The EU AI Act at Your Trade Fair Stand: What You Can and Cannot Deploy in 2026

For a decade, exhibitors at European trade fairs experimented with AI at the booth more or less freely. Facial-recognition demographic analytics. Real-time emotion detection on visitor engagement. Automated lead-scoring against social-media-derived behavioural profiles. The technology was available, the marketing case was clear, and the regulatory friction was limited to GDPR’s general processing principles — which most exhibitors interpreted permissively.

That interpretation no longer holds. The EU Artificial Intelligence Act (Regulation (EU) ²⁰²⁴⁄₁₆₈₉) entered force on 1 August 2024. Its obligations apply progressively: bans on “unacceptable risk” AI systems became operational on 2 February 2025, transparency rules for general-purpose AI on 2 August 2025, the high-risk obligations on 2 August 2026, and the full framework by 2 August 2027. For a Hannover Messe 2027 stand, the AI Act is the operating environment. For a Light + Building 2026 or EuroShop 2026 stand, large portions of it already apply.

The penalties are larger than under GDPR: up to EUR 35 million or 7% of worldwide annual turnover for breaches of the prohibited-AI rules, EUR 15 million or 3% for other high-risk obligations. The supervisory authorities — the European AI Office, the European Artificial Intelligence Board, and the national competent authorities each member state has designated — are tooling up through 2026 with sharper enforcement capacity than the GDPR rollout had in 2018.

This guide is the practical compliance map for trade-fair exhibitors deploying any AI-driven technology at a European stand. It covers the four risk categories as they apply to common stand applications, the specific prohibited practices that catch out booth-tech vendors, the transparency obligations for visitor-facing AI, and the procurement-side due diligence your operations team needs to do on any AI product offered by a stand builder or experiential agency in 2026.

The four risk levels in stand-deployment terms

The AI Act classifies AI systems by potential to harm health, safety or fundamental rights. Each level carries different obligations:

Risk level	What it means at the booth	Examples of stand-deployed AI in each category
Unacceptable risk (banned)	Cannot be deployed at all in EU territory	Real-time facial recognition of visitors in the public hall, emotion-detection systems used to score visitor engagement for HR-style profiling, social-scoring systems ranking visitors by behaviour
High risk	Conformity assessment, Fundamental Rights Impact Assessment, human oversight, transparency obligations, registration in EU database	Automated lead-scoring systems used for recruitment-adjacent purposes, biometric identification systems for restricted areas, AI-driven access control
Limited risk	Transparency obligations (visitors must know they are interacting with AI)	Chatbots at the booth, AI-generated content shown on screens, voice-cloning demos, deepfake-based marketing experiences
Minimal risk	No regulatory obligations under AI Act	Spam filtering, basic recommendation engines for booth content, AI-assisted CRM enrichment of existing leads, AI-driven A/B testing of stand layout

The single highest-risk legacy practice — and the most common one for exhibitors to discover they cannot continue in 2026 — is real-time biometric identification of visitors in the publicly-accessible parts of the fair hall. This includes facial-recognition systems that scan visitor faces as they approach a stand, emotion-detection cameras that score engagement levels, and demographic-analytics systems that infer age, gender or ethnicity from visual data. All of these now fall under the Article 5 prohibition on real-time remote biometric identification in publicly-accessible spaces, with extremely narrow exceptions for serious crime prevention that do not apply to commercial use.

From the regulation: “The placing on the market, the putting into service or the use of biometric categorisation systems that categorise individually natural persons based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation” is prohibited under Article 5(1)(g) of Regulation (EU) ²⁰²⁴⁄₁₆₈₉.

For exhibitors who deployed any of these technologies at fairs before 2024, the compliance position from February 2025 onwards is to remove them. The supervisory authorities are not requiring exhibitors to publicly disclose past use, but continued use after the prohibition date is direct exposure to the EUR 35 million / 7% turnover penalty band.

What stand-deployed AI is actually permitted in 2026

The good news is that the AI Act is not a blanket prohibition on AI at trade fairs. The vast majority of useful booth applications fall into limited-risk or minimal-risk categories, with manageable transparency obligations rather than substantial compliance burden.

