Why Classification Matters
Your obligations under the EU AI Act are entirely tier-dependent. A minimal-risk spam filter has no specific obligations. A high-risk credit-scoring model carries Articles 8 through 17, Annex IV technical documentation, CE marking, conformity assessment, and post-market monitoring. A prohibited system cannot be deployed at all and exposes your organisation to fines of up to €35 million or 7% of global annual turnover — whichever is higher.
The two failure modes are equally costly. Under-classify and you ship a high-risk system without the conformity assessment, the Article 12 logging, or the Article 14 human oversight that the Regulation requires — and inherit the liability. Over-classify and you burn six to twelve months of engineering and compliance budget on obligations that do not apply to you, while your competitors reach the market first. The tier decision is therefore not a legal afterthought; it is an engineering decision with six- and seven-figure consequences.
This checklist is a first-pass filter. It is structured around the Regulation's own tier logic — Article 5 (prohibited), Annex III (high-risk), Article 50 (limited-risk transparency), and Articles 51 through 55 (GPAI). Annex III of Regulation (EU) 2024/1689 is the authoritative list. This tool helps you form a working classification. Get written sign-off from qualified counsel before you rely on it for a deployment decision.
Contents
Section 1 — Prohibited Practices Check
Article 5 · Unacceptable Risk · Enforceable since 2 February 2025Article 5 lists categorically banned AI practices. If your system falls into any of the eight categories below, you cannot place it on the Union market, put it into service, or use it — regardless of technical safeguards, consent, or business justification. Work through each item honestly. Edge cases belong to your counsel, not to this checklist.
1. Social scoring by public authorities or on their behalf
Does your system evaluate or classify natural persons based on social behaviour or personality characteristics, producing a score that leads to detrimental or unfavourable treatment in social contexts unrelated to the data's origin, or treatment that is unjustified or disproportionate?
Article 5(1)(c)
YESNO
2. Real-time remote biometric identification in publicly accessible spaces for law enforcement
Does your system perform real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes, outside the narrow exceptions (targeted search for specific victims of abduction, prevention of imminent threat, or localisation of a suspect for specific serious crimes)?
Article 5(1)(h)
YESNO
3. Emotion recognition in workplaces or educational institutions
Does your system infer emotions of natural persons in the workplace or in educational institutions, outside the medical or safety exceptions?
Article 5(1)(f)
YESNO
4. Manipulative subliminal techniques
Does your system deploy subliminal techniques beyond a person's governance, or purposefully manipulative or deceptive techniques, with the objective or effect of materially distorting the behaviour of a person or group, causing or reasonably likely to cause significant harm?
Article 5(1)(a)
YESNO
5. Exploitation of vulnerabilities (age, disability, socioeconomic)
Does your system exploit vulnerabilities of a natural person or specific group based on age, disability, or a specific social or economic situation, with the objective or effect of materially distorting behaviour in a way that causes or is reasonably likely to cause significant harm?
Article 5(1)(b)
YESNO
6. Biometric categorisation inferring sensitive attributes
Does your system categorise natural persons individually on the basis of their biometric data to deduce or infer their race, political opinions, trade-union membership, religious or philosophical beliefs, sex life, or sexual orientation?
Article 5(1)(g)
YESNO
7. Untargeted facial image scraping for facial-recognition databases
Does your system create or expand facial-recognition databases through the untargeted scraping of facial images from the internet or CCTV footage?
Article 5(1)(e)
YESNO
8. Predictive policing based on profiling
Does your system assess or predict the risk of a natural person committing a criminal offence based solely on profiling or personality traits, outside systems used to support the human assessment of involvement based on objective, verifiable facts directly linked to a criminal activity?
Article 5(1)(d)
YESNO
If ANY answer above is YES
PROHIBITED. Cease deployment immediately. The prohibition has been enforceable since 2 February 2025. Non-compliance exposes your organisation to administrative fines of up to €35 million or 7% of total worldwide annual turnover for the preceding financial year, whichever is higher (Article 99(3)). Engage qualified counsel before any further action. Stop reading this checklist and escalate.
Section 2 — High-Risk Check
Annex III · High-Risk AI Systems · Obligations apply from 2 August 2027Annex III lists the eight category groups that constitute high-risk AI systems when the system is used in the listed context. Work through each group. Any single yes in any group triggers Articles 8 through 17 and the full conformity-assessment regime.
