EU AI Act — how to correctly classify your AI system: minimal, limited, high or unacceptable risk (practical decision tree)

The EU AI Act, Regulation (EU) 2024/1689, entered into force on 1 August 2024. Application is staggered: prohibitions (unacceptable risk systems) apply from 2 February 2025, GPAI (General Purpose AI) obligations from 2 August 2025, the rest of high-risk requirements from 2 August 2026, and Annex I high-risk provisions from 2 August 2027.

The practical question for any European company using AI: “which category does our system fall into?” This article provides a concrete decision tree and obligations per category.

TL;DR

• The AI Act sets four risk levels: minimal, limited, high, unacceptable.
• “Unacceptable” systems are banned from 2 February 2025: government social scoring, subliminal manipulation, emotion recognition at work or school, real-time remote biometric in public spaces.
• “High-risk” in Annex III: employment, education, credit scoring, justice, asylum and migration, critical infrastructure.
• GPAI above 10^25 FLOPS pre-training (GPT-4 class) has additional systemic requirements.
• Fines: up to 35 million EUR or 7% of global turnover for breaches of the prohibitions.

The four categories — definition

Unacceptable risk (Art. 5). Systems entirely banned in the EU. The exhaustive list includes:

• Subliminal manipulation or exploiting vulnerabilities (age, disability, economic situation) to induce harmful behaviour.
• Social scoring by public authorities.
• Emotion recognition at the workplace and in educational institutions (with medical exceptions).
• Real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes (with strict exceptions: searching for kidnapping victims, preventing imminent threats, identifying suspects of listed serious crimes).
• Biometric categorisation based on sensitive data (race, political opinions, sexual orientation, religion).
• Individual predictive policing based on profiling.
• Building facial recognition databases by scraping the internet or CCTV.

High risk (Art. 6 + Annex III). Permitted but heavily regulated systems. Annex III lists 8 areas:

1. Biometric identification, biometric categorisation, emotion recognition (where not banned under Art. 5).
2. Critical infrastructure — road, electricity, water, gas traffic management.
3. Education and vocational training — admission, student evaluation, exam-conduct monitoring.
4. Employment and HR management — recruitment, candidate evaluation, promotion or termination decisions, task allocation.
5. Access to essential public and private services — credit scoring, life insurance, prioritising emergency services, social benefit eligibility.
6. Law enforcement — victim risk assessment, evidence credibility evaluation, suspect profiling, predictive policing.
7. Migration, asylum, border control — risk assessment, travel documents, asylum claim examination.
8. Justice and democratic processes — systems influencing judicial decisions or elections.

Limited risk (Art. 50). Systems with transparency obligations. Typically: chatbots (informing users they speak with AI), deepfake generation (mandatory labelling), synthetic content generation (machine-readable watermarking).

Minimal risk. Everything else. Spam filters, ecommerce recommenders, video game NPCs, inventory optimisers. No specific obligations beyond general GDPR.

Practical decision tree

Step 1: Does your system fall under Art. 5 (banned)?

• Subliminal manipulation? Exploits vulnerabilities? Uses sensitive biometrics for categorisation? Performs emotion recognition at work or school? Builds facial recognition DB by scraping?
• If yes → STOP. The system cannot be placed on the EU market.
• If no → move to step 2.

Step 2: Is your system a safety component of a product regulated in Annex I?

Annex I lists 12 sectoral directives (machinery, toys, lifts, medical devices, in-vitro medical devices, motor vehicles, etc.). If your AI is a safety component of such a product → high-risk.

Step 3: Is your system in Annex III?

Check the 8 areas listed above. Pay attention to areas 4 (HR) and 5 (credit scoring) — many B2B SaaS that do not consider themselves “sensitive AI” at first glance fall here.

Step 4: Is your system in Annex III but meets the Art. 6(3) exception?