Permitted with transparency obligation only (limited risk):

• Booth chatbots providing product information, FAQ responses or meeting scheduling, provided visitors are clearly informed they are interacting with an AI system. The Article 50 transparency requirement applies — a visible disclosure (“You are chatting with an AI assistant”) is sufficient.
• AI-generated content displayed on stand screens, including images, video, voice or text generated by tools like Midjourney, ChatGPT, ElevenLabs or Runway. The synthetic content must be labelled as such to visitors. From 2 August 2026, the labelling obligation strengthens for any deepfake-adjacent content.
• Voice-cloning demos where a brand spokesperson’s voice is generated by AI. Visitors must be informed before the demo runs.
• Multilingual AI-powered booth staff aids (real-time translation devices, AI-translated brochure summaries). Transparency disclosure required.
• Conversational AI demos of your own product if the product itself uses AI. Visitors must understand they are interacting with the AI being demonstrated.

Permitted without specific AI Act obligation (minimal risk):

• CRM lead enrichment using AI to append firmographic data to captured leads, provided no automated decision-making with legal effect on the data subject is happening (still subject to GDPR Article 22 rules).
• Booth layout optimisation using AI to A/B test traffic flow patterns from anonymised footfall data.
• Marketing-content generation using generative AI for stand graphics, brochure copy, pitch decks. Use is permitted; if the content is shown to visitors at the booth, label as AI-generated for transparency.
• Sentiment analysis of post-fair survey free-text responses for content quality assessment, without identifying individual respondents.
• Recommendation engines suggesting which product demo to watch next based on visitor’s stated interests (visitor-volunteered data, not biometric).

High-risk applications requiring full conformity work:

This category is rare for trade-fair stand deployments. The clearest case is AI-driven recruitment booths used by some exhibitors to pre-screen job applicants who visit the stand looking for employment. Such systems fall under Annex III, high-risk category 4 (AI systems used in employment and worker management). Compliance requires conformity assessment, FRIA, human oversight, transparency obligations, registration in the EU database, and ongoing monitoring. Most exhibitors will avoid this category entirely; those who must operate it (large employers using fairs for recruitment) should engage an AI Act compliance specialist before deployment.

Common booth AI use case	AI Act risk classification	Required action
GPT-style booth chatbot	Limited risk	Transparency disclosure to visitor
AI-generated promotional video	Limited risk	Label content as AI-generated
Real-time face scanning of visitors	Unacceptable risk	Do not deploy
Demographic inference from camera footage	Unacceptable risk	Do not deploy
Anonymised footfall counter	Minimal risk	No AI Act obligation (GDPR still applies)
Voice translation device at booth	Limited risk	Transparency disclosure
AI lead-scoring (firmographic enrichment, no decision)	Minimal risk	None specific
AI-driven recruitment pre-screening	High risk	Full conformity assessment + FRIA

From the European Commission: “This delay is 6 months for bans on ‘unacceptable risk’ AI systems, 9 months for codes of practice, 12 months for general-purpose AI systems, 36 months for some obligations related to ‘high-risk’ AI systems, and 24 months for everything else.” — AI Act implementation timeline, European Commission AI Office, 2024.

The procurement-side question every exhibitor needs to ask

The AI Act places different obligations on providers (those who develop and place AI systems on the market) and deployers (those who use AI systems in a professional context). As an exhibitor using third-party AI booth technology, you are a deployer. The provider — typically your experiential agency, stand-builder partner, or specialised vendor — carries most of the conformity assessment burden.

But deployers have obligations too, and “I didn’t know the chatbot used a prohibited feature” is not a defence. The minimum procurement-side due diligence on any AI-driven booth technology in 2026:

1. Risk classification declaration from the provider. The vendor must tell you which risk category their system falls into and provide documentation supporting that classification. Refusal or vagueness is a red flag.

2. CE marking or conformity declaration. High-risk systems require CE marking under the AI Act conformity assessment framework. If a vendor claims their system is high-risk but cannot produce a CE marking or conformity declaration, do not deploy.

3. Transparency materials in the deployment language. For limited-risk systems, the vendor should provide visitor-facing transparency materials (disclosure text, labelling artwork) in every language your stand will operate in.

4. GDPR data processing agreement separate from AI Act compliance. AI Act compliance does not replace GDPR obligations. The DPA must cover the AI-specific processing.

5. Country-specific competent authority registration. If you are deploying a high-risk system, the operator must be registered with the national competent authority in the member state of deployment. For a Hannover Messe stand, that is the German Bundesnetzagentur (which has taken on AI Act market surveillance responsibilities).

