Following a structured, high-level framework, classify your offering under Risk Classification under the EU AI Act: Key Categories and Compliance Guidance to identify which elements are covered and require controls, so you can plan remediation now.
The following actions directly support readiness for staff and governance: map data flows, assign owners, and implement a risk management system that records decisions throughout the lifecycle, enabling updating of the classification and ensuring the process follows a defined framework.
For substantial high-risk components, establish criteria that will be considered and require human oversight; maintain a registered registry of risk factors, data sources, and monitoring outcomes to demonstrate transparency to the authority, and ensure education programs for staff align with current guidance.
To ensure ongoing protection of individuals, implement updating cadences and require documentation in a single repository; unless an exemption applies, share notable changes with the authority and keep an auditable trail throughout the process.
Education and training are key: schedule regular sessions for staff, update content when new guidance is released by the authority, and track completion for individuals involved in development, deployment, or monitoring. This approach will enhance trust and help you prepare concise evidence for audits.
Determine if Your AI System Is Prohibited Under Art 5: Quick Flagging Criteria
Use this five-point checklist to determine if your AI system is prohibited under Art 5. If any item flags, escalate for national guidance and formal review.
Five-Point Flagging Checklist
Subliminal techniques: If the system uses subliminal prompts or covert cues designed to steer behavior without the user's conscious awareness, it should be treated as prohibited under Art 5. Review gpai characteristics and maintain logs to track such features and inform a quick decision.
Exploitation of vulnerabilities: If the system targets a single person or a defined subject group by exploiting known vulnerabilities, flag it. Track prompts and responses, and note the situation to support an evidence-based decision.
Public authority and national context: If the system is intended for national or public administration, including scoring or decision support about individuals or groups, this applies to Art 5 prohibitions. Take account of where it operates and update the sets of governance technologies accordingly.
Real-time biometric or emotion recognition in public spaces: If you deploy real-time biometric identification or emotion recognition in public spaces, this is prohibited under Art 5 unless narrowly justified. Note the risk, inform stakeholders, and update the risk assessment to protect user rights.
Other prohibited practices: If the system uses techniques that undermine fundamental rights, misrepresent its autonomy, or create deceptive expectations, apply prohibition. In addition, ensure you have a note explaining why this classification remains valid and outlining next steps.
Documentation, Logging, and Next Steps
If any criterion applies, inform stakeholders and begin updating the risk management file. Create a concise note detailing which criterion triggered the flag and what data supported the decision.
Tracking and action: Use logs to track decisions, update public documentation, and set a mitigation plan that protects users and aligns with national requirements. This supports adherence and facilitates updating governance as laws evolve.
Practical Examples of Prohibited AI Practices in Chapter II Art 5
Immediately audit every AI feature planned for launch and disable any component that relies on subliminal prompts or manipulative design. Establish a pre-release gate that requires a clear aims statement, explicit disclosure of how the system makes decisions, and confirmation of a valid licence from regulators before going live. Audit the core design at the same time and set up a daily monitor of interactions to ensure accountability.
In addition, avoid chatbots that identify user vulnerabilities and push risky products or misinformation through deceptive prompts or impersonation. Build a downstream monitoring plan that tracks user interactions, flags identifying patterns, and prevents release of features that lack transparent disclosures. Use a clear call to action if ethics flags trigger a halt, and maintain a public news-style log of changes for accountability with the regulators.
Adaptive personalization after release poses high risk when the system shifts content, timing, or conversations across types of data and operations based on real-time signals. Pause adaptive loops immediately if the system begins to influence decisions beyond consent, and revert to non-adaptive defaults during post-market life. Create a rigorous operation checklist to document data sources, purposes, and the respective safeguards across types of data and operations.
Real-time biometrics identification in public or semi-public spaces is typically prohibited for law enforcement and access control. Do not deploy such capabilities in release unless a narrow exception applies and is fully documented in the licence and codes. If biometrics processing is used, limit it to non-identifying, privacy-preserving forms and retain data only for time-limited purposes.
Protect peoples and their respective rights by avoiding any system that assigns scores, classifications, or penalties based on sensitive attributes in uncontrolled contexts. Map the types of data used, conduct impact assessments, and ensure human oversight for high-stakes decisions. Regulators should receive detailed reports, and any breach should trigger rapid alerts to the news cycle and stakeholders; previously published codes can help frame the risk landscape and guide remediation for crimes that could arise from abuse.