Article 6(3), introduced through the final compromise in December 2023, lets providers self-assess that the system “does not pose a significant risk” if it meets one of four conditions:

• Performs a narrow procedural task.
• Improves the result of a previously completed human activity.
• Detects decision-making patterns without replacing or influencing the human decision.
• Performs a preparatory task for the relevant Annex III assessment.

Important: this exception must be documented in a FRIA (Fundamental Rights Impact Assessment) and registered in the EU AI Database. It is not an informal self-declaration.

Step 5: Is your system a chatbot, image generator, deepfake, synthetic content?

→ Limited risk. Transparency obligations under Art. 50.

Step 6: The rest → minimal risk. No specific obligations.

High-Risk obligations (Art. 8-15)

For a system classified as high-risk, providers (those who place it on the market) must have:

• Risk management system documented and maintained throughout the system’s life.
• Data governance — training data quality, validation, testing; bias mitigation.
• Complete technical documentation (Annex IV — 9 sections).
• Automatic logging of operational events.
• Transparency and information to deployers — clear instructions.
• Human oversight by design.
• Accuracy, robustness and cybersecurity — pre-deployment testing, adversarial attack defences.
• Quality management system — formal procedures.
• EU declaration of conformity + CE marking.
• Registration in the EU AI Database before market placement.
• Post-market monitoring + serious incident reporting to authorities.

For deployers (professional users) — Art. 26: provider instructions, human oversight, log retention, monitoring per identified risks. For high-risk in public areas — mandatory FRIA.

GPAI — General Purpose AI Models (Art. 51-56)

Articles 51-56 separately regulate “general-purpose” AI models — large LLMs of the GPT-4, Claude, Gemini, Llama type. Two levels:

Standard GPAI. All models above the threshold (10^23 FLOPS pre-training, indicative). Obligations:

• Technical documentation (Annex XI).
• Information for downstream deployers (Annex XII).
• Copyright compliance policy (TDM opt-outs).
• Public summary of training data.

GPAI with systemic risk (above 10^25 FLOPS). Additional obligations:

• Model evaluation per state-of-the-art methodologies.
• EU-level risk assessment and mitigation.
• Serious incident reporting to the AI Office.
• Adequate cybersecurity at model + infrastructure level.

In practice, in 2026, the GPAI systemic-risk list includes GPT-4o, Claude 3.5 Sonnet, Gemini Ultra, Grok-2, Llama 3.1 405B. Open-source models with public weights enter a modified regime.

Fines — up to 35 million EUR

Article 99 sets the maximum fines:

• Breach of Art. 5 (banned systems): 35 million EUR or 7% of global turnover.
• Breach of other high-risk obligations: 15 million EUR or 3%.
• Providing incorrect information to authorities: 7.5 million EUR or 1%.

For GPAI providers, the AI Office can directly impose fines of up to 3% of global turnover or 15 million EUR.

How Lexnomia helps

Lexnomia includes an AI Act module that:

• Interactive decision tree for classification with FRIA template output.
• AI systems inventory with automatic mapping to Art. 5 / Annex III.
• Automated logging of AI decisions with configurable retention.
• Watermarking helper for synthetic content generation.
• Cross-mapping with GDPR Art. 22 (automated decision), ISO 27001:2022 (migration details) and NIS2 (checklist).

See also our article on the multi-LLM fallback pattern for systemic robustness considerations.

Related articles

• EU AI Act: obligations for companies fine-tuning LLMs
• NIS2 implementation — operational checklist for essential and important entities
• Observability of AI agents: what to monitor in production
• Pillar Lexnomia — the sovereign EU compliance platform

Next steps

For concrete classification of your AI system and a compliance plan, the Lexnomia page holds the AI Act module. Or write to contact for a technical discussion.

References

• Regulation (EU) 2024/1689 — consolidated text on EUR-Lex
• European AI Office — official information
• EU AI Act explorer (CEPS)
• ENISA — AI cybersecurity guidance
• NIST AI Risk Management Framework