6. Incident reporting capacity. Providers and deployers of high-risk AI must report serious incidents to the relevant authority. The vendor should specify their incident reporting workflow and your obligations as deployer.

7. Sub-processor disclosure. If the AI vendor uses third-party LLM providers (OpenAI, Anthropic, Google, Mistral), those relationships must be disclosed. General-purpose AI model providers have separate obligations under the AI Act that affect your deployment risk.

For exhibitors who use multiple AI products at a stand (chatbot + AI-generated content + CRM lead enrichment + translation), the compliance audit must be done for each system separately. Bundled “AI booth experiences” from experiential agencies are particularly exposed if any component fails — the integrated experience inherits the highest risk classification of its weakest component.

From the Act: “AI systems should be classified as high-risk only when they have a significant harmful impact on the health, safety and fundamental rights of persons in the Union. The classification should be based on the intended purpose of the AI system, taking into account the function performed.” — Recital 52, Regulation (EU) ²⁰²⁴⁄₁₆₈₉.

The four-fair compliance calendar

The phased implementation of the AI Act produces a distinct compliance calendar for exhibitors planning the 2025-2027 European fair seasons:

By 2 February 2025 (already in force): All Article 5 prohibitions apply. No real-time biometric identification, no emotion detection for behavioural scoring, no biometric categorisation by sensitive characteristics, no social scoring. Audit every existing booth technology against these prohibitions before any 2025 fair.

By 2 August 2025 (in force): General-purpose AI transparency obligations apply to model providers. The General-Purpose AI Code of Practice (published 10 July 2025) provides the operational guidance. For deployers, the practical impact is that any GPT-style chatbot you embed at the booth must be using a provider that has met its own transparency obligations — typically not your problem to verify but worth confirming with vendors.

By 2 February 2026 (in force): Codes of practice for high-risk systems become applicable. For exhibitors planning H1 2026 fair attendance (EuroShop 8-12 March, MWC Barcelona 2-5 March, Light + Building 8-13 March, Salone del Mobile 21-26 April), the deployment compliance posture should be locked by January 2026.

By 2 August 2026 (in force): High-risk AI system obligations become fully applicable. This is the deadline for exhibitors deploying any system that falls into the Annex III high-risk categories (recruitment AI, biometric access control, critical infrastructure management AI being demonstrated at the booth). For H2 2026 fairs (IFA Berlin 4-8 September, Anuga in October, NXP in November) the full high-risk framework applies.

By 2 August 2027 (full framework): All AI Act obligations are in force. For Hannover Messe 2027 (20-24 April) and any 2027 fair, every category of AI system carries its full compliance burden.

The implication for budget planning: AI compliance is now a line item in stand-build budgeting, not an afterthought. Plan EUR 5,000-25,000 in compliance documentation, legal review and vendor due diligence for any stand deploying multiple AI products in 2026, scaling with the number of AI systems and the highest risk category involved.

For exhibitors using AI in CRM and lead-capture (which most do, often without realising it), the broader GDPR and CRM integration framework applies in parallel.

The three booth applications most likely to need redesign in 2026

Based on guidance issued by the European Commission AI Office and the German Bundesnetzagentur through 2025, three booth-tech patterns require active redesign for 2026 European fair compliance:

1. “Smart” visitor counters that infer demographics. Many booth-tech vendors sell footfall counters that combine person-counting with on-device classification of approximate age, gender or apparent interest level. The person-counting itself is minimal-risk. The biometric inference is unacceptable-risk under Article 5(1)(g). Replace with anonymised counting only (LIDAR-based counters, simple infrared, or RGB-only with all biometric features disabled). Cost typically EUR 1,500-6,000 per counter unit.

2. AI-driven engagement scoring on stand cameras. Systems that watch the booth area and score visitors on attention, engagement or emotional response are prohibited if they rely on biometric data, even if the scores are never attached to identified individuals. The supervisory authorities are reading this strictly. Replace with engagement metrics derived from explicit visitor actions (badge scans, demo participation, brochure pickup, chatbot interactions). Cost is operational rather than hardware — re-instrument the booth analytics around action data not visual data.

