EU AI Act risk tiers explained: how to classify every AI system your organisation uses
Get the tier wrong and you're either building documentation nobody required or missing obligations that carry fines up to €35 million. Here's how to get it right the first time.
The EU AI Act does not apply the same rules to every AI system. What you owe — in documentation, testing, human oversight, transparency disclosure, and conformity assessment — depends entirely on which risk tier each of your AI systems falls into.
This is not a theoretical exercise. The classification you assign to each system determines your compliance workload, your legal exposure, and your timeline. Organisations that classify correctly move through compliance efficiently. Organisations that get it wrong either build an expensive documentation programme for tools that didn't need it, or discover a high-risk system in their stack three months before an audit with nothing to show.
This guide covers every tier, how to classify systems in each one, and the mistakes that consistently catch European organisations off guard.
The four risk tiers
The EU AI Act structures risk across four categories. They are not a sliding scale — they are distinct classifications, each with its own set of obligations. The tier a system falls into is determined by what it does and the context in which it operates, not by how advanced the technology is.
Tier 1: Prohibited — banned outright
Some AI practices are not regulated. They are banned. These have been unlawful across the EU since February 2, 2025. No grace period applied and no grace period remains.
Prohibited AI practices include:
Social scoring systems that evaluate individuals based on their behaviour, social characteristics, or personal attributes and then use that score to treat them differently in unrelated contexts. A system that tracks employee productivity and uses that score to determine access to services, for example, is prohibited.
Subliminal manipulation — AI that exploits subconscious vulnerabilities, psychological weaknesses, or specific personal circumstances to influence behaviour in ways the person would not consciously endorse. This goes beyond persuasion into manipulation below the threshold of awareness.
Exploitation of vulnerability — AI systems that target children, elderly people, people with disabilities, or those in economically precarious situations to distort their behaviour in harmful ways.
Biometric categorisation based on sensitive characteristics — using AI to infer or categorise people's race, ethnicity, political opinions, religious beliefs, trade union membership, sexual orientation, or health status from biometric data.
Real-time remote biometric identification in public spaces — with narrow, strictly defined exceptions for law enforcement in specific circumstances. For most organisations, any system performing real-time biometric identification in a publicly accessible space is prohibited.
Emotion recognition in workplaces and educational institutions — AI systems that infer the emotional state of employees or students are prohibited in those contexts.
What to do now: audit your AI stack — including embedded features inside third-party platforms — and confirm that nothing is performing any of these practices. If you find something that does, discontinue it immediately and document the remediation. If you are uncertain what AI is running across your organisation, [start with shadow AI detection](https://joingrasp.com/shadow-ai) before classifying anything.
Tier 2: High-risk — substantial obligations
High-risk AI systems are those where failures, biased outputs, or misuse can significantly affect people's fundamental rights, safety, or access to essential services. This tier carries the most compliance weight and is where the majority of organisational effort sits.
What makes a system high-risk
The Act defines high-risk AI by the domain in which it operates. The categories are listed in Annex III of the regulation:
Biometric identification and categorisation — any system that identifies individuals from biometric data, or categorises them based on biometric characteristics, in contexts not covered by the prohibited tier.
Critical infrastructure — AI managing or influencing the operation of essential services including energy networks, water supply, transport systems, and digital infrastructure.
Education and vocational training — systems that determine access to educational institutions, assess students, evaluate learning outcomes, or monitor behaviour during assessments.
Employment, workforce management, and access to self-employment — AI used in recruitment (screening CVs, shortlisting candidates, conducting interviews), performance evaluation, promotion decisions, task allocation, and termination. This is one of the most commonly overlooked categories. If your HR platform has AI-powered candidate screening or performance analytics, it is almost certainly high-risk.
Access to essential private and public services — AI that determines or significantly influences access to credit, insurance, healthcare, housing, or social benefits. This includes AI that calculates credit scores, assesses insurance risk, triages patient referrals, or scores benefit eligibility.
Law enforcement — AI used to assess the risk of an individual committing a crime, to evaluate the reliability of evidence, or to predict future criminal behaviour.
Migration, asylum, and border control — AI used to assess visa applications, screen asylum seekers, or predict irregular migration risk.
Administration of justice and democratic processes — AI used to assist courts in researching facts or applying law, or AI deployed in the context of elections or referendums.
The embedded AI problem
The most common classification mistake is failing to catch high-risk AI features inside platforms you did not procure as AI tools.
Your ATS may now include AI candidate ranking. Your CRM may include AI-powered customer risk scoring. Your workforce management platform may include AI-driven performance monitoring. Each of these is a high-risk AI system under the Act, regardless of whether you thought of it as an AI purchase when you signed the contract.
When classifying, go through every tool in your inventory and ask: does this tool make or influence a decision about a person's employment, financial access, education, healthcare, or legal status? If the answer is yes, classify it as high-risk and begin building the compliance file.
High-risk obligations
For a full breakdown of what high-risk classification requires — fundamental rights impact assessments, technical documentation, human oversight mechanisms, and conformity assessment — see the [EU AI Act conformity assessment guide](https://joingrasp.com/eu-ai-act/conformity-assessment).
