EU AI Act Risk Categories Explained: How to Classify AI Systems in 2026
.png)
DPO Conslting Rejoin Grant Thornton
The EU AI Act introduces a risk-based framework for artificial intelligence. Instead of applying the same obligations to every AI system, the regulation classifies AI according to the level of risk it may create for health, safety, fundamental rights, democracy, the rule of law and the environment.
For businesses, this classification is not a theoretical exercise. It determines whether an AI system is prohibited, subject to strict high-risk obligations, covered by transparency duties, or largely outside the mandatory AI Act compliance regime. It also determines who must act: the provider, deployer, importer, distributor, product manufacturer or general-purpose AI model provider.
This article explains the EU AI Act risk categories, how AI systems are classified, which obligations apply, and how organisations can prepare a practical AI governance framework.
The EU AI Act is commonly described as having four AI risk levels: unacceptable risk, high risk, limited risk and minimal risk. The European Commission also refers to “transparency risk” for certain systems that are not high-risk but may mislead users or affect their ability to understand that they are interacting with AI.
In practice, the four AI Act risk categories are:
This classification is based less on the underlying technology than on the intended purpose, context of use and potential impact of the AI system. A similar model can therefore be low-risk in one context and high-risk in another.
For example, an AI tool used to organise internal documents may create limited regulatory exposure. The same type of AI technology used to assess job candidates, support access to essential services or assist clinical decisions may fall into a much stricter category.
AI Act risk classification is the starting point of compliance. Without it, an organisation cannot determine which obligations apply, which documentation is required, whether a conformity assessment is needed, or whether the system can be deployed at all.
A common mistake is to classify AI systems only by technical type: chatbot, scoring tool, recommendation engine, computer vision system, generative AI tool or predictive model. This is not enough. The AI Act looks at what the system is intended to do, who is affected, what decisions it supports, and whether it may create significant risks for individuals or society.
This means that businesses should not simply ask, “What technology are we using?” They should ask: “What is the AI system used for, who relies on it, who is affected by it, and what could happen if it is wrong, biased, opaque or misused?”
The first EU AI Act risk category covers prohibited AI practices. These are AI uses considered to create unacceptable risks because they may undermine human dignity, autonomy, equality, fundamental rights or democratic values.
The AI Act prohibits several categories of AI practices, including manipulative or deceptive AI systems that materially distort behaviour and cause or are likely to cause significant harm. It also prohibits systems that exploit vulnerabilities linked to age, disability or a specific social or economic situation where this causes or is likely to cause significant harm.
Social scoring systems are another core example. AI systems used to evaluate or classify individuals over time based on social behaviour or personal characteristics may be prohibited where they lead to unjustified or disproportionate detrimental treatment.
The regulation also restricts certain biometric practices. This includes biometric categorisation systems that infer sensitive characteristics, untargeted scraping of facial images to create or expand facial recognition databases, and certain uses of real-time remote biometric identification in publicly accessible spaces for law enforcement, subject to narrow exceptions.
Emotion recognition systems in the workplace or education institutions are also prohibited, except in specific medical or safety-related contexts.
The key point for organisations is clear: if an AI use case falls within Article 5 prohibited practices, it is not a matter of mitigation or documentation. It cannot be placed on the market, put into service or used in the EU.
Non-compliance with prohibited AI practices may lead to the highest level of administrative fines under the AI Act.
High-risk AI systems are not prohibited. They are allowed, but only under strict conditions. This is the most important category for AI Act compliance because it creates the heaviest operational, technical and documentary obligations.
The AI Act identifies high-risk AI systems in two main ways.
First, an AI system may be high-risk when it is used as a safety component of a product, or is itself a product, covered by EU harmonisation legislation listed in Annex I, and where that product requires third-party conformity assessment. This is particularly relevant for sectors such as medical devices, machinery, toys, lifts, aviation, vehicles and other regulated products.
Second, an AI system may be high-risk if it falls within one of the use cases listed in Annex III. These include areas such as biometrics, critical infrastructure, education, employment, access to essential services, law enforcement, migration and border control, administration of justice and democratic processes.
