Now Assist and the EU AI Act

 

What this article covers

Most European customers we work with have moved past asking whether the EU AI Act applies to their Now Assist deployment. They want to know which obligations land first, which ones ServiceNow already covers in the box, which ones they own as a deployer, and what the moving parts look like over the next 24 months. This article maps the Act onto Now Assist as it ships in Zurich Patch 8 and later patches, and flags what is shifting with the Australia release. It is not legal advice. It is a field-tested view of where the platform helps, where it does not, and where customers usually spend their compliance effort.

The EU AI Act timeline as it stands today

The Act entered into force on 1 August 2024 and applies in phases. The diagram below shows where the obligations stand today and how the Digital Omnibus provisional agreement of 7 May 2026 has shifted several of them.

2 February 2025 (in force). Prohibited AI practices and the AI literacy obligation under Article 4 became applicable across all 27 Member States. There is no grace period for Article 4.

2 August 2025 (in force). Governance rules and the obligations for general-purpose AI (GPAI) models became applicable. National competent authorities are designated. The penalties framework began to bind, although several enforcement powers do not switch on until 2 August 2026.

2 August 2026 (default, partly moving). Most other provisions become applicable, including the transparency obligations under Article 50 that affect deployers (chatbot disclosure, deepfake labelling, AI-generated text in public-interest publishing). The high-risk regime under Annex III was originally tied to this date.

The Digital Omnibus shift. On 19 November 2025 the European Commission published the Digital Omnibus on AI, and on 7 May 2026 the Council and Parliament reached a provisional agreement. Subject to formal adoption, the high-risk regime for standalone Annex III systems shifts to 2 December 2027 and the regime for high-risk AI embedded in regulated products shifts to 2 August 2028. The Article 50(2) machine-readable marking obligation for systems already on the market shifts to 2 December 2026. All other Article 50 transparency obligations, including the deployer-facing ones, continue to apply from 2 August 2026.

Practical implication for Now Assist customers: do not stand down high-risk preparation just because the headline date moved. The Omnibus delay is contingent on harmonised standards and supporting tools being available, with a hard backstop. Article 4 is already enforceable. Article 50 deployer obligations are not delayed.

Where Now Assist customers fit in the Act

Two roles matter under the Act. Providers develop or place the AI system on the market. Deployers use it under their own authority in a professional context. Most ServiceNow customers running Now Assist are deployers. ServiceNow, as the provider of Now Assist and of the underlying Now LLM, carries the provider-side obligations.

A few common nuances we see in European engagements:

• Substantial modification (Art. 3(23) and Art. 25). If a customer builds custom skills in Now Assist Skill Kit (NASK) or custom AI Agents in Agent Studio that materially modify behaviour, they may move toward provider-side obligations for those specific components. The Act defines “substantial modification” in Article 3(23) as a change after the AI system is placed on the market that is not foreseen in the initial conformity assessment and that either affects the system’s compliance with the high-risk requirements in Chapter III Section 2 or modifies its intended purpose. Article 25 then makes the substantial modifier a provider of that high-risk system. Routine updates, bug fixes, and security patches do not normally trigger this.
• Partner-built skills or agents. If a partner builds skills or agents on the customer's behalf and the customer operates them, the customer remains a deployer for that operational use. The partner's role under the Act depends on what they place on the market.
• End-user exposure in the EU. A customer that exposes a Now Assist Virtual Agent or AI Agent to citizens, employees, or B2B end users in the EU is a deployer for those interactions, regardless of where the instance is hosted.
• Bring-your-own-LLM (BYOLLM). Where Now Assist is routed through a customer-brought model (for example a customer's own Azure OpenAI deployment, their own AWS Bedrock model, or a privately hosted model) the GPAI provider obligations for that model sit with the model's actual provider, not with ServiceNow. The customer, as deployer of the combined system, inherits the responsibility to verify and document the upstream provider's compliance posture (model documentation, copyright safeguards, evaluation results). Data residency analysis follows the model's hosting region, which may diverge from the ServiceNow instance region even with SPP EU in place. The Gen AI Controller orchestration layer remains ServiceNow's, but the AI provider for that call is not.

