Skip to content

EU AI Act: Risk Classification & Compliance

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive horizontal regulation of artificial intelligence — and its compliance deadlines are no longer theoretical. The bans on unacceptable-risk AI systems hit in February 2025, and the big one (high-risk AI obligations) arrives in August 2026.

Here's what most people miss: the AI Act doesn't regulate AI technology — it regulates what you do with it. The same AI model can be treated four different ways depending on how it's deployed. That distinction is the whole game.

The Regulatory Philosophy: Risk-Based, Not Technology-Based

The AI Act does not regulate AI as a monolithic technology. Instead, it regulates the uses of AI based on the level of risk they pose to health, safety, and fundamental rights. This means the same underlying AI model — a large language model, for example — can face very different obligations depending on how it is deployed.

The Act follows a pyramid structure with four tiers:

graph TD
    A[Unacceptable Risk] --> B[Prohibited]
    C[High Risk] --> D[Conformity assessment, CE marking, full obligations]
    E[Limited Risk] --> F[Transparency obligations only]
    G[Minimal Risk] --> H[No legal obligations]

Tier determines obligations. Obligations are borne primarily by providers (those who develop or place AI systems on the market) and, to a lesser degree, by deployers (those who use AI systems in a professional capacity).

Tier 1: Unacceptable Risk — Prohibited Practices

These AI practices are banned outright. Not "discouraged." Not "regulated." Banned. If your system falls into any of these categories, the conversation starts and ends with the same answer: it cannot be placed on the EU market, regardless of safeguards.

The ban covers eight practices, and they all took effect in February 2025:

Social scoring by public authorities. Real-time remote biometric identification in public spaces (with narrow law enforcement carve-outs). AI that exploits vulnerabilities of children or disabled persons. Subliminal or manipulative techniques that cause significant harm. Biometric categorisation based on race, politics, or sexual orientation. Untargeted scraping of facial images from the web or CCTV. Emotion recognition in workplaces and schools. And predictive policing based purely on profiling.

If you're building any of these, it's not a compliance question — it's a business model question.

Tier 2: High Risk — Full Regulatory Obligations

High-risk AI systems face the heaviest regulatory burden. Classification triggers automatically in two scenarios:

Automatic Classification (Rule 1)

An AI system is high-risk if it is a safety component of a product already covered by EU harmonisation legislation, and that product requires third-party conformity assessment. This legislation includes:

  • Machinery Regulation (2023/1230)
  • Medical Device Regulation (2017/745)
  • Radio Equipment Directive (2014/53/EU)
  • Toy Safety Directive (2009/48/EC)
  • Civil Aviation Safety Regulation (2018/1139)

If the AI system would need CE marking under any of these frameworks, it inherits high-risk classification — even if the AI feature itself seems minor.

Standalone Classification (Rule 2)

AI systems listed in Annex III of the Act are also classified as high-risk. The eight categories are:

  1. Biometric identification and categorisation of natural persons
  2. Critical infrastructure management and operation
  3. Education and vocational training (access, admission, evaluation)
  4. Employment and worker management (recruitment, performance, promotion)
  5. Access to essential services (credit, insurance, healthcare, utilities)
  6. Law enforcement (risk assessment, evidence evaluation, profiling)
  7. Migration, asylum, and border control
  8. Administration of justice and democratic processes

Derogation

A provider of an Annex III system can argue that the system poses no significant risk and thus should not be classified as high-risk. This derogation must be documented and, in practice, is difficult to sustain under regulatory scrutiny.

Obligations for High-Risk AI Systems

If your system is high-risk, you're looking at eleven distinct obligations. Here's what they cover:

You need an iterative risk management system that runs throughout the AI's lifecycle — identifying and mitigating foreseeable risks to health, safety, and fundamental rights. Data governance rules require training datasets to be relevant, representative, and free from biases, with documented data provenance. The technical documentation file (design specs, methodology, performance metrics, risk mitigations) must be maintained for ten years after the last unit is placed on the market.

Record-keeping means automatic event logging that enables traceability and post-market monitoring. Transparency obligations require clear instructions covering capabilities, limitations, and known failure modes. Human oversight mechanisms must let a human operator monitor, understand, and override the system's outputs.

Your AI must meet defined accuracy, robustness, and cybersecurity standards — resilience to errors and adversarial manipulation. Conformity assessment is self-assessment (internal control) for most Annex III systems, but you'll need a notified body for safety components of regulated products. You'll also need an EU declaration of conformity, a CE mark, and registration in the public EU database before the system hits the market.

If that sounds like a lot, it is. But the Act is clear: if you're building high-risk AI, you carry the heaviest obligations.