Typical high-risk AI systems may include AI tools used to screen job applicants, assess students, support creditworthiness decisions, evaluate eligibility for essential public or private services, assist border control decisions, or support certain law enforcement activities.
However, the classification is more nuanced than simply checking whether a use case appears in Annex III. Article 6(3) provides that certain Annex III systems may not be high-risk if they do not pose a significant risk of harm to health, safety or fundamental rights, including because they do not materially influence the outcome of decision-making. This exemption is narrow and must be documented. It does not apply where the system performs profiling of natural persons.
This is one of the most important practical points for businesses. AI Act risk classification must be reasoned and documented. A provider that concludes that an Annex III system is not high-risk must be able to justify that position and register the system as required.
High-risk AI systems are subject to a comprehensive compliance regime. Providers must establish a risk management system, apply data governance requirements, prepare technical documentation, ensure record-keeping, provide information and instructions for use, design appropriate human oversight, and ensure accuracy, robustness and cybersecurity.
These obligations are not just legal formalities. They require operational evidence. A provider should be able to show how the system was designed, tested, monitored and controlled throughout its lifecycle.
Deployers also have obligations. Depending on the context, they may need to use the system in accordance with the provider’s instructions, ensure appropriate human oversight, monitor system operation, keep logs where under their control, inform individuals in certain cases, and conduct a fundamental rights impact assessment for specific high-risk systems.
This division of responsibilities is crucial. Many organisations using AI are not providers of the system. They are deployers. But deployers cannot ignore the AI Act. They need to understand whether the AI system they buy, configure or integrate is high-risk, and what contractual, operational and governance measures they must implement.
The AI Act also creates transparency obligations for certain AI systems that are not necessarily high-risk. These are often described as limited risk AI systems or transparency-risk AI systems.
The objective is to prevent users from being misled about whether they are interacting with AI or whether content has been artificially generated or manipulated.
For example, AI systems intended to interact directly with natural persons must generally inform users that they are interacting with an AI system, unless this is obvious from the circumstances and context of use.
Providers of AI systems that generate synthetic audio, image, video or text content must ensure that outputs are marked in a machine-readable format and detectable as artificially generated or manipulated, where technically feasible and subject to exceptions.
Deployers of AI systems that generate or manipulate deepfake image, audio or video content must disclose that the content has been artificially generated or manipulated. Deployers of AI systems that generate or manipulate text published to inform the public on matters of public interest may also have disclosure obligations, unless appropriate human review and editorial responsibility apply.
This is why businesses should be careful with generative AI, chatbots, virtual assistants, automated customer support tools, synthetic media and AI-generated public content. Even when these systems are not high-risk, they may still trigger AI Act transparency obligations.
Most AI systems used in day-to-day business operations are likely to fall into the minimal or no-risk category. Examples may include spam filters, AI-enabled video games, basic productivity tools, simple categorisation tools or AI used in non-sensitive internal contexts.
These systems are not subject to a specific AI Act compliance regime equivalent to high-risk AI. However, this does not mean organisations should ignore them.
First, Article 4 of the AI Act requires providers and deployers to take measures to ensure a sufficient level of AI literacy among staff and other persons dealing with AI systems on their behalf.
Second, a low-risk AI system can become more sensitive if its purpose changes. A tool initially used to summarise internal documents may later be used to assess employees, support legal decisions, rank customers or process sensitive data. Risk classification must therefore be reviewed when the intended purpose, data, users or deployment context changes.
Third, other legal regimes may still apply, including GDPR, cybersecurity rules, intellectual property law, consumer protection law, employment law or sector-specific regulations.
For that reason, minimal risk does not mean “no governance”. It means no heavy AI Act regime, provided the classification remains accurate.
One of the weaknesses of many AI Act risk classification guides is that they ignore general-purpose AI. This is a mistake.
The AI Act contains a specific regime for general-purpose AI models, often referred to as GPAI models. These models are capable of performing a wide range of tasks and may be integrated into many downstream AI systems. Large language models and other foundation models may fall within this category.
Providers of general-purpose AI models must comply with specific obligations, including technical documentation, information to downstream providers, copyright-related policies, and a public summary of the content used for training. Additional obligations apply to GPAI models with systemic risk.
