induwara.lk
induwara.lkEU AI Act · Compliance

EU AI Act Risk Classifier — Is My AI System High-Risk?

Answer six questions and find out instantly whether your AI is prohibited, high-risk, limited-risk or minimal-risk under Regulation (EU) 2024/1689 — with the exact articles, the obligations for your role, and the compliance deadline. Free, no signup, every branch cited.

By Induwara AshinsanaUpdated Jun 26, 2026
Classify your AI system
Regulation (EU) 2024/1689 (EU AI Act)
Load an example

Used only in your copyable report. 120 characters left.

Your role in the AI value chain

Who carries the legal duty differs by role — Art 16 / 23 / 24 / 26.

1. Does the system do any of these? (Art 5 — prohibited practices)

Tick anything that applies. Any tick means the practice is banned outright.

2. Is it a general-purpose AI (GPAI) model?

A model trained on broad data that can be adapted to many tasks (e.g. an LLM). Art 3(63).

3. Is the AI a safety component of a regulated product? (Annex I)

e.g. medical devices, machinery, toys, vehicles — products already needing third-party conformity assessment. Art 6(1).

4. Is the intended use in any of these areas? (Annex III — high-risk)

Tick any area the system is intended for. Any tick makes it high-risk (subject to the Art 6(3) note).

5. Does the system do any of these? (Art 50 — transparency)

These add disclosure duties even when the system is not high-risk.

Answer the questions above to classify your system

Or load an example to see how a recruitment AI, a chatbot, a banned practice or a frontier model lands across the four risk tiers.

Informational, not legal advice. This tool triages against the published text of the Regulation; it does not certify compliance. Verify every result against EUR-Lex and qualified counsel.

How it works

The classifier encodes the decision logic of the EU AI Act — Regulation (EU) 2024/1689, in force since 1 August 2024 — as a strict, ordered decision tree. The primary risk tier is decided on a first-match-wins basis, while general-purpose AI (GPAI) and transparency duties are evaluated as parallel overlays that can stack on top of whatever tier your system lands in. There is no arithmetic: the only “computation” is ordered branching and set membership, so the result is fully deterministic and reproducible from the cited articles.

  1. Prohibited (Art 5). If the system performs any of the eight banned practices — social scoring, untargeted facial scraping, real-time remote biometric identification for law enforcement, emotion inference at work or school, and the rest — it is prohibited. It has been unlawful to place such a system on the market since 2 February 2025, so the tree short-circuits here and no obligation checklist is produced.
  2. High-risk (Art 6 + Annex I / Annex III). If the AI is a safety component of an Annex I regulated product, or its intended use falls in any of the eight Annex III areas (biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice), it is high-risk. Providers then carry the Art 9–15 duties — risk management, data governance, technical documentation, logging, transparency, human oversight and accuracy — plus conformity assessment and CE marking (Art 43, 48) and EU-database registration (Art 49). Deployers, importers and distributors carry the lighter duties of Art 26, 23 and 24 respectively.
  3. Limited-risk (Art 50). If the system is not high-risk but interacts with people, generates synthetic content, performs emotion recognition or biometric categorisation, or produces deepfakes, it is limited-risk: you must disclose the AI interaction, label synthetic and deepfake content in a machine-readable way, and notify people of emotion recognition.
  4. Minimal-risk. Everything else carries no mandatory obligations. The cross-cutting AI-literacy duty (Art 4, in force since 2 February 2025) and the voluntary codes of conduct (Art 95) are surfaced as recommendations.

The GPAI overlay (Art 51–55) attaches whenever you flag a general-purpose model: Art 53 documentation, a training-data summary and a copyright policy. Where training compute exceeds 10²⁵ FLOPs, the model is presumed to carry systemic risk (Art 51(2)), adding the Art 55 duties of model evaluation, adversarial testing, incident reporting and cybersecurity. Each result is double-checked: the same answers are re-run through an independent priority-table path, and the three worked examples below are encoded as a regression set so the tier logic cannot silently drift.

Worked examples

CV-screening recruitment AI (provider)

Sri Lankan vendor selling to an EU client

  1. Role = Provider; no Art 5 practice ticked → not prohibited.
  2. Not a GPAI model → no GPAI overlay.
  3. Intended use = Employment / HR → Annex III §4 ticked.
  4. First high-risk match wins → HIGH-RISK.
  5. Duties: Art 9–15 + conformity assessment (Art 43, 48) + registration (Art 49).
  6. Deadline: 2 August 2026 (Art 113). Art 6(3) self-exemption unlikely for ranking applicants.

Customer-support chatbot (deployer)

AI assistant on an e-commerce site

  1. Role = Deployer; no Art 5 practice → not prohibited.
  2. Not GPAI, not an Annex I product, no Annex III area → not high-risk.
  3. Transparency: interacts directly with people → Art 50(1) trigger.
  4. Result → LIMITED-RISK.
  5. Duty: tell users they are interacting with an AI, unless it is obvious (Art 50(1)).
  6. Deadline: 2 August 2026. AI-literacy (Art 4) surfaced as good practice.

Government social-scoring system (edge case)

Tests that the tree short-circuits at branch 1

  1. Art 5 ticked: social scoring of citizens → Art 5(1)(c).
  2. Even with law-enforcement and biometric answers also ticked…
  3. …the first branch matches and wins → PROHIBITED.
  4. Banned since 2 February 2025; no obligation checklist — the practice itself is unlawful.
  5. Confirms later high-risk and transparency answers cannot rescue a banned system.

Frequently asked questions

Sources & references

Article references, the Annex III areas and the Article 113 dates on this page were last cross-checked against the official EUR-Lex text on 2026-06-26. Dates and citations are a dated static snapshot — always confirm against the live Regulation, which prevails. This is informational triage, not legal advice.

Related tools

Rate this tool
Be the first to rate

Comments & feedback

Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.

Found a misclassification, edge case, or want to suggest an improvement?

Email me at [email protected] — most fixes ship within 24 hours.