Skip to main content
L
Lexara Advisory
EU AI Act · Risk Classification · Advisory

How to Classify AI Systems Under the EU AI Act

The EU AI Act uses a risk-based classification system. This guide explains how to determine whether an AI system is prohibited, high-risk, limited-risk, or minimal-risk under Regulation (EU) 2024/1689.

June 27, 2026 · By Constantin Razvan Gospodin, Legal AI Risk Manager

until EU AI Act high-risk obligations take effect

Classification is the foundation of EU AI Act compliance. Before a company can build a compliance plan, it must know which tier its AI system occupies. The wrong classification leads to under-preparation or over-investment. This guide walks through the four risk tiers and the practical process for determining where a system belongs. The EU AI Act classifies AI systems into four risk tiers: prohibited (unacceptable risk), high-risk (Annex III or Annex I safety components), limited-risk (transparency obligations), and minimal-risk (voluntary codes). Article 6 and Annex III define high-risk classification. Providers must classify each system before placing it on the EU market.

What This Means

The EU AI Act does not regulate all AI systems equally. It adopts a proportionate, risk-based approach that imposes stricter obligations on systems that pose greater risks to health, safety, and fundamental rights. Understanding this framework is essential for any provider or deployer operating in or affecting the EU market. Classification is not a one-time exercise. Systems evolve, use cases change, and regulatory guidance develops. A system that begins as minimal-risk may become high-risk if deployed in a new context. Continuous classification review is part of a defensible compliance posture. The four-tier framework is established in Article 6 and elaborated in Annexes I, II, and III of Regulation (EU) 2024/1689. The tiers are: prohibited practices, high-risk systems, limited-risk systems, and minimal-risk systems. General-purpose AI models are subject to a separate but overlapping framework under Chapter V.

Key Requirements

Prohibited AI practices (Article 5).

These are AI systems that create an unacceptable risk and are banned outright. The original prohibitions include: social scoring by public authorities; untargeted scraping of facial images from the internet or CCTV for facial recognition databases; real-time remote biometric identification in publicly accessible spaces (with limited law enforcement exceptions); emotion recognition in workplaces and educational institutions (with limited exceptions); and predictive policing based solely on profiling. The Digital Omnibus deal of 7 May 2026 added a new prohibition: AI systems that generate, manipulate, or reproduce non-consensual sexually explicit content of identifiable persons ("nudifiers") and AI systems that generate child sexual abuse material. This new prohibition applies from 2 December 2026. Providers of generative AI systems whose outputs reach EU individuals must verify whether their tools can produce such content and implement safety measures accordingly.

High-risk AI systems (Article 6 and Annex III).

An AI system is high-risk if it is used as a safety component in a product covered by EU sectoral safety legislation listed in Annex I, or if it falls within one of the eight categories listed in Annex III. Annex I products include medical devices, machinery, toys, lifts, and watercraft. Annex III categories are: Remote biometric identification systems, biometric categorization systems that classify by sensitive attributes, and emotion recognition systems. Real-time remote biometric identification in public spaces is prohibited; non-real-time systems are high-risk.

2. Critical infrastructure.

AI systems managing the operation of road, rail, air, and water traffic; water, gas, heating, and electricity supply; and digital infrastructure.

3. Education and vocational training.

AI systems used to determine access to education, evaluate learning outcomes, assess students in tests, or monitor student behavior during exams.

4. Employment and worker management.

AI systems used in recruitment, selection, promotion, termination, or task allocation. This includes resume screening tools, video interview analysis, and performance monitoring systems. This is one of the most frequently triggered categories for US companies.

5. Access to essential services.

AI systems used to evaluate creditworthiness, establish insurance premiums, assess eligibility for social benefits, or evaluate emergency dispatch priorities. Credit scoring and insurance underwriting tools are common triggers.

6. Law enforcement.

AI systems used to assess crime risk, evaluate evidence reliability, or profile individuals in the context of criminal investigations.

7. Migration and border control.

AI systems used to verify travel documents, assess visa or asylum applications, or detect irregular migration.