3. Chatbots that lack transparency disclosure. Many off-the-shelf chatbot platforms deployed at booths in 2023-2024 do not clearly disclose AI usage to visitors. From August 2025 the Article 50 transparency obligation applies. Update the chatbot UX to include a clear, first-screen disclosure that the visitor is interacting with an AI system. Cost is typically minimal if the platform supports configurable welcome messages; substantial if the chatbot is custom-built and needs UX modification.

For exhibitors using stand builders who supply turnkey “AI booth experiences”, the redesign conversation should happen now rather than at the build stage. Our vetted builder directory flags partners who have completed AI Act compliance training and can advise on the redesign sequence.

What this means for your 2026 fair brief

If you are briefing a stand build for a 2026 European fair and AI-driven booth technology is part of the package, the priority sequence is:

1. List every AI-driven component in the proposed build. Chatbots, screen content, lead-capture enrichment, footfall analytics, translation devices, voice demos, AI-generated graphics — write the full inventory.

2. Classify each component against the four risk levels. If any component is unacceptable-risk, it must be replaced. If any is high-risk, the conformity and FRIA workload may exceed the stand build budget.

3. Require risk-classification declarations from every AI vendor in the supply chain. This includes sub-vendors used by your stand builder or experiential agency.

4. Bake transparency disclosure into stand UX from day one. Visitor-facing AI must be labelled. Designing this in is cheaper than retrofitting.

5. Budget the compliance documentation work as a line item. Legal review of AI vendor contracts, FRIA where required, supervisory authority registration, CE marking verification — EUR 5,000-25,000 typical range for multi-AI stand builds.

6. Coordinate AI Act compliance with the parallel GDPR data-protection workstream. The two regulations overlap heavily on biometric processing, automated decision-making and transparency. Your DPO should be involved in the AI deployment review.

For builders and exhibitors who want a single brief covering both the stand build and the AI compliance posture, submit via our RFQ system — we route to partners with explicit AI Act and GDPR compliance experience for the specific fair and AI technology mix you are deploying.

The AI Act does not prevent exhibitors from running technically sophisticated, visitor-engaging booth experiences. It does require that those experiences are designed around what the regulation permits, not around what was operationally normal in 2023. Exhibitors who treat the compliance work as a competitive disadvantage will fall behind those who treat it as a procurement-quality signal — same logic as CSRD’s effect on stand sustainability disclosure, just two regulatory cycles ahead.

---

References

1. Regulation (EU) ²⁰²⁴⁄₁₆₈₉ of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union, OJ L, ²⁰²⁴⁄₁₆₈₉, 12.7.2024. Entered into force 1 August 2024.

2. European Commission, AI Act enters into force, official press release, Brussels, 1 August 2024.

3. European Artificial Intelligence Office, General-Purpose AI Code of Practice, published 10 July 2025.

4. CEN/CENELEC Joint Technical Committee 21 (JTC 21), Artificial Intelligence standardisation programme, ongoing standards development supporting AI Act conformity assessments.

5. Mantelero, Alessandro (2024). The Fundamental Rights Impact Assessment (FRIA) in the AI Act: Roots, legal obligations and key elements for a model template. Computer Law & Security Review, Volume 54, Article 106020.

6. European Parliament Research Service (EPRS), Artificial Intelligence Act: Initial Appraisal of a European Commission Impact Assessment, briefing paper, 2024 edition.

7. Veale, Michael; Borgesius, Frederik Zuiderveen (2021). Demystifying the Draft EU Artificial Intelligence Act — Analysing the good, the bad, and the unclear elements of the proposed approach. Computer Law Review International, 22(4), 97-112.

8. Bundesnetzagentur (German Federal Network Agency), market-surveillance guidance for AI Act enforcement in Germany, 2025-2026 editions.

9. Regulation (EU) ²⁰¹⁶⁄₆₇₉ (General Data Protection Regulation) — operates in parallel with the AI Act for biometric processing, automated decision-making, and transparency obligations.

10. European AI Office, Guidelines on the classification of AI systems as high-risk, ongoing publication through 2025-2026 implementation period.

Frequently Asked Questions

When did the EU AI Act start applying to trade fair exhibitors?

