Shadow AI is staff using AI tools without company approval or oversight. Under the EU AI Act, the company is still the deployer of AI used in its professional activity, so unknown AI use means unknown legal obligations. The fix is an inventory, a clear usage policy, and the AI literacy training that Article 4 has required since February 2, 2025.
Shadow AI at Work: What the EU AI Act Means for Internal Tools
What Is Shadow AI?
Shadow AI is the use of AI tools inside a business without the knowledge, approval, or oversight of the people responsible for technology and compliance. The classic example is an employee pasting customer data into a free chatbot to draft replies faster. Others are quieter: a recruiter running candidate CVs through an AI summariser, a manager asking a generative tool to rank team members for a restructuring, a sales rep recording calls through an unapproved transcription service. Surveys across markets consistently find that a large share of employees use AI at work without telling anyone. The phenomenon is not malicious; it is what happens when useful tools are one browser tab away and official alternatives are slow to arrive. But under Regulation (EU) 2024/1689, what your staff do with AI in their professional role is, in the law's eyes, what your company does with AI.
Why the AI Act Turns Shadow AI Into a Compliance Problem
The Act assigns duties by role, and the role that matters here is the deployer: any organisation using an AI system under its authority in the course of a professional activity. There is no exemption for AI the IT department never heard about. If an employee uses an AI tool to do company work, the company is deploying AI, and whatever obligations attach to that use attach to the company. For most everyday tools the obligations are light or nil, because most AI is minimal risk. The danger of shadow AI is not that every chatbot use is illegal; it is that the company cannot know which of its uses are the regulated ones. You cannot classify what you have not catalogued, you cannot supervise what you cannot see, and you cannot honestly answer a customer, an auditor, or a regulator who asks how AI is used in your business.
The Duty That Already Applies: AI Literacy
One obligation is not waiting for 2026. Since February 2, 2025, Article 4 requires providers and deployers of AI systems to take measures to ensure, to their best extent, a sufficient level of AI literacy among the staff and other people operating AI systems on their behalf, taking into account their technical knowledge, experience, education, and the context the systems are used in. For a small business this does not mean sending everyone to a data science course. It means practical training proportionate to actual use: what AI tools are approved, what data must never be entered into them, how to spot wrong or fabricated output, and when a human must make the final call. A company with widespread shadow AI and no training at all is visibly behind a duty that is already in force.
When Internal Use Crosses Into High Risk
The risk category follows the purpose of use, and several purposes that arise naturally inside ordinary companies are listed as high risk in Annex III, with obligations applying from August 2, 2026. The pattern to watch for is AI output flowing into decisions about people.
| Innocent-looking internal habit | Where it lands under the Act |
|---|---|
| Asking a chatbot to summarise meeting notes or draft emails | Minimal risk; governed by your data policy, not by heavy AI Act duties |
| Using AI to screen, rank, or filter job applicants | High risk, Annex III point 4, even if done through a general-purpose chatbot |
| AI scoring of employee performance feeding reviews or dismissals | High risk, Annex III point 4 |
| AI assessing customer creditworthiness for payment terms | High risk, Annex III point 5 |
| Sentiment or emotion analysis of employees | Prohibited in the workplace under Article 5, in force since February 2025 |
The uncomfortable insight is the first high-risk row: the law cares about what the system is used for, so a manager pasting twenty CVs into a consumer chatbot and asking it to pick the best five has just used AI for an Annex III purpose, with none of the oversight, logging, or vendor assurances that purpose demands. Shadow AI is how a minimal-risk toolset quietly grows high-risk uses.
Step One: Build the Inventory
You cannot manage what you have not listed. A workable AI inventory for a small or medium business is a single spreadsheet with one row per tool or AI feature and columns for: what it is, who uses it, what it is used for, what data goes in, whether the use touches any Annex III area, and whether the tool is approved. Populate it three ways. Ask teams directly, with an explicit amnesty so people admit what they actually use. Check expense reports and software subscriptions for AI services. And remember that AI now arrives embedded inside software you already own, from office suites to CRM systems, so review the AI features of incumbent tools too. Expect the first draft to be wrong and incomplete; it will still be infinitely more useful than nothing.
Step Two: Write a Policy People Can Actually Follow
Bans do not work; capable people route around them and the shadow deepens. An effective internal AI policy is short, permissive by default, and strict at the edges. The elements that earn their place: a list of approved tools and how to request new ones; data rules stating plainly what may never be entered into external AI services, such as customer personal data, health information, and trade secrets; a red line that AI must not be used to evaluate, rank, or make decisions about identifiable people without explicit sign-off, which is where Annex III risk concentrates; a rule that significant AI-assisted output is reviewed by a human who takes responsibility for it; and a named person to ask when in doubt. Pair the policy with the Article 4 training and revisit both twice a year, because the tool landscape changes faster than annual cycles.
Step Three: Assign an Owner and Mind the Embedded AI
Inventories and policies decay without an owner. Name one person, in a small company often the founder or the operations lead, who approves new tools, keeps the register current, and watches two moving targets. The first target is embedded AI: software vendors are adding AI features to products you already pay for, often enabled by default after an update, which means your AI footprint grows without anyone making a decision. A quarterly pass through release notes of your core systems catches most of it. The second target is vendor terms. Where staff use free consumer versions of AI tools, the provider's terms frequently allow inputs to be used for model training, which is precisely how confidential text leaks; business tiers usually offer contractual controls, and moving approved tools onto business terms is one of the highest-value moves available. The owner should also keep the simple records that make later questions easy: which tools were approved when, what training was run and who attended, and which uses were flagged against Annex III. None of this is heavy governance. It is one accountable person, a spreadsheet, and a calendar reminder, which is the level of machinery a small business can actually sustain.
What Ignoring This Costs
The fine structure under Article 99 scales with the breach: prohibited practices such as workplace emotion recognition carry up to 35 million euros or 7 percent of total worldwide annual turnover; breaches of most other obligations, including deployer duties for high-risk systems, carry up to 15 million euros or 3 percent; supplying misleading information to authorities carries up to 7.5 million euros or 1 percent, with the lower of amount and percentage applying for SMEs. The likelier near-term costs are smaller and sharper: a data protection incident from pasted customer records, a discrimination claim from an AI-shortlisted hiring round nobody can explain, a lost enterprise customer whose security questionnaire you could not answer. The companies that handle this well treat shadow AI not as misconduct to punish but as demand to channel: staff are telling you which tools make them productive. Give them a sanctioned way to use those tools, and the shadow shrinks on its own. The sequence that works in practice is approval before prohibition: announce two or three sanctioned tools on business terms, run the short training, and only then enforce the red lines. Companies that start with bans drive usage underground and learn nothing; companies that start with sanctioned alternatives watch the unknown tail of their inventory shrink month by month, which is the only metric of shadow AI that genuinely matters.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.