The EU AI Act uses a four-tier risk pyramidto determine which obligations apply to your AI system. Classification depends on your system's purpose, sector, and potential impact on people, not its technical architecture.
These AI practices are considered an unacceptable risk to fundamental rights and are prohibited entirely under the EU AI Act.
Examples
AI systems in eight regulated sectors (biometrics, education, employment, credit scoring, law enforcement, migration, justice, critical infrastructure) face the most stringent requirements.
Examples
Key Obligations
AI systems that interact with users or generate synthetic content must disclose their AI nature. Lighter touch than high-risk, but legally binding.
Examples
Key Obligations
The vast majority of AI systems fall here. Spam filters, recommendation engines, AI in video games, and most B2B productivity tools are minimal risk. No mandatory compliance requirements, but voluntary codes of conduct are encouraged.
Examples
Answer questions about what your AI does and who it affects. Get an instant tier classification with the exact articles that apply.
Start free assessment →More EU AI Act compliance pieces from ActComply.
All 27 obligations across high risk, limited risk, general provider, and GPAI categories.
Annex III categories and what counts as high risk under the AI Act.
How the May 2026 provisional agreement shifts high risk deadlines, and what stays unchanged.
All twelve Article 26 obligations attaching to every deployer of a high risk system on August 2.
Who the Fundamental Rights Impact Assessment actually applies to, and what fills the gap when it doesn't.
Working one page template covering the six Article 27(1) inputs, with PDF download.
Provider and deployer obligations across chatbots, generative content, emotion recognition, and deep fakes.
When a deployer becomes a provider through substantial modification, and what crossing the line costs.
Article 53 + 55 obligations for general purpose AI model providers, plus the 10 July 2025 Code of Practice.