Risk classification is the next step. Most Now Assist deployments sit in limited-risk or minimal-risk territory, which means Article 50 transparency and Article 4 literacy are the main near-term hooks. Specific use cases can move a deployment into high-risk territory under Annex III. The common ones in our customer base:

• Recruitment and selection (Annex III, point 4(a)). AI systems used to place targeted job advertisements, analyse and filter job applications, or evaluate candidates. Common Now Assist patterns: Now Assist for HRSD applied to candidate triage, AI Agents in talent workflows, AI Search over candidate knowledge.
• Access to essential public services. AI used in decisions affecting access to public services or social benefits (Annex III point 5(a)). Relevant for public sector deployments running Now Assist for Public Sector or HRSD.
• Workplace decisions (Annex III, point 4(b)). AI systems used to make decisions affecting terms of work-related relationships, the promotion or termination of work-related contractual relationships, to allocate tasks based on individual behaviour or personal traits, or to monitor and evaluate the performance and behaviour of persons in such relationships. Common Now Assist patterns: performance summarisation, task triage in HRSD, AI-assisted case routing in IT or facilities tied to individual employee history. Article 26 adds a deployer-specific obligation: workers and their representatives must be informed before a high-risk AI system is put into use in the workplace.

The classification is the customer's call, with documentation. If your AI influences a decision in any of these areas, the practical posture is to assume high-risk until you have a documented reason to conclude otherwise. Annex III is the right reference.

The four obligations to focus on right now

1. AI literacy (Article 4)

Article 4 requires providers and deployers to ensure a sufficient level of AI literacy among staff and others who operate or use the AI system on their behalf, proportional to context and consequence. It has been in force since 2 February 2025. Supervision and enforcement transfer to national market surveillance authorities from 3 August 2026. Penalties fall under the general infringement tier in Article 99, up to €7.5 million or 1% of global annual turnover, whichever is higher.

What needs to be tracked

The European Commission's AI Literacy Questions and Answers, published 7 May 2025 and updated since, sets the expectation. No certificate is required. The AI Office will not assess employees directly. Internal records of training and other initiatives are sufficient, provided they evidence that measures were taken “to the best extent” and tailored to roles and AI use. In practice, supervisory authorities will look for:

• A written AI literacy policy with named governance ownership.
• A needs assessment that shows how training was tailored to roles, AI use cases, and risk levels.
• Training records: who was trained, when, on what content, at what level. Contractors and service providers using AI on the organisation's behalf are in scope.
• A refresh schedule that triggers updates when a new AI system is deployed, when an existing one is upgraded, or when regulatory guidance shifts.
• For high-risk systems, evidence that those exercising human oversight under Article 14 have the competence, training, and authority to do so.

Reading the AI system's instructions for use is explicitly insufficient on its own. So is generic AI training without a needs assessment. Now Learning paths and the ServiceNow AI Acceptable Use Policy are useful inputs to the programme, not a substitute for the documentation. The deployer still owns the evidence pack.

A note on the Digital Omnibus. The 19 November 2025 proposal would shift the Article 4 obligation to Member States and the Commission, asking them to promote AI literacy rather than enforcing an unspecified obligation on operators. The 7 May 2026 provisional agreement preserves this shift. The important caveat: for deployers of high-risk AI systems, the obligation to ensure that staff exercising human oversight are trained for that purpose remains in place. If your AI estate includes anything in Annex III, the Article 4 evidence pack still stands.

2. GPAI provider obligations (already in force, mostly ServiceNow's side)

The 2 August 2025 GPAI rules apply primarily to the model provider. ServiceNow is a signatory to the EU GPAI Code of Practice, which covers model documentation, data provenance and lineage, risk assessment, copyright safeguards, and bias detection. For customers using Now LLM and Now Assist Premium third-party models through ServiceNow's Gen AI Controller, the upstream obligations are largely covered by ServiceNow as provider, with documentation available on request.

