Risk classification is where every EU AI Act compliance programme begins. Get it wrong and the consequences run in both directions: over-classify, and you impose unnecessary conformity obligations on systems that don't need them; under-classify, and you expose the organisation to enforcement action under Article 71, which allows fines of up to €30 million or 6% of global annual turnover for placing high-risk AI on the market without the required conformity assessment.
The framework is not as complex as the Regulation's length suggests. Four tiers. Two that require nothing beyond general product safety rules. One that requires a full conformity process. One that is banned outright.
The four tiers
Unacceptable risk (Article 5) — Prohibited practices. AI systems that the legislator has concluded cannot be deployed safely under any conditions. The list includes real-time biometric identification in public spaces by law enforcement (with narrow exceptions), social scoring by public authorities, and systems that exploit psychological vulnerabilities to manipulate behaviour. These prohibitions have applied since February 2025.
High risk (Articles 6–7 and Annex III) — This is where most compliance work concentrates. High-risk AI systems are those used in contexts where errors carry significant consequences for health, safety, or fundamental rights. The Regulation defines high-risk through two routes.
The first route, Article 6(1), covers AI systems that are safety components of products regulated under existing EU sectoral legislation listed in Annex I — medical devices, machinery, civil aviation systems, railway signalling, and others. Whether the AI system itself is subject to third-party conformity assessment under that sectoral law determines whether it is high-risk under the AI Act.
The second route, Article 6(2) and Annex III, covers eight domains regardless of sectoral regulation: biometric identification, critical infrastructure, education and vocational training, employment and workers management, access to essential private and public services, law enforcement, migration and asylum, and the administration of justice. If an AI system is used in any of these domains, it is high-risk unless an exception applies.
Limited risk (Article 52) — Systems that interact with natural persons in ways that are not obvious — chatbots, deepfakes, emotion recognition. The obligation is primarily transparency: users must be informed they are interacting with an AI, or that content is AI-generated. The burden is light, but non-compliance is common.
Minimal risk — Everything else. No obligations beyond general product safety law and, where applicable, the voluntary codes of practice being developed by the AI Office.
Where classification goes wrong
The Annex III list is not exhaustive by sector. Operators sometimes conclude that because their industry is not named, they are not in scope. The eight Annex III domains are defined by use case, not industry. An HR system that ranks job applicants falls under point 4 of Annex III (employment and workers management) whether the employer is in manufacturing, finance, or the public sector.
Intended purpose is what matters, not actual use. Article 3(12) defines intended purpose as the use for which the AI system is placed on the market by the provider. If a general-purpose language model is marketed with use cases that fall into Annex III domains, the provider bears the high-risk obligations for those use cases — even if the same underlying model is used for other tasks that would not be high-risk in isolation.
The general-purpose AI rules interact with risk classification. Title IX of the Regulation, which applies to GPAI models, operates on a separate track. A GPAI provider does not classify their model using the Annex III framework. But deployers who integrate a GPAI model into an Annex III use case bear the high-risk obligations for that deployed system.
The recital 47 carve-out has limits. Recital 47 provides that AI systems used for narrow procedural tasks, or to improve the result of a previously completed human activity, are not high-risk. This is not a blanket exemption for any system where a human reviews the output. The system must not be used to make decisions, or to significantly influence decisions, that affect legal status or fundamental rights.
The conformity assessment for high-risk systems
High-risk systems in Annex III domains generally follow the internal conformity assessment procedure in Annex VI, meaning third-party involvement is not required. The exceptions — biometric identification systems, AI used as safety components in Annex I products — require a notified body.
Internal conformity assessment requires the provider to:
- Establish and maintain a quality management system covering risk management, data governance, technical documentation, transparency, human oversight, accuracy and robustness, and cybersecurity (Articles 9–15)
- Register the system in the EU database (Article 71)
- Draw up a written declaration of conformity (Article 47)
- Affix the CE marking (Article 48)
- Maintain the Technical File for ten years after the system is placed on the market (Article 18)
The Technical File is the substantive document. Article 11 and Annex IV set out what it must contain: a description of the system and its intended purpose, design specifications, training and testing data, performance metrics, risk management records, and post-market monitoring plans, among other items. In our experience, assembling a complete Technical File for a system that was not designed with this documentation in mind takes between eight and sixteen weeks of focused effort.
Starting the classification process
A practical classification exercise involves three questions for each AI system in scope:
Is the system prohibited under Article 5? If yes, it cannot be deployed.
Does the system fall within Annex I or Annex III? Work through each Annex III domain systematically. For Annex I, check whether the product the AI is embedded in is subject to one of the named sectoral regulations.
If high-risk, which conformity route applies? Internal assessment under Annex VI, or third-party assessment via a notified body.
The classification should be documented. Regulators will ask how the determination was made, and a reasoned record is materially better than an undocumented conclusion.
The next Briefing covers what a Technical File actually contains and how to build one from an existing system.
Reference: Regulation (EU) 2024/1689, Articles 5–7, Annex I, Annex III, Annex IV, Annex VI. Recital 47.
