The EU AI Act doesn’t treat all AI systems the same way. It sorts them into categories based on the risk they pose to people’s safety, rights, and wellbeing, and the category your system lands in determines almost everything: what you have to do, how much it costs to comply, and what happens if you get it wrong.

Most of the confusion about the Act comes from not understanding this sorting process. People read about prohibited AI and assume the rules apply to them. Or they assume the rules don’t apply because their product isn’t obviously dangerous. Both mistakes lead to the same place: a compliance programme built on the wrong foundation.

The four categories

Every AI system in the scope of the EU AI Act falls into one of four categories. The smallest group faces the most restrictions. The largest group faces almost none.

Unacceptable risk: banned outright. A small number of AI applications are prohibited entirely because the EU has decided no legitimate use case justifies them. These include social scoring systems that rate citizens based on their behaviour and personal characteristics, real-time remote biometric identification in publicly accessible spaces (with narrow exceptions for law enforcement), AI systems that manipulate people through subliminal techniques in ways that cause harm, and systems that exploit vulnerabilities of specific groups such as children or people with disabilities. These bans have been in force since February 2025. If your system falls into one of these categories, there is no compliance path. The activity is simply not permitted.

High risk: permitted but heavily regulated. This is where most of the Act’s compliance obligations live. High-risk systems can be used, but they must meet a demanding set of requirements covering technical documentation, risk management, human oversight, data governance, logging, and transparency. The full set of what qualifies is covered below.

Limited risk: transparency obligations only. Systems in this category don’t face the full compliance burden, but they do have to be honest about what they are. Chatbots must tell users they’re talking to an AI. Systems that generate synthetic images, audio, or video must label them as AI-generated. Emotion recognition systems must disclose when they’re being used. The obligations are lighter but real.

Minimal risk: no specific obligations. The majority of AI applications in commercial use sit here. Spam filters, AI-powered video games, recommendation engines, and most productivity tools. No specific requirements apply under the Act, though general EU law (GDPR, consumer protection rules, and so on) still does.

How a system gets classified as high risk

This is the question most organisations get wrong.

A system can become high-risk in one of two ways.

The first is if it’s a safety component of a product that already falls under existing EU product safety legislation. This covers a wide range of physical goods: machinery, medical devices, toys, lifts, vehicles, and aviation equipment. If your AI system is embedded in any of these products and performs a safety function, it’s high risk under Article 6(1) of the Act, regardless of what the AI itself does.

The second is if it falls into one of the use cases listed in Annex III. This is the list that catches most business applications, and it covers eight areas:

1. Biometrics, including remote identification systems and AI used to categorise people based on sensitive attributes like race, political opinion, or sexual orientation.

2. Critical infrastructure management, where AI influences the operation of systems like electricity, water, gas, or transport networks.

3. Education and vocational training, covering AI that determines access to institutions, evaluates students, or monitors behaviour during tests.

4. Employment, workforce management, and access to self-employment. This is one of the most practically relevant categories for most businesses. It covers AI used to recruit or select candidates, make decisions about promotion or termination, allocate tasks, or monitor performance.

5. Access to essential private and public services, including credit scoring, insurance risk assessment, emergency service dispatch, and the evaluation of benefit entitlements.

6. Law enforcement uses, covering predictive policing tools, lie detectors, and systems that assess the risk an individual poses.

7. Migration, asylum, and border control, including tools that assess travel document authenticity or the risk posed by individuals at borders.

8. Administration of justice and democratic processes, covering AI used to assist courts or influence elections.

If your system’s intended use falls into any of these areas, it’s presumed high risk. The question then becomes whether any exemption applies.

The Article 6(3) exemption