Tier 3: Limited Risk — Transparency Obligations

AI systems that interact with humans, generate content, or manipulate media face lighter but still binding requirements. Chatbots must disclose they're not human. Deepfakes and synthetic media must be labelled as artificially generated. Emotion recognition systems in use must be disclosed to affected persons.

These rules apply regardless of other classifications. Even a low-risk chatbot needs the disclaimer.

Tier 4: Minimal Risk — No Obligations

The vast majority of AI applications — spam filters, inventory algorithms, route optimisers, AI-enhanced video games — face no mandatory obligations. The Act doesn't regulate everything. Providers can voluntarily adopt codes of conduct, but nobody's forcing them. This is the category most commercial AI falls into, and it's deliberately light-touch.

Obligations for Deployers (Users of AI)

Don't think this is just a provider problem. Deployers — anyone using a high-risk AI system professionally — have their own checklist. You must follow the provider's instructions to the letter, ensure human oversight by competent people, monitor and report serious incidents, log automated decisions where required, and (for public authorities or private operators providing public services) conduct a fundamental rights impact assessment.

If you buy an AI recruitment tool and use it to screen candidates without these safeguards, the deployer obligations apply to you.

Governance Architecture

The Act creates a five-layer enforcement structure. At the top, the European AI Office (inside the Commission) coordinates implementation and oversees general-purpose AI models. The European Artificial Intelligence Board — composed of member state representatives — ensures consistent application across the Union.

At the national level, each member state designates a notifying authority (for notified bodies) and a market surveillance authority (for enforcement). Notified bodies are independent third parties that perform conformity assessments for high-risk systems. And providers of high-risk AI must implement an AI quality management system covering design, development, post-market monitoring, and corrective action.

General-Purpose AI Models

Large language models and foundation models get their own chapter. All GPAI models must provide technical documentation, training data summaries, and a copyright policy. The truly large ones — trained with more than 10^25 FLOPs or designated by the AI Office — face additional obligations: model evaluation, adversarial testing, incident reporting, and cybersecurity protections.

Penalties

The fines are designed to hurt. Prohibited AI practices cost up to €35 million or 7% of global annual turnover — whichever is higher. High-risk non-compliance is €15 million or 3%. Transparency failures and incorrect information to authorities each carry €7.5 million or 1.5%.

These apply to both providers and deployers. Member states can also order product recalls, withdrawals, or corrective actions on top.

Compliance Roadmap

The phased timeline matters for planning. The unacceptable-risk bans took effect in February 2025. GPAI model rules and notified body designation began in August 2025. The first high-risk deadline arrives August 2026 (for systems already covered by sectoral legislation). All remaining high-risk systems must comply by August 2027. And systems placed on the market before August 2026 that haven't undergone significant design changes have transitional arrangements until August 2028.

Practical Preparation Steps

  • Inventory your AI systems — Catalogue every AI or ML feature in your products and internal operations. Document the intended purpose and deployment context for each.
  • Classify by risk tier — Apply the Act's two-rule classification logic. Document the reasoning for each system, especially for borderline cases and derogations.
  • Map to applicable legislation — If your AI system is a safety component of a regulated product, identify the corresponding EU harmonisation legislation and its conformity assessment requirements.
  • Build the risk management system — Establish a documented, iterative risk management process specific to AI. This is the core deliverable for high-risk compliance.
  • Prepare technical documentation templates — The Act specifies 11 required sections. Structure a template now rather than scrambling after classification.
  • Engage a notified body early — If your AI system requires third-party conformity assessment, notified bodies have limited capacity. Early engagement secures your slot.

Frequently Asked Questions

Does the AI Act apply to AI systems developed only for internal use?

Yes, if the system is classified as high-risk. Even internal AI systems — such as an AI-powered recruitment tool used only within your company — must comply if they fall under Annex III categories.

How do I know if my AI system is considered a "safety component"?

A safety component is one that performs a safety function for the product or is necessary for the product to operate safely. If the AI's failure would compromise the health or safety of persons, it is likely a safety component under the applicable sectoral legislation.

What is the difference between a "provider" and a "deployer"?

The provider develops the AI system or places it on the market under their own name or trademark. The deployer uses the AI system in a professional capacity. A single organisation can be both — for example, a company that develops an AI recruitment tool (provider) and also uses it internally (deployer).

Can an AI system be reclassified after deployment?

Yes. If the system undergoes a substantial modification — changing its intended purpose or significantly altering its performance — it must be re-assessed. Post-market monitoring by the provider is mandatory and feeds into this process.