Understanding Risk Classification
The core of the EU AI Act is the risk-based classification. The higher an AI system's risk, the stricter the requirements. In this lesson, you'll learn how to correctly classify your AI systems.
Level 1: Unacceptable Risk — Prohibited 🚫
These AI applications are prohibited in the EU (since 02.02.2025):
- Social scoring: Rating people based on social behavior (as in China)
- Manipulative AI: Systems using subliminal techniques to manipulate behavior
- Real-time biometric surveillance: In public spaces by law enforcement (with narrow exceptions)
- Emotion recognition: In workplaces and educational institutions
- Predictive policing: AI-based prediction of individual crimes
Level 2: High Risk — Strict Requirements ⚠️
AI systems affecting fundamental rights are classified as High Risk:
| Area | Examples |
|---|
| Biometrics | Facial recognition, voice recognition |
| Critical infrastructure | AI in energy grids, water supply |
| Education | Automated exam grading, access scoring |
| Employment | AI in recruiting, performance evaluation, termination decisions |
| Financial services | Credit scoring, insurance scoring |
| Law enforcement | Evidence evaluation, recidivism prediction |
| Migration | Visa assessment, border surveillance |
Obligations for High-Risk Systems:
- Risk management system
- Data governance and quality standards
- Technical documentation
- Logging and traceability
- Human oversight
- Accuracy, robustness, cybersecurity
Level 3: Limited Risk — Transparency Obligations ⚡
Systems with limited risk must be transparent:
- Chatbots: Users must know they're interacting with AI
- Deepfakes: Must be labeled as AI-generated
- AI-generated content: Texts, images, audio must be marked as AI-generated
- Emotion recognition systems: Users must be informed (where permitted)
Level 4: Minimal Risk — No Special Obligations ✅
The majority of AI applications fall into this category:
- Spam filters
- AI-powered search functions
- Recommendation algorithms (with limitations)
- Text correction and translation
Practical Check: Where Do Your Systems Stand?
Go through your AI inventory and ask for each system:
- Does it affect fundamental rights? → Possibly High Risk
- Does it directly interact with users? → At least Limited Risk
- Does it fall under one of the High-Risk areas in Annex III? → High Risk
- None of the above? → Probably Minimal Risk
Caution: Classification isn't static. A system that is Minimal Risk today can become High Risk through expanded functionality.