Risk Classification under the EU AI Act - Key Categories and Compliance Guidance

Following a structured, high-level framework, classify your offering under Risk Classification under the EU AI Act: Key Categories and Compliance Guidance to identify which elements are covered and require controls, so you can plan remediation now.

The following actions directly support readiness for staff and governance: map data flows, assign owners, and implement a risk management system that records decisions throughout the lifecycle, enabling updating of the classification and ensuring the process follows a defined framework.

For substantial high-risk components, establish criteria that will be considered and require human oversight; maintain a registered registry of risk factors, data sources, and monitoring outcomes to demonstrate transparency to the authority, e assicurati istruzione programs for staff align with current guidance.

To ensure ongoing protection of individuals, implement updating cadences and require documentation in a single repository; unless an exemption applies, share notable changes with the authority and keep an auditable trail throughout the process.

Education and training are key: schedule regular sessions for staff, update content when new guidance is released by the authority, and track completion for individuals involved in development, deployment, or monitoring. This approach will enhance trust and help you prepare concise evidence for audits.

Determine if Your AI System Is Prohibited Under Art 5: Quick Flagging Criteria

Use this five-point checklist to determine if your AI system is prohibited under Art 5. If any item flags, escalate for national guidance and formal review.

Five-Point Flagging Checklist

Subliminal techniques: If the system uses subliminal prompts or covert cues designed to steer behavior without the user's conscious awareness, it should be treated as prohibited under Art 5. Review gpai characteristics and maintain logs to track such features and inform a quick decision.

Exploitation of vulnerabilities: If the system targets a single person or a defined subject group by exploiting known vulnerabilities, flag it. Track prompts and responses, and note the situation to support an evidence-based decision.

Public authority and national context: If the system is intended for national or public administration, including scoring or decision support about individuals or groups, this applies to Art 5 prohibitions. Take account of where it operates and update the sets of governance technologies accordingly.

Real-time biometric or emotion recognition in public spaces: If you deploy real-time biometric identification or emotion recognition in public spaces, this is prohibited under Art 5 unless narrowly justified. Note the risk, inform stakeholders, and update the risk assessment to protect user rights.

Other prohibited practices: If the system uses techniques that undermine fundamental rights, misrepresent its autonomy, or create deceptive expectations, apply prohibition. In addition, ensure you have a note explaining why this classification remains valid and outlining next steps.

Documentation, Logging, and Next Steps

If any criterion applies, inform stakeholders and begin updating the risk management file. Create a concise note detailing which criterion triggered the flag and what data supported the decision.

Tracking and action: Use logs to track decisions, update public documentation, and set a mitigation plan that protects users and aligns with national requirements. This supports adherence and facilitates updating governance as laws evolve.

Practical Examples of Prohibited AI Practices in Chapter II Art 5

Immediately audit every AI feature planned for launch and disable any component that relies on subliminal prompts or manipulative design. Establish a pre-release gate that requires a clear aims statement, explicit disclosure of how the system makes decisions, and confirmation of a valid licence from regulators before going live. Audit the core design at the same time and set up a daily monitor of interactions to ensure accountability.

In addition, avoid chatbots that identify user vulnerabilities and push risky products or misinformation through deceptive prompts or impersonation. Build a downstream monitoring plan that tracks user interactions, flags identifying patterns, and prevents release of features that lack transparent disclosures. Use a clear call to action if ethics flags trigger a halt, and maintain a public news-style log of changes for accountability with the regulators.

Adaptive personalization after release poses high risk when the system shifts content, timing, or conversations across types of data and operations based on real-time signals. Pause adaptive loops immediately if the system begins to influence decisions beyond consent, and revert to non-adaptive defaults during post-market life. Create a rigorous operation checklist to document data sources, purposes, and the respective safeguards across types of data and operations.

Real-time biometrics identification in public or semi-public spaces is typically prohibited for law enforcement and access control. Do not deploy such capabilities in release unless a narrow exception applies and is fully documented in the licence and codes. If biometrics processing is used, limit it to non-identifying, privacy-preserving forms and retain data only for time-limited purposes.

Protect peoples and their respective rights by avoiding any system that assigns scores, classifications, or penalties based on sensitive attributes in uncontrolled contexts. Map the types of data used, conduct impact assessments, and ensure human oversight for high-stakes decisions. Regulators should receive detailed reports, and any breach should trigger rapid alerts to the news cycle and stakeholders; previously published codes can help frame the risk landscape and guide remediation for crimes that could arise from abuse.

Key elements of a practical checklist include explicit aims and boundaries; identifying prohibited practices; ensuring licence validation; establishing post-market monitoring; defining time-bound data retention; detailing downstream uses; recording release notes; and setting procedures for deactivating or reconfiguring models that exhibit prohibited behavior. Use this checklist to keep the core expectations clear for all teams and to facilitate transparent communication with regulators and the public.