Pay attention to the framing: what matters is the use, not the technology. A generic language model deployed to score job applicants is high-risk employment AI. The same model summarising meeting notes is not. Classification follows deployment context.
Group 1 — Biometrics
Remote biometric identification systems (other than verification that simply confirms a person is who they claim to be). Annex III(1)(a)
YESNO
Biometric categorisation systems according to sensitive or protected attributes. Annex III(1)(b)
YESNO
Emotion recognition systems (outside the workplace and education contexts banned under Article 5). Annex III(1)(c)
YESNO
Group 2 — Critical Infrastructure
Safety components in the management and operation of critical digital infrastructure, road traffic, or the supply of water, gas, heating, or electricity. Annex III(2)
YESNO
Group 3 — Education and Vocational Training
Determining access, admission, or assignment of natural persons to educational and vocational training institutions at any level. Annex III(3)(a)
YESNO
Evaluating learning outcomes, including when those outcomes steer the learning process. Annex III(3)(b)
YESNO
Assessing the appropriate level of education a person will receive or access. Annex III(3)(c)
YESNO
Monitoring or detecting prohibited behaviour of students during tests (including automated proctoring). Annex III(3)(d)
YESNO
Group 4 — Employment and Workers Management
Recruitment or selection of natural persons, including targeted job-advertising, CV sorting, and filtering of applications. Annex III(4)(a)
YESNO
Making decisions affecting terms of work-related relationships, promotion, or termination. Annex III(4)(b)
YESNO
Allocating tasks based on individual behaviour or personal traits. Annex III(4)(b)
YESNO
Monitoring and evaluating the performance and behaviour of workers. Annex III(4)(b)
YESNO
Group 5 — Access to Essential Services
Evaluating eligibility of natural persons for essential public assistance benefits or services (including healthcare), or granting, reducing, revoking, or reclaiming such benefits. Annex III(5)(a)
YESNO
Evaluating creditworthiness of natural persons or establishing their credit score, other than for the sole purpose of detecting financial fraud. Annex III(5)(b)
YESNO
Risk assessment and pricing in life and health insurance for natural persons. Annex III(5)(c)
YESNO
Evaluating and classifying emergency calls, or dispatching emergency first-response services (police, firefighters, medical aid) and triage systems. Annex III(5)(d)
YESNO
Group 6 — Law Enforcement
Assessing the risk of a natural person becoming the victim of criminal offences. Annex III(6)(a)
YESNO
Polygraphs and similar tools, or inferring emotional state of a natural person in the law-enforcement context. Annex III(6)(b)
YESNO
Evaluating the reliability of evidence in the course of investigation or prosecution. Annex III(6)(c)
YESNO
Profiling in the course of detection, investigation, or prosecution of criminal offences. Annex III(6)(d)
YESNO
Group 7 — Migration, Asylum, and Border Control
Polygraphs and emotion-inference tools used by competent public authorities in migration, asylum, and border control. Annex III(7)(a)
YESNO
Assessing risks posed by a natural person intending to enter or already in the territory (including health, security, and irregular-migration risk). Annex III(7)(b)
YESNO
Assisting the examination of applications for asylum, visa, and residence permits (including eligibility determinations). Annex III(7)(c)
YESNO
Detecting, recognising, or identifying natural persons in the context of migration, asylum, or border control management (excluding verification of travel documents). Annex III(7)(d)
YESNO
Group 8 — Administration of Justice and Democratic Processes
AI intended to assist a judicial authority in researching and interpreting facts and the law, and in applying the law to a concrete set of facts, or used in a similar way in alternative dispute resolution. Annex III(8)(a)
YESNO
AI intended to influence the outcome of an election or referendum, or the voting behaviour of natural persons (excluding systems whose output is not directly exposed to natural persons, such as tools for administrative organisation of political campaigns). Annex III(8)(b)
YESNO
If ANY answer in Section 2 is YES
HIGH-RISK. Obligations under Articles 8-17 apply. You must implement a risk-management system (Article 9), data and data-governance practices (Article 10), technical documentation to Annex IV (Article 11), automatic record-keeping (Article 12), transparency and information to deployers (Article 13), human oversight (Article 14), and accuracy, robustness, and cybersecurity (Article 15). Conformity assessment is required before market placement. CE marking is required. Full compliance deadline: 2 August 2027. Proceed to the obligation-mapping page to break each article down into concrete technical controls.