8. Administration of justice and democratic processes.

AI systems used to assist judicial authorities in researching or interpreting facts and law, or to influence voting behavior in elections. These are systems that interact with humans, generate synthetic content, or produce deepfakes. The primary obligation is transparency: users must be informed that they are interacting with an AI system, and AI-generated content must be labeled as such. Chatbots, AI-generated images, and synthetic media fall into this category.

Minimal-risk AI systems.

These are systems that do not fall into any of the above categories. Examples include spam filters, AI-enhanced video games, and inventory management systems. The AI Act does not impose specific obligations on minimal-risk systems, though providers are encouraged to follow voluntary codes of conduct.

Practical Steps

Classification begins with a clear system definition. What is the AI component? What inputs does it receive? What outputs does it produce? What decisions or actions are taken on the basis of those outputs? Vague definitions lead to vague classifications. The same AI model can be high-risk in one use case and minimal-risk in another. A natural language processing model used for spam filtering is minimal-risk. The same model used for resume screening is high-risk under Annex III, Category 4. Classification follows the use case, not the model. If the AI system is a safety component in a product regulated by EU sectoral safety legislation (medical devices, machinery, toys, etc.), it is high-risk. The Digital Omnibus deal of 7 May 2026 introduced a narrower "safety component" concept: the AI function must create a health or safety risk on failure. Products where AI merely assists or optimizes performance may fall outside this definition. If the system is not an Annex I safety component, determine whether it falls within any of the eight Annex III categories. Be precise. General HR software is not necessarily high-risk; software that makes or materially supports recruitment, promotion, or termination decisions is. Every classification decision should be documented with reference to the specific Article and Annex provision relied upon. This documentation becomes part of the technical documentation under Article 11 and may be reviewed by authorities. Classification is not static. New use cases, model updates, and regulatory guidance can change a system's risk tier. Schedule quarterly or bi-annual classification reviews as part of AI governance. Lexara Advisory supports this process through structured risk classification assessments.

Related Resources

EU AI Act Overview

Annex III and New York Financial Services

Frequently Asked Questions

Q: Can the same AI model be both high-risk and minimal-risk?

Yes. Classification depends on the use case, not the underlying model. A machine learning model used for inventory forecasting is minimal-risk. The same model used for credit scoring is high-risk under Annex III, Category 5.

Q: What changed in the Digital Omnibus for high-risk classification?

The Digital Omnibus introduced a narrower causal test for Annex I safety components. Products where AI merely assists or optimizes, without creating health or safety risks on failure, may no longer be high-risk. It also added an equivalence clause for machinery and similar regulated products, reducing double regulation.

Q: Are all HR AI systems high-risk?

No. Only AI systems used to make or materially support decisions about recruitment, selection, promotion, termination, or task allocation are high-risk under Annex III, Category 4. General HR analytics, benefits administration, and internal communication tools that do not affect employment decisions are typically not high-risk.

Q: What is the difference between Annex I and Annex III high-risk systems?

Annex I high-risk systems are AI safety components embedded in products regulated by EU sectoral safety legislation (medical devices, machinery, toys, etc.). Annex III high-risk systems are stand-alone AI systems used in specific sensitive domains (biometrics, employment, credit scoring, etc.). The conformity assessment pathways differ between the two.

Q: Do I need to register a limited-risk system in the EU database?

No. The EU database registration obligation under Article 71 applies to high-risk AI systems only. Limited-risk systems are subject to transparency obligations under Article 50, not database registration. However, the Digital Omnibus shortened the Article 50 grace period to three months, with a deadline of 2 December 2026.

2026-06-27 Regulation (EU) 2024/1689 (EU AI Act); Digital Omnibus provisional agreement, Council Presidency and European Parliament, 7 May 2026. The EU AI Act classifies AI systems into four risk tiers: prohibited, high-risk, limited-risk, and minimal-risk. High-risk classification is determined by Article 6 and Annex III. Providers must classify each system before placing it on the EU market, document the rationale, and review periodically as use cases evolve.

Need help with AI compliance?

Take our free AI Regulatory Readiness Assessment to evaluate your exposure level and next steps.

Start the Free Assessment

Lexara Advisory LLC provides AI governance consulting and is not a law firm. This article reflects our understanding of applicable regulations as of the date of publication. It does not constitute legal advice. Organizations should consult qualified legal counsel for advice specific to their circumstances.