The deployer's job here is mainly to know which models power which skills, and to be able to evidence that during audit. AI Control Tower's model inventory is the cleanest place to keep this. Where BYOLLM is in play (see above), the customer also documents the upstream provider's compliance posture for the model they bring.

3. Transparency to end users (Article 50, applies 2 August 2026)

Article 50(1) requires that AI systems intended to interact directly with people are designed so the person is informed they are interacting with AI, unless that is obvious from the circumstances. The Commission's draft guidelines treat the “obvious” exception narrowly. A customer service chatbot mimicking a human conversation does not qualify.

For Now Assist this means:

• Virtual Agent surfaces (web, mobile, Microsoft Teams, Slack) should carry a clear, persistent disclosure that the user is interacting with an AI system. The same applies when those surfaces are reimagined as ServiceNow Otto.
• AI-generated text published to the public in matters of public interest, for example AI-summarised public knowledge articles or AI-drafted government service responses, must be disclosed as AI-generated unless the content has been subject to human review and editorial responsibility (Article 50(4)).
• Where AI Agents send AI-generated emails or chat responses externally, the same logic applies.

Now Assist does not insert these disclosures automatically. Configuring them is a deployer task: Virtual Agent topic design, AI Search result framing, and email templates produced by Now Assist for Email all carry this design choice.

4. High-risk preparation (now realistically targeting late 2027)

Even with the Digital Omnibus shift, deployers of high-risk AI under Annex III still have to deliver risk management, data governance, logging, human oversight, accuracy and robustness measures, post-market monitoring, and conformity. The list is long. For Now Assist, the practical near-term steps are:

• Classify each in-scope use case against Annex III with reasoning.
• Inventory the data used to ground or fine-tune the AI behind each high-risk use case, including any custom NASK skills.
• Define and document human oversight: who reviews, when, with what authority to override.
• Capture audit-grade logs of decisions, inputs, and outputs. Retention at least six months under Article 26(5), longer where sector-specific law applies.
• For workplace use cases, inform workers and their representatives before deployment (Article 26).

This is where AI Control Tower carries the most weight.

What ServiceNow gives you in Zurich Patch 8+

The platform capabilities that map directly to EU AI Act obligations and are available today:

Now Assist Guardian. A built-in protection layer that inspects both inputs sent to LLMs and the responses they generate. It covers offensive content detection across 16 categories, prompt injection defence, and sensitive topic filtering. Detections can be configured per workflow, with log-only or block-and-log modes, and severity tuned from low (most protective, more noise) to high (only flags high-certainty cases). Guardian uses VirtueGuard-Text-Lite plus Gen AI models and is model-agnostic, so it inspects responses from Now LLM and from Now Assist Premium third-party models routed through the Gen AI Controller. Guardian Analytics surfaces guardrail-added latency, the count and percentage of offensive content occurrences, prompt injection attempts, and breakdowns by category and skill. Note: official Guardian language support is English. Multilingual detection works in practice for some content but is not officially supported. For European customers running multilingual deployments, this is a real constraint to plan for, especially in CSM and HRSD.

Now Assist Data Privacy. Real-time anonymisation that masks sensitive data before it leaves the instance for LLM processing. Out-of-the-box patterns plus customer-defined patterns. Data is encrypted in transit using TLS 1.2 and processed in-memory, with no caching after the response is returned. This is the primary technical control behind GDPR-aligned use of Now Assist with PII.

AI Control Tower. A centralised command centre for governing AI agents, models, and workflows, launched at Knowledge 2025. The capabilities that matter for the Act are: a unified inventory of AI assets, risk classification workflows that map to EU AI Act categories, audit trails for AI model decisions, compliance dashboards, and configurable human-in-the-loop workflows. AI Control Tower also integrates with the platform's Governance, Risk, and Compliance (GRC) module, which gives you a path to evidence and report obligations the way regulators expect.

