From August 2, 2026, high-risk AI systems will need to be fully compliant with the EU AI Act. For pharma, which falls under Annex III, now is the time to prepare: operational checklist, comparison with Law 132/2025, and a focus on how Linda is born already compliant
About 90 Days Left. The Countdown Has Begun.
August 2, 2026 is the deadline by which AI systems classified as high-risk must be fully compliant with the EU AI Act (EU Regulation 2024/1689). The pharmaceutical sector is explicitly included in Annex III — high-risk by regulatory definition.
Many Italian pharma companies are still navigating blind. Some think it only concerns large groups. Some are hoping for an extension. Some don’t yet know they fall within the scope. All three of these positions are dangerous.
EU AI Act in Brief: What You Need to Know
The EU AI Act (EU Regulation 2024/1689) is the first global regulatory framework on artificial intelligence. It classifies AI systems into four risk categories:
- unacceptable (prohibited),
- high risk (Annex III — stringent obligations),
- limited risk,
- minimal risk.
For high-risk systems, the Regulation imposes precise obligations both before deployment and throughout the entire operational life of the system
Why Pharma Falls Under Annex III
Annex III explicitly includes AI systems used in the healthcare setting that can influence clinical decisions, diagnoses, therapies, or interactions with healthcare professionals. An AI avatar that answers medical questions, a field force training system, an HCP engagement agent, all fall under the high-risk category.
The logic is straightforward: if the AI system can influence, even indirectly, a patient’s health, it is high-risk.
Differences Between Law 132/2025 and the EU AI Act
- ☐ Documented risk assessment — classify every AI system in use according to the EU AI Act
- ☐ Complete technical documentation — architecture, training data, accuracy tests, known limitations
- ☐ Active audit trail — immutable log of every interaction with timestamp and content
- ☐ Human-in-the-loop configured — define when and how a human intervenes
- ☐ Transparency toward the user — the HCP must know they are interacting with an AI system
- ☐ GDPR-compliant PII handling — personal data management, right to erasure implemented
- ☐ Periodic testing planned — not just once: continuous monitoring for drift and anomalies
- ☐ Incident response plan — what to do if the system produces incorrect or harmful outputs
- ☐ Staff training — anyone who uses or supervises the system must be trained
- ☐ EU database registration — Annex III systems must be registered in the European database
Differences Between Law 132/2025 and the EU AI Act
The Penalties: Why You Shouldn't Wait
The EU AI Act provides for significant penalties for those who fail to meet their obligations:
- Up to €35 million or 7% of annual global turnover for serious violations (prohibited systems)
- Up to €15 million or 3% of turnover for non-compliance with Annex III obligations
- Up to €7.5 million or 1.5% of turnover for incorrect information provided to authorities
For a medium-to-large pharmaceutical group, even the minimum penalty represents a reputational and financial risk that cannot be overlooked.
How Linda Natively Solves These Obligations
Linda, Media Engineering’s AI avatar, is designed from the ground up to operate in regulated environments. It is not a generic solution to which compliance is added on top: compliance is built into the architecture.
- Automatic audit trail: every conversation is logged with timestamp, content, and risk classification. Always available for inspection.
- Native AI declaration: every session begins with an explicit declaration that the user is interacting with an AI system — not in the fine print, but in the interface.
- Configurable human-in-the-loop: three escalation levels (auto-approved, human review, expert escalation) configurable for each type of response.
- Pre-produced technical documentation: for every deployment, Media Engineering produces the technical documentation required by EU AI Act Annex III.
FAQ
Fonti Ufficiali
1)Legge 23 settembre 2025, n. 132 — Gazzetta Ufficiale
2)EU AI Act — Annex III: High-Risk AI Systems
Start Now: Assess Your Compliance
Is my current chatbot subject to the EU AI Act?
It depends on the use case. If the chatbot provides information that can influence healthcare decisions or interacts with healthcare professionals in a professional context, it is most likely Annex III. Contact us for an assessment.
If I am already compliant with Law 132/2025, do I need to do anything else?
Compliance with Law 132/2025 covers many aspects, but the EU AI Act adds specific obligations (technical documentation, EU database registration, structured periodic testing). Additional actions are required.
Can I wait until August 1st to get started?
No. Compliance requires months of work: risk assessment, documentation, testing, staff training. Those who start now have time to do it properly. Those who wait until July 2026 risk not making it in time.
Is Linda already compliant with the EU AI Act?
Yes. Linda is designed with native EU AI Act Annex III compliance. Every deployment includes the required technical documentation, active audit trail, human-in-the-loop, and declared transparency.
Media Engineering guides pharma companies through the EU AI Act compliance journey — from initial risk assessment to the deployment of natively compliant AI systems.
