The EU AI Act's risk classification system is the foundation of everything else in the regulation. Get the classification wrong, and you either over-invest in compliance for systems that do not require it, or — more dangerously — under-invest in systems that do.
This piece walks through the classification framework in plain language, with examples designed for compliance professionals and business leaders rather than legal specialists.
The four tiers
The Act divides AI systems into four risk categories. Understanding where each system sits requires working through the criteria in sequence.
Unacceptable risk (prohibited). A small number of AI applications are prohibited outright because the risks they pose are considered incompatible with fundamental rights. These include AI systems that use subliminal techniques to manipulate behaviour in harmful ways, systems that exploit vulnerabilities of specific groups, and real-time remote biometric identification in public spaces for law enforcement purposes (with narrow exceptions). These prohibitions have been in force since February 2025.
High risk. This is the category that will affect the largest number of mid-market organisations. High-risk systems are defined in Annex III and fall into eight specific areas: biometric identification and categorisation, management of critical infrastructure, education and vocational training, employment and worker management, essential private and public services, law enforcement, migration and asylum management, and administration of justice.
Limited risk. Systems in this tier have transparency obligations but not the full compliance burden of high-risk systems. AI systems that interact with humans (chatbots, virtual assistants), generate synthetic content, or are used for emotion recognition must disclose their AI nature to users.
Minimal risk. The majority of AI applications — spam filters, recommendation engines for internal use, AI-assisted productivity tools — fall into this category and face no specific regulatory obligations under the Act.
The high-risk categories in practice
Employment and worker management (Annex III, point 4). This covers AI systems used for recruitment, selecting candidates, evaluating performance, allocating tasks, monitoring behaviour, and making decisions affecting employment or contractual relationships. If you use an AI tool to screen CVs, assess video interviews, rank candidates, or monitor employee productivity, these systems are almost certainly high-risk under the Act.
Essential private and public services (Annex III, point 5). This covers AI used in credit scoring, risk assessment for insurance, and systems that determine access to public benefits. If your organisation uses AI in credit decisions, affordability assessments, or automated underwriting, you are likely operating high-risk systems.
Education and vocational training (Annex III, point 3). AI systems that determine access to educational institutions or evaluate students during assessments are high-risk. This is increasingly relevant as educational technology companies expand into the EU market.
General-purpose AI models
Alongside the risk tiers, the Act introduces specific obligations for general-purpose AI models — large-scale foundation models that can be used for a wide range of downstream tasks. For most mid-market organisations, the more relevant question is whether your use of third-party GPAI models creates obligations for you as a deployer. The Act's requirements flow to both developers and deployers, so organisations building applications on top of large language models need to understand their position carefully.
Practical next steps
Build your inventory first. List every AI system your organisation develops, deploys, or operates — including systems accessed through APIs, embedded in vendor software, or operated by third parties on your behalf.
For each system, apply the Annex III test: does it fall within one of the eight defined areas? If yes, does the specific use case fall within the more detailed criteria? Document the classification reasoning. In the event of a regulatory inquiry, you need to demonstrate that you applied a structured, defensible process — not that you simply asserted your systems were low-risk.
For systems where the classification is genuinely ambiguous, external advisory provides both rigour and defensibility. Book a discovery call to discuss your specific systems and how they classify.
About author
Sonia is a technology risk and AI governance leader with 12+ years of international consulting experience across PwC, EY, and KPMG, spanning London, East Africa, and the Middle East. She has led complex IT audit, controls testing, and data analytics engagements for major regulated institutions including Lloyds Banking Group, Prudential PLC, Shell, RELX Group, McDonald's, and Tesco. She founded VeridianTech Co. to make enterprise-quality AI governance accessible to mid-market organisations — the companies that need it most and have historically been priced out of it.
Sonia Kentaro
Founder & Principal AI Governance Advisor
Subscribe to our newsletter
Sign up to get the most recent blog articles in your email every week.