The enforcement timeline for high-risk systems under Annex III is December 2, 2027, following the AI omnibus political agreement of May 7, 2026. That is not a reason to wait. Building a credible compliance file for a high-risk system — documentation, testing records, impact assessments, human oversight evidence — takes months. Organisations starting in late 2027 will not finish in time.
Tier 3: Limited risk — transparency obligations
Limited-risk AI systems do not carry the full compliance burden of high-risk systems, but they are not obligation-free. The key requirement is transparency: users must know they are interacting with AI.
Systems in this tier include:
Chatbots and conversational AI — any system that interacts directly with people and could be mistaken for a human must disclose that it is an AI at the start of the interaction. This applies to customer service bots, internal helpdesk tools, and any AI-powered messaging interface.
Deepfake and synthetic media generators — AI that generates images, audio, or video of real people must label the content as AI-generated. This applies to marketing tools, video production platforms, and any generative AI used to create synthetic media.
Emotion recognition systems — outside the prohibited contexts of workplaces and educational institutions, emotion recognition systems must disclose to users that their emotional state is being assessed.
AI-generated content — systems generating content intended to inform the public on matters of public interest must label that content as AI-generated.
Transparency obligations for limited-risk systems apply from August 2, 2026. If your organisation uses customer-facing chatbots or any tool generating synthetic media, disclosure requirements are live in a matter of weeks.
Tier 4: Minimal risk — no specific obligations
The majority of AI tools in use across most organisations fall here. Spam filters, recommendation engines, AI-powered search, basic automation, fraud detection tools, and most productivity AI fall into minimal risk.
No specific EU AI Act obligations apply to minimal-risk systems beyond existing EU law — primarily GDPR where personal data is processed and consumer protection law where relevant.
This does not mean these tools are invisible to governance. Every tool in your stack should be inventoried and classified, even if the classification result is minimal risk. The inventory is the foundation — without it, you cannot demonstrate to a regulator that you have assessed your AI landscape.
The classification process: how to do it
Classification is not a one-time exercise. It needs to be embedded in how your organisation approves and monitors AI tools. Here is a repeatable process:
Step 1 — Build the inventory first. You cannot classify what you cannot see. Before assigning tiers, establish a complete list of every AI tool in use across your organisation, including sanctioned tools, embedded AI features inside existing software, and AI adopted by employees without IT approval. The [EU AI Act compliance checklist](https://joingrasp.com/blog/eu-ai-act-compliance-checklist) covers how to build this inventory in step one.
Step 2 — Apply the prohibited check. For every tool in the inventory, confirm it does not perform any prohibited practice. This is a binary question. If yes, discontinue. If no, proceed to tier classification.
Step 3 — Apply the high-risk test. Does the system operate in any Annex III category? Does it make or significantly influence decisions about a person's employment, financial access, education, healthcare, or legal status? Does it perform biometric identification? Does it manage critical infrastructure? If yes to any of these, classify as high-risk.
Step 4 — Apply the limited-risk test. Does the system interact directly with users in a way that could be mistaken for a human? Does it generate synthetic media? Does it assess emotional states outside prohibited contexts? If yes, classify as limited-risk and document the disclosure obligations.
Step 5 — Assign minimal risk by elimination. Everything that does not meet the criteria for prohibited, high-risk, or limited-risk is minimal risk.
Step 6 — Assign ownership and review triggers. Every classified system needs a named owner responsible for maintaining the classification and triggering re-review when the system changes. Vendor updates, new data integrations, and expanded use cases can all change a system's risk tier.
Classification mistakes that create real exposure
Assuming third-party tools carry the compliance obligation. Deployers have their own obligations under the Act. If you deploy a high-risk AI system, you own compliance requirements even if you did not build it. Vendor documentation helps — it does not substitute for your own assessment.
Classifying by technology type instead of use case. A machine learning model is not inherently high-risk. The same model used for fraud detection in financial services is high-risk. Used for recommending content on an internal knowledge base, it is minimal risk. Classification follows context, not technology.
Treating the initial classification as permanent. A tool classified as minimal risk today can become high-risk when the vendor adds a new feature, when the organisation expands its use to a new context, or when a regulatory update brings a new category into Annex III. Classification needs a re-review trigger, not just an initial assessment.
Missing the August 2026 transparency deadline. Organisations focused on the December 2027 high-risk deadline are sometimes missing the earlier date. Transparency and GPAI obligations — including chatbot disclosure requirements — apply from August 2, 2026.
What comes after classification
Risk tier determines obligation. Once every system in your inventory has a confirmed classification, the compliance work becomes specific and manageable rather than abstract and overwhelming.
For high-risk systems, the next step is conformity assessment — the structured process of building technical documentation, conducting fundamental rights impact assessments, implementing human oversight, and in some cases submitting to third-party audit. The [EU AI Act conformity assessment guide](https://joingrasp.com/eu-ai-act/conformity-assessment) covers that process in full.
For limited-risk systems, the next step is implementing and documenting transparency disclosures before August 2, 2026.
For minimal-risk systems, the next step is ensuring they are in your inventory with a named owner — and that your governance process will catch any changes that move them into a higher tier.
Classification is not the end of EU AI Act compliance. It is the point where compliance becomes actionable.
See how Grasp classifies every AI tool in your organisation automatically — and maps each one to its EU AI Act obligations in real time. [Book a demo →](https://joingrasp.com/book-demo)
