From August 2, 2026, high-risk AI systems will be required to fully comply with the EU AI Act. For the pharma sector—classified under Annex III—this is the time to prepare: an operational checklist, alignment with Law 132/2025, and a focus on how Linda is designed to be compliant from the ground up.
There’s no more time to wait. The countdown has begun.
August 2, 2026 is the deadline by which AI systems classified as high-risk must be fully compliant with the EU AI Act (Regulation EU 2024/1689). The pharmaceutical sector is explicitly included in Annex III—high risk by regulatory definition.
Many Italian pharma companies are still navigating without a clear direction. Some believe it only concerns large corporations. Some are hoping for an extension. Others are not even aware they fall within the scope.
All three positions are risky
EU AI Act at a Glance: What You Need to Know
The EU AI Act (Regulation EU 2024/1689) is the world’s first comprehensive regulatory framework for artificial intelligence. It classifies AI systems into four risk categories:
- unacceptable (prohibited),
- high risk (Annex III — subject to strict obligations),
- limited risk,
- minimal risk.
For high-risk systems, the Regulation establishes specific requirements both prior to deployment and throughout the system’s entire operational lifecycle.
Why Pharma Falls Under Annex III
Annex III explicitly includes AI systems used in healthcare that can influence clinical decisions, diagnosis, therapies, or interactions with healthcare professionals. An AI avatar answering medical questions, a training system for sales reps (ISF), or an HCP engagement agent, all fall into the high-risk category.
The logic is simple: if an AI system can influence, even indirectly, a patient’s health, it is considered high risk.
EU AI Act Compliance Checklist (High-Risk Systems
☐ Documented risk assessment — classify every AI system in use according to the EU AI Act
☐ Complete technical documentation — architecture, training data, accuracy testing, known limitations
☐ Active audit trail — immutable log of every interaction with timestamps and content
☐ Human-in-the-loop configuration — define when and how human intervention occurs
☐ User transparency — HCPs must be aware they are interacting with an AI system
☐ GDPR-compliant PII handling — personal data management, including the right to be forgotten
☐ Scheduled periodic testing — continuous monitoring for drift and anomalies, not a one-time check
☐ Incident response plan — clear procedures if the system produces incorrect or harmful outputs
☐ Staff training — anyone using or supervising the system must be properly trained
☐ EU database registration — Annex III systems must be registered in the European database
Differences Between Law 132/2025 and the EU AI ActLegge 132/2025 e EU AI Act
Penalties: Why You Shouldn’t Wait
The EU AI Act provides for significant penalties for non-compliance:
Up to €35 million or 7% of annual global turnover for serious violations involving prohibited systems.
Up to €15 million or 3% of turnover for failure to comply with Annex III obligations.
Up to €7.5 million or 1.5% of turnover for providing incorrect information to authorities.
For a medium-to-large pharmaceutical group, even the minimum penalty represents a significant reputational and financial risk.
How Linda Natively Addresses These Obligations
Linda, Media Engineering’s AI avatar, is designed from the ground up to operate in regulated environments. It is not a generic solution with compliance added later: compliance is built into the architecture.
Automatic audit trail: every conversation is logged with timestamp, content, and risk classification. Always available for inspection.
Native AI disclosure: every session starts with an explicit statement that the user is interacting with an AI system, not hidden in the fine print, but displayed in the interface.
Configurable human-in-the-loop: three escalation levels, auto-approved, human review, expert escalation, configurable for each response type
Pre-produced technical documentation: for every deployment, Media Engineering provides the technical documentation required under EU AI Act Annex III.
FAQ
Is My Current Chatbot Subject to the EU AI Act?
Dipende dall'uso. Se il chatbot fornisce informazioni che possono influenzare decisioni sanitarie o interagisce con operatori sanitari in ambito professionale, molto probabilmente è Annex III. Contattaci per una valutazione.i il tuo paragrafo
Dipende dall'uso. Se il chatbot fornisce informazioni che possono influenzare decisioni sanitarie o interagisce con operatori sanitari in ambito professionale, molto probabilmente è Annex III. Contattaci per una valutazione.i il tuo paragrafo
If I am already compliant with Law 132/2025, do I need to do anything else?
Compliance with Law 132/2025 covers many aspects, but the EU AI Act introduces additional specific requirements (technical documentation, EU database registration, structured periodic testing). Further actions are required
Can I wait until August 1st to get started?
No. Compliance takes months of work: risk assessment, documentation, testing, and staff training. Those who start now have the time to do it properly. Those who wait until July 2026 risk not making it.
Is Linda Already Compliant with the EU AI Act?
Yes. Linda is designed with native compliance for the EU AI Act Annex III. Each deployment includes the required technical documentation, an active audit trail, human-in-the-loop configuration, and declared transparency.
Official sources
1)Legge 23 settembre 2025, n. 132 — Gazzetta Ufficiale
2)EU AI Act — Annex III: High-Risk AI Systems
Start Now: Assess Your Compliance
Media Engineering supports pharmaceutical companies throughout the EU AI Act compliance journey, from initial risk assessment to the deployment of natively compliant AI systems.
