members, serve them through automated systems, or process their data with AI, you can be in scope even if your organisation sits firmly in the UK. For international associations, that reach is the rule, not the exception.

One duty already applies to you

Here is the part that gets overlooked. Since February 2025, organisations have been legally required to ensure a sufficient level of “AI literacy” among the people who use AI on their behalf. It is not limited to high-risk systems. If your staff use AI, this duty is already yours. It is also the foundation for everything else, because you cannot oversee a system your people do not understand.

So what about the delay?

It is real, but modest. In May 2026 the EU’s Digital Omnibus pushed the heaviest obligations, those for “high-risk” uses such as recruitment and eligibility decisions, back to December 2027. Welcome breathing space. But the prohibitions and the literacy duty are live now, and the high-risk work takes many months to do well. The delay is time to prepare properly, not a reason to look away.

A sensible starting point

None of this requires a compliance department or a large budget. For most membership organisations, the first steps are practical and low-cost. Build a simple inventory of the AI you use, including the tools embedded in software you already own. Check, in writing, that nothing you use falls into the Act’s short list of banned practices. Work out which uses are higher-stakes, particularly anything touching recruitment, member eligibility or vulnerable groups. And invest in role-appropriate AI literacy, from the board to frontline teams, which satisfies a live legal duty and reduces everyday risk at the same time.

Done in this order, readiness for the Act turns out to be the same work that makes AI genuinely useful: knowing what you have, deciding who is accountable, and putting sensible guardrails around the decisions that matter.

The Act can feel daunting from the outside. It is far more manageable once broken down. We have put together a free, plain-English interactive guide that walks through the full picture, the risk tiers, the timeline, the penalties and what to do next, written for organisations of every size and sector.

Read it here: https://eu-ai-act-guide.netlify.app/

ITAA.ai  help organisations move beyond experimentation towards AI-native ways of working.

Alan King
Alan KingCEO, ITAA.ai