This means that GPAI is not simply a fifth “risk category” alongside unacceptable, high, limited and minimal risk. It is a specific regulatory layer. A GPAI model may be used as the basis for many AI systems, some of which may themselves become high-risk depending on their intended purpose.
For businesses, this creates a practical compliance question: are you developing a GPAI model, integrating one into your own AI system, or merely deploying a third-party AI tool? The answer determines which obligations apply.
The AI Act entered into force on 1 August 2024 and applies progressively.
The first major milestone was 2 February 2025, when the prohibitions on unacceptable risk AI practices and AI literacy obligations started to apply. On 2 August 2025, the rules for general-purpose AI models became applicable and AI Act governance structures had to be in place.
The majority of the AI Act rules are scheduled to apply from 2 August 2026, including transparency obligations under Article 50.
Following the political agreement on the AI Omnibus, the European Commission now indicates a revised timeline for certain high-risk AI systems. Rules for systems used in certain high-risk areas, including biometrics, critical infrastructure, education, employment, migration, asylum and border control, are expected to apply from 2 December 2027. For AI systems integrated into products such as robotics and industrial machinery, the rules are expected to apply from 2 August 2028.
Because the implementation calendar has evolved, organisations should avoid relying on outdated AI Act timelines. A readiness plan should distinguish between obligations already applicable, obligations applying in 2026, and high-risk obligations subject to the revised timetable.
A practical AI Act risk classification process should follow a structured sequence.
The first step is to confirm whether the tool is an AI system within the meaning of the AI Act. Not every automated tool is necessarily an AI system. Organisations should document why the tool falls within or outside the definition.
The second step is to identify the organisation’s role. The obligations are not the same for providers, deployers, importers, distributors, product manufacturers or GPAI model providers. A company may even hold different roles for different AI systems.
The third step is to screen the system against the prohibited practices in Article 5. If the use case is prohibited, the organisation must stop the project or redesign it fundamentally.
The fourth step is to assess whether the system is high-risk under Article 6(1), because it is a safety component or regulated product subject to third-party conformity assessment.
The fifth step is to assess whether the system falls within Annex III. If it does, the organisation must determine whether the high-risk classification applies or whether an Article 6(3) exemption can be justified and documented.
The sixth step is to assess transparency obligations under Article 50. Chatbots, generative AI systems, synthetic content, deepfakes, emotion recognition systems and biometric categorisation systems require particular attention.
The seventh step is to assess whether the system relies on a general-purpose AI model, and whether GPAI-specific obligations affect the provider or downstream provider.
The final step is to document the classification decision. This should include the intended purpose, users, affected persons, data processed, legal role, risk category, applicable obligations, evidence reviewed and date of assessment.
AI Act compliance should start with an AI inventory. Organisations need a clear view of all AI systems used, developed, procured or embedded into products and services. This inventory should include internal tools, SaaS solutions, generative AI tools, customer-facing AI, vendor systems and AI used in HR, finance, legal, compliance, marketing, customer support or product functions.
Once the inventory exists, each system should be classified under the EU AI Act risk categories. This classification should not be a one-line label. It should be documented, reviewed and linked to evidence.
Businesses should then build an AI governance framework. This framework should define who approves AI use cases, who performs risk classification, who reviews vendors, who validates legal and privacy issues, who monitors performance, who handles incidents, and who decides whether a system can be deployed.
Vendor management is especially important. Many organisations will not build AI systems themselves. They will buy, configure or integrate them. Contracts should therefore address AI Act roles, documentation, transparency, data governance, cybersecurity, logging, human oversight, audit rights, incident notification, use restrictions and subcontractors.
Finally, AI Act compliance should be integrated with GDPR, cybersecurity and sector-specific compliance. AI systems often process personal data, confidential information, health data, financial data, employee data or customer data. A standalone AI policy will not be enough if privacy, security, procurement and business teams are not aligned.
A strong AI governance framework helps organisations move from ad hoc AI use to controlled AI deployment. It reduces the risk of prohibited practices, misclassification, undocumented high-risk systems, uncontrolled generative AI use, weak vendor oversight and regulatory exposure.