ServiceNow Protected Platform for the EU (SPP EU). EU data residency option for Enterprise customers, with instances hosted in EU colocation sites (Germany, Dublin, Amsterdam) and limited, controlled access from outside the EU. Customers signing the EU SPP amendment can constrain where their data sits and is processed. Note: where BYOLLM is in use, SPP EU does not by itself control where the BYO model runs.

Gen AI Controller. Routes Now Assist calls to Now LLM, ServiceNow-hosted third-party models, or customer-brought models. Verifying Gen AI Controller configuration is part of any go-live review where data residency or model provenance is sensitive.

Audit logs. Standard ServiceNow audit logging captures who used which skill, when, with what input and output, subject to the customer's audit configuration. For Article 50 deployer evidence and for any Annex III post-market monitoring, this is where the trail starts.

Capability and obligation mapping

A condensed view of how the platform capabilities above map to the obligations you carry as a deployer:

Obligation	Article	Status	Platform capability	Deployer owns
AI literacy	Art. 4	In force (Feb 2025)	Now Learning paths, AI Acceptable Use Policy	Role-based training plan, evidence pack, refresh cadence
GPAI rules	Ch. V	In force (Aug 2025)	GPAI Code of Practice signatory; Gen AI Controller	Inventory of which models power which skills
Chatbot disclosure	Art. 50(1)	Firm (Aug 2026)	Virtual Agent, AI Agent surfaces	Configure disclosures in topics and templates
AI text / deepfake disclosure	Art. 50(4)	Firm (Aug 2026)	Deployer config in templates	Label public-facing AI-generated text
High-risk regime	Ch. III + Annex III	Delayed to Dec 2027	AI Control Tower risk frameworks; audit logs; human-in-loop workflows	Classify, document, oversight, worker info (Art. 26)
Data residency	GDPR + AI Act	Available now	SPP EU; Now Assist Data Privacy	Sign SPP EU; configure masking patterns

What is moving with the Australia release

The Australia release shifts the AI governance story from monitoring to enforcement at the infrastructure layer. Features most relevant to EU AI Act compliance are scheduled to enter Innovation Lab in May 2026 with general availability targeted for August 2026:

• Five risk frameworks aligned with NIST and EU AI Act standards embedded into AI Control Tower, announced at Knowledge 2026. This formalises the risk classification step inside the platform rather than as a documentation exercise outside it.
• AI Agent Topology Mapping. Discovery of AI agents, models, and prompts with full visibility into dependencies and risks. For customers wrestling with the Annex III classification of complex agentic workflows, this is the visibility layer.
• Traceloop observability (added through acquisition) for tracking AI agent behaviour during operation. Article 50 evidence and Annex III post-market monitoring both rely on this kind of runtime trace.
• Veza identity access governance integration to extend access controls to cloud AI environments, with the ability to detect when an agent operates beyond its permissions and shut it down in real time.
• Thirty new enterprise integrations announced at Knowledge 2026 across AWS, Google Cloud, Microsoft Azure, SAP, Oracle, and Workday, extending AI Control Tower visibility beyond the ServiceNow estate.

The architectural shift to watch: where Zurich treats AI Control Tower largely as a dashboard and Guardian as a guardrail layer, Australia moves toward platform-enforced barriers for unapproved agents. Customers that treated Zurich's governance as optional will encounter friction in Australia.

A note on NASK governance. Now Assist Skill Kit democratises skill creation, but it does not embed the same approval lifecycle that MCP servers and other agent integrations require. Until Australia release closes that gap further, customers operating in regulated sectors should add their own approval and review gates around NASK skills going to production.

What to do, and when

A practical sequence for European Now Assist deployers on Zurich Patch 8 or later. Each horizon builds on the previous. Print this section, share it with your platform owner and your compliance lead, and revisit at each milestone.