Regulation (EU) ²⁰²⁴⁄₁₆₈₉ entered force on 1 August 2024 with a phased implementation. The prohibitions on ‘unacceptable risk’ AI (real-time biometric identification in public spaces, emotion-detection scoring, biometric categorisation by sensitive characteristics, social scoring) became operational on 2 February 2025. General-purpose AI transparency obligations applied from 2 August 2025. Codes of practice for high-risk systems took effect 2 February 2026. The full high-risk obligations apply from 2 August 2026, and the complete framework from 2 August 2027. For any 2026 European fair, the prohibitions plus the General-Purpose AI Code of Practice plus the transparency obligations for limited-risk AI all apply now.

Can I still use facial recognition or emotion detection on stand cameras?

No, not in any commercial trade fair context. Article 5(1)(g) of the AI Act prohibits biometric categorisation systems that infer characteristics like ethnicity, political opinions or sexual orientation from biometric data. Article 5(1)(h) prohibits real-time remote biometric identification systems in publicly-accessible spaces. The narrow exceptions for serious crime prevention do not apply to commercial use. This means face-scanning visitor counters, emotion-detection cameras, demographic-inference systems on stand cameras, and any AI that scores visitor engagement using biometric data are now prohibited with fines up to EUR 35 million or 7% of worldwide annual turnover, whichever is higher. Replace with anonymised counting (LIDAR, infrared, or RGB with biometric features disabled) and engagement metrics derived from explicit actions like badge scans and demo participation.

What AI is still permitted at a booth in 2026?

Most useful applications. Booth chatbots are limited-risk — permitted with a transparency disclosure that visitors are interacting with AI. AI-generated content shown on screens (images, video, voice) is permitted with labelling. Voice-cloning demos require pre-demo disclosure. Real-time translation devices are permitted with transparency disclosure. AI lead-scoring that enriches firmographic data without automated decisions is minimal-risk. Booth-layout A/B testing from anonymised footfall is minimal-risk. AI-assisted CRM enrichment is minimal-risk under the AI Act (GDPR still applies). The main category to avoid is anything that processes biometric data (face, voice with identification intent, gait, behavioural biometrics) on identifiable individuals in the public hall.

What due diligence should I do on AI booth technology vendors in 2026?

Seven items minimum. Request a risk classification declaration from the vendor stating which AI Act category their system falls into with supporting documentation. Verify CE marking and conformity declaration for any high-risk system. Require transparency materials in all stand-deployment languages. Sign a GDPR Data Processing Agreement covering AI-specific processing. Confirm national competent authority registration for high-risk systems (Bundesnetzagentur for Germany, equivalent national bodies elsewhere). Specify the incident reporting workflow for serious AI incidents. Require disclosure of sub-processors including the underlying LLM providers (OpenAI, Anthropic, Google, Mistral). Bundled ‘AI booth experiences’ from experiential agencies need each component audited separately — the integrated experience inherits the highest risk classification of its weakest component.

How much should I budget for AI Act compliance on a 2026 stand?

For a stand deploying multiple AI products (chatbot + AI-generated content + CRM lead enrichment + translation), budget EUR 5,000-25,000 in compliance documentation, legal review and vendor due diligence. Costs scale with the number of AI systems and the highest risk category involved. A stand with only minimal-risk and limited-risk AI typically lands at the lower end. A stand deploying any high-risk system (recruitment AI, biometric access control, demonstrations of high-risk AI products) carries substantially higher compliance cost including Fundamental Rights Impact Assessment (FRIA), conformity assessment fees, supervisory authority registration, and ongoing monitoring. For exhibitors planning a multi-fair 2026 European programme, the per-fair compliance cost decreases as templates and vendor relationships stabilise.

What are the penalties under the EU AI Act for non-compliance?

Three tiers. Breaches of the Article 5 prohibitions (deploying banned AI systems) attract fines up to EUR 35 million or 7% of total worldwide annual turnover, whichever is higher. Other operator obligation breaches face fines up to EUR 15 million or 3% of worldwide annual turnover. Providing incorrect, incomplete or misleading information to authorities attracts up to EUR 7.5 million or 1% of turnover. For SMEs and start-ups, the applicable cap is the lower of the relevant percentage or the fixed amount. General-purpose AI model providers face separate fines up to EUR 15 million or 3% of turnover. Enforcement is coordinated by the European AI Office and the national competent authorities each member state has designated — for Germany, the Bundesnetzagentur has taken on AI Act market surveillance responsibilities. The supervisory authorities are tooling up through 2026 with sharper enforcement capacity than the GDPR rollout had in 2018.