Read more
List of contents
Chapter 1. Introduction.- Chapter 2. Main Compliance Challenges for Businesses.- Chapter 3. How Business Can Build Smart AI Compliance Strategies.- Chapter 4. Conclusions.
About the author
Chalisa Veesommai Sillberg
is a Postdoctoral Researcher at Tampere University’s GPT Laboratory, contributing to the Generative Artificial Intelligence in Business Support (GENT) project. She has extensive experience in information and data analysis across diverse environmental studies, employing methods such as semantic computing, database management, and machine learning. Her current role primarily involves working on the EU AI Act to support a safe environment for AI systems in SMEs.
Kai-Kristian Kemell is a Postdoctoral Researcher and Head of the GPT-Lab in Tampere University. His overarching research interest is studying Software Engineering (SE) processes and especially developing SE practices and methods. In this regard, his focus has recently been on using AI for SE, with a focus on Generative AI.
Pekka Sillberg is a Postdoctoral Research Fellow at Tampere University. During his academic career, he has worked on various research projects, creating and designing different pilots and software applications for various needs and environments. His current interests are in technology and hardware to ensure smooth operation of software engineering and development.
Mika Saari is a researcher and an educator, working as the vice-head of the GPT-lab in Tampere University. His expertise spans various areas, including the Internet of Things (IoT), sensor networks, and artificial intelligence. Her academic journey has been marked by curiosity, innovation, and a commitment to advancing knowledge.
Katri Harjuveteläinen is a legal professional with extensive experience in AI and emerging technologies regulation, combined with deep expertise in data protection. Her current work at Regulyn Ltd focuses on regulatory advisory in AI Act compliance and governance across research, medical, and technology sectors. She is also pursuing a doctoral degree in Law at the University of Eastern Finland, where her research examines data protection in scientific and medical contexts.
Muhammad Waseem is a Postdoctoral Research Fellow and Vice Head of the GPT Laboratory at Tampere University, Finland. He earned his PhD in Software Engineering from Wuhan University, China, and has extensive experience in software development, teaching, and applied AI research. His work focuses on leveraging Generative AI for software engineering development and research, closely collaborating with industry to address real-world challenges. Dr. Waseem has authored over 70 peer-reviewed publications in leading venues such as JSS, IST, ICSE, and EASE.
Pekka Abrahamsson is a Full Professor of Software Engineering at Tampere University, Finland, and one of the most cited scholars in his field. He leads GPT-Labs, where his research focuses on generative and agentic AI in software-intensive systems, with an emphasis on trust, autonomy, and strategic resilience. He has held tenured professorships in Norway, Italy, and Finland, and was the first Software Engineering Professor elected to the Finnish Academy of Science and Letters.
Summary
Small and medium-sized enterprises (SMEs) across Europe are increasingly adopting AI—yet many lack the resources to interpret and implement the complex requirements of the EU Artificial Intelligence Act (AI Act). This practical open access guide bridges the gap between regulation and business reality.
Designed specifically for SMEs, the book explains the EU AI Act in clear, actionable terms. It helps organizations identify which AI systems fall under the regulation, determine their risk category, and understand the resulting obligations. Rather than treating compliance as a legal burden, the book shows how it can become a competitive advantage through strengthening customer trust, reducing operational risk, and supporting sustainable business growth.
The book includes practical tools such as risk assessment checklists, internal audit steps, transparency guidelines, and examples of human oversight in AI workflows. It also explores long-term governance strategies, including embedding risk classification into development pipelines, aligning ethics with business strategy, and building responsible AI capabilities step by step.
Combining regulatory clarity with business pragmatism, this book offers SMEs a roadmap for responsible and compliant AI adoption—without unnecessary complexity.