Key elements of a practical checklist include explicit aims and boundaries; identifying prohibited practices; ensuring licence validation; establishing post-market monitoring; defining time-bound data retention; detailing downstream uses; recording release notes; and setting procedures for deactivating or reconfiguring models that exhibit prohibited behavior. Use this checklist to keep the core expectations clear for all teams and to facilitate transparent communication with regulators and the public.
High-Risk Classification: Criteria, Annex III Indicators, and Documentation Checklist
Map each high-risk use to Annex III indicators and assemble a clear documentation package that supports market-wide review by regulators and authorities.
Criteria and Annex III Indicators
- Biometric identification or verification in public spaces or high-stakes contexts is classified as High-Risk, given the potential to influence fundamental rights of an individual.
- Automated decision-making with substantial effect on a person’s rights or opportunities across sectors such as employment, education, housing, or access to essential services.
- Use of datasets with limited representativeness or bias across a variety of populations that could lead to discriminatory outcomes, requiring robust risk controls throughout development and deployment.
- Processing of sensitive or biometric data in contexts that affect safety, security, or the ability to exercise rights, creating systemic risk if not properly governed.
- Systems that monitor or profile individuals in real time or near real time, including applications that influence permissions, resources, or opportunities, thereby elevating risk levels.
- Cross-sector or cross-market applications whose failures could propagate harm beyond a single organisation, necessitating comprehensive audits and independent oversight.
- Use cases in which the model influences critical decisions that regulators might scrutinize under applicable laws, standards, and guidelines, requiring thorough documentation and oversight.
Documentation Checklist
- Model description: purpose, scope, operation mode, and limitations; include a clear statement of the decision tasks the model performs and the contexts in which it is deployed.
- Data governance: sources of data, datasets used for training and testing, data quality metrics, representativeness, filtering, and data contained; outline data minimization and retention rules.
- Data privacy and protection: handling of biometric and sensitive data, consent where relevant, anonymization or pseudonymization methods, access controls, and breach response measures.
- Annex III indicators mapping: justify why the use qualifies as High-Risk and specify which indicators apply, with traceable links to sector-specific requirements.
- Risk management file: risk assessment, risk controls, residual risk rating, and plan to monitor risk over time; include a pathway for exception handling and escalation.
- Performance and bias metrics: provide accuracy, precision, recall, and fairness metrics across major demographic groups; report latest test results and thresholds used for decision boundaries.
- Technical documentation: model architecture, training regime, versioning, feature sets, and system dependencies; include diagrams and interfaces to other systems.
- Security and resilience: threat modeling, security controls, logging, anomaly detection, incident response, and recovery procedures; describe how the system withstands tampering or misuse.
- Data handling lifecycle: data lineage from source to deployment, data quality checks, data retention schedules, and deletion procedures for contained datasets.
- Governance and oversight: defined tasks for human oversight, accountability assignments, and procedures for external audits or reviews by regulators.
- Testing and validation: testing plans, scenarios, validation results, and test coverage across diverse conditions; document how results influence deployment decisions.
- Compliance with laws and standards: mapping to applicable laws, sector regulations, and national authority guidance; include a conformity assessment plan and contact points for enforcement bodies.
- Audit readiness: schedule for internal and external audits, required artifacts, and a mechanism to address findings; maintain an audit trail for changes and updates.
- Deployment and monitoring: rollout plan, monitoring metrics, update policies, and rollback procedures; include how impact on individuals will be tracked over time.
- Communication to stakeholders: clear notices for data subjects where applicable and documentation provided to responsible market participants who will interact with the system.
Evidence of Compliance: Data Governance, Testing, Logging, and Transparency for High-Risk Apps
Data Governance and Testing Best Practices
Adopt a european-aligned data governance baseline that requires clear data provenance, owner assignments, and detailed metadata for every training, validation, and real-time input dataset. Create groups of data owners for training, evaluation, and deployment, and map the supply chain for third-party data sources. Outline rules by data category, where those rules cover privacy, copyright, purpose limitation, retention, and data quality. Additionally, maintain outlined policy areas to govern handling and risk controls. Mandate versioning and a changelog to track drift, and enable internal audits and external assessments. Ensure data handling in workplaces and across real-time flows remains auditable, with strict access controls and separation of duties to ensure accountability. This approach becomes a solid foundation for regulator reviews and customer trust.