Section 3 — Limited-Risk Transparency Check
Article 50 · Transparency Obligations · Applies from 2 August 2026Even if your system is not high-risk, Article 50 may still impose transparency obligations. The purpose is to ensure users know when they are interacting with AI or consuming AI-generated content. These obligations apply in addition to any other classification — a high-risk system may also carry Article 50 duties.
1. Direct interaction with natural persons
Does your AI system interact directly with natural persons (for example, a chatbot, voice assistant, or virtual agent), in a way where a reasonable person might not recognise that they are interacting with AI?
Article 50(1)
YESNO
2. Generation of synthetic audio, image, video, or text
Does your AI system generate or manipulate audio, image, video, or text content that could falsely appear to be authentic (including deepfakes and generative-media systems used in consumer-facing contexts)?
Article 50(2), Article 50(4)
YESNO
3. Emotion recognition (non-high-risk contexts)
Does your system perform emotion recognition in any context other than the workplace or education (which are prohibited) and other than the high-risk law-enforcement, migration, or biometric contexts already captured above?
Article 50(3)
YESNO
4. Biometric categorisation (non-high-risk contexts)
Does your system perform biometric categorisation that is not already captured as prohibited (Article 5(1)(g)) or as high-risk (Annex III(1)(b))?
Article 50(3)
YESNO
If ANY answer in Section 3 is YES
LIMITED RISK. Article 50 transparency obligations apply. Users must be clearly informed that they are interacting with AI (Article 50(1)) or that content is AI-generated or -manipulated (Article 50(2)(4)). Synthetic content must be machine-readably marked in a standardised format. Emotion-recognition and biometric-categorisation deployers must inform affected persons. Obligations apply from 2 August 2026.
If all answers in Sections 1, 2, and 3 are NO
MINIMAL RISK. No specific obligations apply under the AI Act. Voluntary codes of conduct are encouraged (Article 95). You should still conform to general product-safety, data-protection (GDPR), and sectoral law. Re-run this checklist whenever your system's intended purpose changes, when you deploy it in a new context, or when new Annex III entries are added by delegated act.
Section 4 — GPAI Obligations Check
Articles 51-55 · General-Purpose AI Models · Applies from 2 August 2026General-Purpose AI (GPAI) obligations run on a parallel track to the tiered classification above. A GPAI provider may simultaneously place a high-risk system on the market and carry GPAI obligations at the model layer. These questions determine whether you are a GPAI provider, and whether your model is considered GPAI with systemic risk.
1. You develop or place on the market a general-purpose AI model
Does your organisation develop an AI model that displays significant generality and is capable of competently performing a wide range of distinct tasks — regardless of how the model is placed on the market (including via API) — and that can be integrated into a variety of downstream systems or applications?
Article 3(63)
YESNO
2. Training compute exceeds 10^25 FLOPs
Has the cumulative amount of compute used for the training of the model, measured in floating-point operations, exceeded 10^25? (This is the statutory threshold creating the presumption of systemic risk under Article 51(2).)
Article 51(2)
YESNO
3. Model placed on the EU market or used by EU providers
Is the model placed on the Union market, or made available to EU-based providers or deployers in any form, including through an API, a cloud service, or an integrated product?
Article 2(1)
YESNO
If YES to #1
GPAI PROVIDER. Article 53 obligations apply: draw up and keep up-to-date technical documentation to Annex XI, make information available to downstream providers wishing to integrate the model (Annex XII), put in place a policy to comply with Union copyright law (including respecting text-and-data-mining opt-outs under the CDSM Directive), and publish a sufficiently detailed summary of training content per the template from the AI Office. Open-source models released under a free and open licence have reduced obligations (Article 53(2)) — but this exception does not apply to GPAI with systemic risk.
If YES to #1, #2, and #3
GPAI WITH SYSTEMIC RISK. Article 55 obligations apply in addition to Article 53: perform model evaluations including adversarial testing to identify and mitigate systemic risk, assess and mitigate possible systemic risks and their sources, track and report serious incidents and possible corrective measures to the AI Office and national authorities without undue delay, and ensure an adequate level of cybersecurity protection for the model and its physical infrastructure. You must notify the AI Office within two weeks of crossing the 10^25 FLOPs threshold (Article 52(1)).