It also supports innovation. Teams are more likely to deploy AI confidently when they know which use cases are acceptable, which require review, and which are too risky. Good governance should not block AI adoption. It should make AI adoption safer, faster and more defensible.
For boards and executive teams, AI governance also creates accountability. It provides a clear view of where AI is used, what risks exist, which controls are in place and where investment is needed.
DPO Consulting helps organisations prepare for the EU AI Act by turning legal requirements into practical governance, documentation and operational controls.
Our support can include AI inventory creation, AI system qualification, EU AI Act risk classification, high-risk assessment, Article 5 prohibited practice screening, Article 6 and Annex III analysis, GPAI assessment, GDPR alignment, vendor due diligence, AI governance framework design, AI policy drafting, training, and preparation of AI Act compliance documentation.
We also support organisations in designing risk management processes, documenting human oversight, reviewing data governance, assessing transparency obligations, and building remediation roadmaps before regulatory deadlines apply.
The objective is simple: help organisations deploy AI in a way that is lawful, secure, documented and aligned with business needs.
The EU AI Act risk categories are commonly described as unacceptable risk, high risk, limited or transparency risk, and minimal or no risk. Each category determines whether the AI system is prohibited, strictly regulated, subject to transparency obligations or largely outside the AI Act’s mandatory compliance regime.
Unacceptable risk AI refers to prohibited AI practices under Article 5 of the AI Act. These include certain manipulative AI systems, exploitation of vulnerabilities, social scoring, specific biometric practices, emotion recognition in workplace or education settings, and certain uses of real-time remote biometric identification in public spaces for law enforcement.
A high-risk AI system is an AI system that falls under Article 6 of the AI Act. This includes certain AI systems used as safety components or regulated products under Annex I, and certain AI systems listed in Annex III, such as AI used in employment, education, essential services, biometrics, law enforcement, migration, critical infrastructure or justice.
Not always. Article 6(3) allows a limited exemption where the AI system does not pose a significant risk of harm to health, safety or fundamental rights, including because it does not materially influence decision-making. However, this position must be documented and does not apply where the AI system performs profiling of natural persons.
Limited risk AI, often referred to as transparency-risk AI, includes AI systems that may mislead users or generate/manipulate content. Examples include certain chatbots, generative AI systems, synthetic media tools and deepfake systems. These systems may trigger transparency and disclosure obligations.
Minimal or no-risk AI systems are not subject to a specific high-risk compliance regime under the AI Act. However, AI literacy obligations apply broadly, and other laws such as GDPR, cybersecurity, employment law, consumer protection or sector-specific rules may still apply.
No. General-purpose AI models, or GPAI models, are subject to a specific AI Act regime. They are not simply a fifth risk category. GPAI models may be integrated into downstream AI systems, which must then be classified according to their intended purpose and risk.
The AI Act entered into force on 1 August 2024 and applies progressively. Prohibited practices and AI literacy obligations apply from 2 February 2025. GPAI rules apply from 2 August 2025. Transparency obligations are scheduled from 2 August 2026. Certain high-risk obligations follow a revised timetable after the AI Omnibus political agreement.
Businesses should start with an AI inventory, classify each AI system, identify their role, assess prohibited and high-risk use cases, review GPAI dependencies, update vendor contracts, train staff, and integrate AI governance with GDPR, cybersecurity, procurement and risk management.
Investing in GDPR compliance efforts can weigh heavily on large corporations as well as smaller to medium-sized enterprises (SMEs). Turning to an external resource or support can relieve the burden of an internal audit on businesses across the board and alleviate the strain on company finances, technological capabilities, and expertise.
External auditors and expert partners like DPO Consulting are well-positioned to help organizations effectively tackle the complex nature of GDPR audits. These trained professionals act as an extension of your team, helping to streamline audit processes, identify areas of improvement, implement necessary changes, and secure compliance with GDPR.
Entrusting the right partner provides the advantage of impartiality and adherence to industry standards and unlocks a wealth of resources such as industry-specific insights, resulting in unbiased assessments and compliance success. Working with DPO Consulting translates to valuable time saved and takes away the burden from in-house staff, while considerably reducing company costs.
GDPR and Compliance
Outsourced DPO & Representation
Training & Support
.svg)
.png)
.png)