Implement deterministic testing that covers edge cases, distribution shifts, challenges, and risks from potentially manipulated inputs such as images across multiple modalities. Use a mix of real-time streams and additional synthetic data to validate resilience, bias, and safety. Track results in detailed dashboards, set stopping thresholds for high-risk deployments, and require remediation steps before a rollout. Store test results and linked model and data snapshots in a chain that deployers can obtain, enabling a thorough audit trail in a manner that supports compliance. In this way, the most important tests clearly show where quality falls and what action to take.
Logging, Transparency, and Compliance Evidence
Implement immutable logs that capture who did what, when, and why, with data identifiers, model version, processing purpose, and a clear personality of the model's behavior. Use a standardized, machine-readable format and store logs in a tamper-evident repository that supports real-time dashboards and industry-grade audits. Ensure access controls limit who can view or modify logs, and separate production data border from training data while still enabling authorized reviews. Provide a user-friendly transparency module that explains model decisions and potential impacts on workplaces and groups, while noting copyright constraints and data origin. Where appropriate, publish summaries of governance activity and outcomes to stakeholders and regulators to facilitate verification and enable trustworthy use by industry partners. This framework is designed for organizations that intend to operate high-risk apps responsibly.
Remediation and Ongoing Monitoring: How to Address Non-Compliance and Maintain Oversight
Start with a concrete remediation plan: inventory all non-compliant elements, name owners, set deadlines, and map each item to the applicable regulation and recitals.
Define cross-functional roles and implement a formal handoff process between development, risk, and compliance teams to avoid gaps and ensure accountability.
Build a living mapping that ties controls to regulation clauses and model behaviors, noting when updates occur and which level of risk applies.
Maintain a register of named persons responsible for remediation actions, with clear contact details and accountability lines.
Contain sensitive outputs and logs, separate informational data from biometrics or other regulated data, and implement access controls for chatbots and related systems. Include explicit handling rules for data linked to a person and ensure the data stays contained within approved domains.
In high‑risk scenarios, polygraphs may be considered as part of identity verification, though this requires explicit consent and alignment with applicable regulation and regulators’ expectations. This option should be documented in the mapping and recitals and used only when justified by risk and governance controls.
| Issue | Regulation/Recitals | Level | Owner (Named) | Action | Deadline | Status |
|---|---|---|---|---|---|---|
| Unclear consent prompts in chatbots | Regulation Art. 5; Recitals 12, 14 | High | Alex Chen | Update prompts; add explicit consent dialog; update privacy notice | 2025-12-01 | Open |
| Data retention exceeding limits | Regulation X; Recital 28 | Medium | Priya Kapoor | Implement automatic data purge; log retention events | 2025-11-15 | In Progress |
| Model drift in predictive scoring | Regulation Y; Recitals 9, 11 | High | Jonas Müller | Trigger drift checks; recalibrate models; document updates | 2026-01-20 | Planned |
| Unclear designation of informational vs biometric data | Regulation Z; Recitals 3, 7 | Medium | Sofia Rossi | Tag data types; restrict processing; adjust access controls | 2025-12-30 | Open |
| Handoff gaps between data and compliance teams | Regulation requirement; Recitals 5, 6 | Low | Michael Tucker | Define SLA; document escalation paths; test with tabletop exercise | 2025-10-31 | Completed |
Implement ongoing monitoring by pairing automated checks with periodic human reviews. Track model performance, data quality, and the effectiveness of remediation actions at a defined cadence. Use dashboards that present regulators and internal partners with a clear view of risk level, key controls, and current compliance status. Schedule quarterly reviews to adjust mappings and update the register as models and data flows evolve.
Establish governance around incident response: when a defect or breach is detected, trigger an immediate escalation to the risk owner, notify named stakeholders, and log the incident with linked evidence. Maintain an audit trail that documents who conducted the investigation, what data was reviewed, and what corrective actions were taken.
Engage third parties and partners with clearly defined roles and responsibilities. Require them to register their data flows and processing activities, and to provide evidence of compliance against the regulation and the outlined controls. Ensure all handoffs to vendors occur under formal agreements that reference the mapping and recitals relevant to the services provided.
Provide targeted training for persons handling data and AI systems, emphasizing the responsibilities outlined in the regulation, the importance of containment, and procedures to raise flags when non-compliance is suspected. Use practical scenarios to keep teams aligned with the regulation’s expectations and the organization’s risk tolerance.
Documented processes should present a clear linkage between the regulation, the assigned roles, and the actions taken. Maintain an up-to-date register that lists named individuals, their responsibilities, and the linked control activities to support oversight by both internal leadership and regulators.