Result Interpretation Table
Summary of what each classification actually means in operational terms:
| Classification | Key Articles | Deadline | Key Obligations | Next Step |
| Prohibited | Article 5 | Enforceable since 2 Feb 2025 | Cannot be placed on the market, put into service, or used. Fines up to €35M / 7% of turnover. | Stop deployment. Escalate to counsel. |
| High-Risk | Articles 8-17, Annex III, Annex IV | 2 August 2027 | Risk-management system, data governance, Annex IV documentation, automatic logging, human oversight, accuracy/robustness/cybersecurity, CE marking, conformity assessment, post-market monitoring, Article 26 deployer duties, Article 27 FRIA (where applicable). | Obligation mapping |
| Limited Risk | Article 50 | 2 August 2026 | Inform users they are interacting with AI. Label AI-generated content in machine-readable form. Disclose emotion recognition and biometric categorisation to affected persons. | Transparency controls |
| Minimal Risk | Article 95 (voluntary codes) | No deadline | None specific to the AI Act. Voluntary codes of conduct encouraged. General product-safety and data-protection law still apply. | Re-assess when intended purpose changes. |
| GPAI Provider | Article 53 | 2 August 2026 | Annex XI technical documentation, Annex XII downstream-provider information, EU copyright policy, training-content summary. | Gap analysis |
| GPAI Systemic Risk | Article 55 | 2 August 2026 | Article 53 plus: model evaluations, adversarial testing, systemic-risk assessment and mitigation, cybersecurity, incident reporting to the AI Office. | Gap analysis |
Red Flags Most Companies Miss
Most mis-classifications we see in advisory work share a common pattern: the company reads the Annex III list, decides "that's not us," and moves on. The following traps catch organisations that thought they were safe.
- Deploying a third-party LLM in a high-risk use case makes you the deployer with Article 26 obligations. If you wrap OpenAI, Anthropic, or Google's API to make hiring decisions, you are the high-risk deployer. The model provider's compliance does not substitute for yours.
- Credit scoring is ALWAYS high-risk. The Annex III(5)(b) entry does not have an exception for "also does other things." If any part of your system evaluates creditworthiness of natural persons or establishes a credit score, the system is high-risk. Fraud-detection carve-out is narrow and must be the sole purpose.
- Fine-tuning a GPAI for a specific high-risk purpose makes you a high-risk provider, not just a deployer. When you substantially modify a general-purpose model for a high-risk intended purpose, you assume provider obligations under Article 25(1)(b). The upstream GPAI provider does not shield you.
- "EU market placement" includes offering via API to EU customers. Physical presence in the Union is not required. If EU-based organisations can pay for and use your AI system, you are placing it on the Union market. The Act has explicit extraterritorial reach (Article 2(1)(c)).
- Prohibited practices apply regardless of tier on the rest of your stack. A minimal-risk product can still contain a prohibited component. Article 5 is not a tier — it is a categorical ban on eight specific practices that cuts across the rest of the Regulation.
- "High-risk" is determined by intended purpose, not by what the model "could" do. You document your intended purpose; regulators will hold you to it. Selling a generic model while turning a blind eye to customers using it in high-risk contexts will not keep you out of the high-risk regime.
What to Do Next
If Section 1 returned yes, stop. Engage counsel today. If Section 2 returned yes, your critical path runs to 2 August 2027 and conformity assessment alone typically consumes six to twelve months. If Section 3 returned yes, your deadline is 2 August 2026 and transparency controls are largely engineering work. If Section 4 returned yes on item #1, your deadline is also 2 August 2026 and you should already be drafting your Annex XI technical documentation.
Step 2
Obligation Mapping
Break each applicable article into concrete technical controls and map them to your existing stack.
Step 3
Gap Analysis
Identify which obligations your current architecture cannot satisfy and scope the remediation work.
Step 4
Compliance Roadmap
Backward-plan your conformity-assessment timeline from the statutory deadline, with buffer.
Architecture
CoreGuard Live Demo
See deterministic pre-execution governance that satisfies Articles 12, 14, and 15 by construction.
Engagement
Schedule an Assessment
Work with our compliance-architecture team on classification sign-off and the remediation plan.
Background
EU AI Act Guide
Full technical breakdown of Regulation 2024/1689, deadlines, fines, and the Article 12/14/15/26/27 obligations.
Not legal advice. This checklist is a compliance-engineering resource intended to support classification discussions between technical and legal teams. It is not a substitute for advice from qualified counsel admitted in a relevant Member State jurisdiction. Annex III and Article 5 are subject to amendment by delegated act, and the AI Office is expected to publish guidance clarifying edge cases. Confirm your classification in writing before relying on it for a deployment or market-placement decision. EVE AI Core makes no representation that use of this checklist creates an attorney-client relationship or satisfies any regulatory obligation.