High-Risk Classification: Criteria, Annex III Indicators, and Documentation Checklist

Map each high-risk use to Annex III indicators and assemble a clear documentation package that supports market-wide review by regulators and authorities.

Criteria and Annex III Indicators

• Biometric identification or verification in public spaces or high-stakes contexts is classified as High-Risk, given the potential to influence fundamental rights of an individual.
• Automated decision-making with substantial effect on a person’s rights or opportunities across sectors such as employment, education, housing, or access to essential services.
• Use of datasets with limited representativeness or bias across a variety of populations that could lead to discriminatory outcomes, requiring robust risk controls throughout development and deployment.
• Processing of sensitive or biometric data in contexts that affect safety, security, or the ability to exercise rights, creating systemic risk if not properly governed.
• Systems that monitor or profile individuals in real time or near real time, including applications that influence permissions, resources, or opportunities, thereby elevating risk levels.
• Cross-sector or cross-market applications whose failures could propagate harm beyond a single organisation, necessitating comprehensive audits and independent oversight.
• Use cases in which the model influences critical decisions that regulators might scrutinize under applicable laws, standards, and guidelines, requiring thorough documentation and oversight.

Documentation Checklist

1. Model description: purpose, scope, operation mode, and limitations; include a clear statement of the decision tasks the model performs and the contexts in which it is deployed.
2. Data governance: sources of data, datasets used for training and testing, data quality metrics, representativeness, filtering, and data contained; outline data minimization and retention rules.
3. Data privacy and protection: handling of biometric and sensitive data, consent where relevant, anonymization or pseudonymization methods, access controls, and breach response measures.
4. Annex III indicators mapping: justify why the use qualifies as High-Risk and specify which indicators apply, with traceable links to sector-specific requirements.
5. Risk management file: risk assessment, risk controls, residual risk rating, and plan to monitor risk over time; include a pathway for exception handling and escalation.
6. Performance and bias metrics: provide accuracy, precision, recall, and fairness metrics across major demographic groups; report latest test results and thresholds used for decision boundaries.
7. Technical documentation: model architecture, training regime, versioning, feature sets, and system dependencies; include diagrams and interfaces to other systems.
8. Security and resilience: threat modeling, security controls, logging, anomaly detection, incident response, and recovery procedures; describe how the system withstands tampering or misuse.
9. Data handling lifecycle: data lineage from source to deployment, data quality checks, data retention schedules, and deletion procedures for contained datasets.
10. Governance and oversight: defined tasks for human oversight, accountability assignments, and procedures for external audits or reviews by regulators.
11. Testing and validation: testing plans, scenarios, validation results, and test coverage across diverse conditions; document how results influence deployment decisions.
12. Compliance with laws and standards: mapping to applicable laws, sector regulations, and national authority guidance; include a conformity assessment plan and contact points for enforcement bodies.
13. Audit readiness: schedule for internal and external audits, required artifacts, and a mechanism to address findings; maintain an audit trail for changes and updates.
14. Deployment and monitoring: rollout plan, monitoring metrics, update policies, and rollback procedures; include how impact on individuals will be tracked over time.
15. Communication to stakeholders: clear notices for data subjects where applicable and documentation provided to responsible market participants who will interact with the system.

Evidence of Compliance: Data Governance, Testing, Logging, and Transparency for High-Risk Apps

Data Governance and Testing Best Practices

Adopt a european-aligned data governance baseline that requires clear data provenance, owner assignments, and detailed metadata for every training, validation, and real-time input dataset. Create groups of data owners for training, evaluation, and deployment, and map the supply chain for third-party data sources. Outline rules by data category, where those rules cover privacy, copyright, purpose limitation, retention, and data quality. Additionally, maintain outlined policy areas to govern handling and risk controls. Mandate versioning and a changelog to track drift, and enable internal audits and external assessments. Ensure data handling in workplaces and across real-time flows remains auditable, with strict access controls and separation of duties to ensure accountability. This approach becomes a solid foundation for regulator reviews and customer trust.

Implement deterministic testing that covers edge cases, distribution shifts, challenges, and risks from potentially manipulated inputs such as images across multiple modalities. Use a mix of real-time streams and additional synthetic data to validate resilience, bias, and safety. Track results in detailed dashboards, set stopping thresholds for high-risk deployments, and require remediation steps before a rollout. Store test results and linked model and data snapshots in a chain that deployers can obtain, enabling a thorough audit trail in a manner that supports compliance. In this way, the most important tests clearly show where quality falls and what action to take.