This week	1 month	3 months
Open AI Control Tower and inventory every Now Assist skill, AI Agent, custom NASK skill, and Virtual Agent topic in production or in flight. Identify your one most likely high-risk use case (HR screening, performance evaluation, public service access). Tag it. Confirm whether SPP EU is in place. If you do not know, raise it with your account team this week.	Article 4 literacy gap analysis: map roles to depth of AI interaction. Draft the training plan and start delivering. Stand up the evidence pack (policy, role map, training records, refresh schedule). Configure Now Assist Guardian for ITSM, CSM, and HRSD in log-only mode. Baseline the noise for two to four weeks. Audit Article 50 disclosure surfaces (Virtual Agent welcome messages, Now Assist for Email templates, AI Search result framing). Apply Now Assist Data Privacy patterns for sensitive data categories.	Move sensitive Guardian workflows from log-only to block-and-log. Complete Annex III classification with documented reasoning for every in-scope use case. Define and document human oversight per high-risk use case: who reviews, when, with what authority to override. Verify Gen AI Controller configuration and audit log retention policy. Plan the Australia release impact: clean up the inventory before AI Agent Topology Mapping lands in August 2026.

What the platform will not do for you

ServiceNow's controls reduce the work substantially. They do not replace deployer responsibilities. Specifically:

• ServiceNow will not classify your use cases against Annex III. The Act puts that judgement on you, and the documentation has to be yours.
• Now Assist Guardian's official language support is English. Multilingual European deployments need their own approach for non-English content.
• Article 50 disclosures are configuration choices in your topics, templates, and surfaces. The platform exposes the hooks. The wording, placement, and persistence are yours.
• Audit logs are only useful if you retain them long enough and can produce them on demand. Retention policy and access controls are deployer decisions.
• The Digital Omnibus delay is conditional on EU standards arriving. Treat the new dates as planning targets, not as relief from the work.
• For BYOLLM, ServiceNow does not provide the model documentation. That sits with the model's actual provider, and the deployer collects it.

Companion tools and what's next in this series

A single-page action card with the timeline, capability mapping, and the this week / 1 month / 3 months structure is published alongside this article. Use it as a desk reference or a handout when briefing your platform and compliance teams. A follow-up article in this series will extend the analysis to the wider AI estate beyond Now Assist, using AI Control Tower as the governance layer for external AI agents and third-party LLMs.

---

Sources

• European Commission, AI Act overview and timeline: digital-strategy.ec.europa.eu
• European Commission, Regulation (EU) 2024/1689, Article 3 (definitions, including substantial modification) and Article 25 (responsibilities along the AI value chain).
• European Commission, Regulation (EU) 2024/1689, Annex III (high-risk AI systems), point 4 (employment, workers' management, access to self-employment) and Article 26 (deployer obligations).
• European Commission AI Office, AI Literacy Questions and Answers, 7 May 2025 (updated): digital-strategy.ec.europa.eu/en/faqs/ai-literacy-questions-answers
• European Commission Digital Omnibus on AI proposal, 19 November 2025; Council and Parliament provisional agreement, 7 May 2026.
• ServiceNow, Knowledge 2026 announcements: ServiceNow Otto (unified conversational AI brand) and AI Control Tower expanded governance features, May 2026.
• ServiceNow, “ServiceNow signs the EU AI Code of Practice”, September 2025.
• ServiceNow Community, AI Control Tower Blueprint for ISO/IEC 42001 and EU AI Act Compliance.
• ServiceNow Community, Now Assist Guardian FAQ and Configuring Now Assist Guardian (March 2026).
• ServiceNow Now Assist Guardian Analytics and Now Assist Data Privacy product documentation (Zurich bundle).
• ServiceNow VirtueGuard-Text-Lite model card.
• DLA Piper, Hogan Lovells, Travers Smith legal updates on AI Act obligations, Article 4 literacy, and the Omnibus delay (2025–2026).