Logging, Transparency, and Compliance Evidence

Implement immutable logs that capture who did what, when, and why, with data identifiers, model version, processing purpose, and a clear personality of the model's behavior. Use a standardized, machine-readable format and store logs in a tamper-evident repository that supports real-time dashboards and industry-grade audits. Ensure access controls limit who can view or modify logs, and separate production data border from training data while still enabling authorized reviews. Provide a user-friendly transparency module that explains model decisions and potential impacts on workplaces and groups, while noting copyright constraints and data origin. Where appropriate, publish summaries of governance activity and outcomes to stakeholders and regulators to facilitate verification and enable trustworthy use by industry partners. This framework is designed for organizations that intend to operate high-risk apps responsibly.

Remediation and Ongoing Monitoring: How to Address Non-Compliance and Maintain Oversight

Start with a concrete remediation plan: inventory all non-compliant elements, name owners, set deadlines, and map each item to the applicable regulation and recitals.

Define cross-functional roles and implement a formal handoff process between development, risk, and compliance teams to avoid gaps and ensure accountability.

Build a living mapping that ties controls to regulation clauses and model behaviors, noting when updates occur and which level of risk applies.

Maintain a register of named persons responsible for remediation actions, with clear contact details and accountability lines.

Contain sensitive outputs and logs, separate informational data from biometrics or other regulated data, and implement access controls for chatbots and related systems. Include explicit handling rules for data linked to a person and ensure the data stays contained within approved domains.

In high‑risk scenarios, polygraphs may be considered as part of identity verification, though this requires explicit consent and alignment with applicable regulation and regulators’ expectations. This option should be documented in the mapping and recitals and used only when justified by risk and governance controls.

Issue	Regulation/Recitals	Level	Owner (Named)	Action	Scadenza	Status
Unclear consent prompts in chatbots	Regulation Art. 5; Recitals 12, 14	High	Alex Chen	Update prompts; add explicit consent dialog; update privacy notice	2025-12-01	Open
Data retention exceeding limits	Regulation X; Recital 28	Medium	Priya Kapoor	Implement automatic data purge; log retention events	2025-11-15	In Progress
Model drift in predictive scoring	Regulation Y; Recitals 9, 11	High	Jonas Müller	Trigger drift checks; recalibrate models; document updates	2026-01-20	Planned
Unclear designation of informational vs biometric data	Regulation Z; Recitals 3, 7	Medium	Sofia Rossi	Tipi di dati tag; limitare l'elaborazione; regolare i controlli di accesso	2025-12-30	Open
Lacune di passaggio tra i team di dati e conformità	Requisito normativo; Considerazioni 5, 6	Low	Michael Tucker	Definisci SLA; documenta i percorsi di escalation; testa con esercitazione da tavolo	2025-10-31	Completato

Implementare un monitoraggio continuo accoppiando controlli automatizzati con revisioni umane periodiche. Tracciare le prestazioni del modello, la qualità dei dati e l'efficacia delle azioni di remediation a una cadenza definita. Utilizzare dashboard che presentino a revisori dei conti e partner interni una visione chiara del livello di rischio, dei controlli chiave e dello stato di conformità corrente. Programmare revisioni trimestrali per adattare le mappature e aggiornare il registro man mano che i modelli e i flussi di dati si evolvono.

Stabilire una governance in merito alla gestione degli incidenti: quando viene rilevato un difetto o una violazione, attivare un'immediata escalation al proprietario del rischio, notificare alle parti interessate designate e registrare l'incidente con evidenze collegate. Mantenere un registro delle attività che documenti chi ha condotto l'indagine, quali dati sono stati esaminati e quali azioni correttive sono state intraprese.

Coinvolgere terze parti e partner con ruoli e responsabilità chiaramente definiti. Richiedere loro di registrare i flussi di dati e le attività di elaborazione, e di fornire prove di conformità rispetto alla regolamentazione e ai controlli delineati. Assicurarsi che tutti i passaggi a fornitori avvengano in base a accordi formali che rimandano alla mappatura e alle premesse rilevanti per i servizi forniti.

Fornire una formazione mirata per le persone che gestiscono dati e sistemi di intelligenza artificiale, sottolineando le responsabilità delineate nel regolamento, l'importanza della contenimento e le procedure per segnalare quando si sospetta una non conformità. Utilizzare scenari pratici per mantenere i team allineati con le aspettative del regolamento e la tolleranza al rischio dell'organizzazione.

I processi documentati dovrebbero presentare un chiaro collegamento tra la normativa, i ruoli assegnati e le azioni intraprese. Mantenere un registro aggiornato che elenchi gli individui nominati, le loro responsabilità e le attività di controllo collegate per supportare la supervisione sia da parte della leadership interna che dei regolatori.