Home AI Risk Classification
EU AI Act · Annex III

AI risk classification: complete process and mistakes to avoid

The 4 EU AI Act risk categories, the 8 Annex III domains, the step-by-step classification process and the consequences of getting it wrong.

The 4 EU AI Act risk categories

The EU AI Act establishes a risk-based approach with four levels. The category a system belongs to determines which obligations apply. Classification is not optional: every organisation that develops or deploys AI systems must determine the risk level of each one and document the justification.

Classify your systems automatically

Kaitalog checks Annex III automatically and proposes the classification with auditable normative justification.

Start free
Category 1 — Prohibited (Art. 5)

Unacceptable risk

Systems whose risk is so high they are directly prohibited from 2 February 2025. Includes: subliminal manipulation, exploitation of group vulnerabilities (age, disability), social scoring of citizens, most real-time biometric identification in public spaces, emotion inference in workplaces and educational settings, and crime prediction systems based on profiling.

Category 2 — High risk (Annex III)

Full obligations

Systems with significant impact on fundamental rights or safety, listed in the 8 Annex III domains. Examples: credit scoring, HR selection systems, remote biometric identification, critical infrastructure components. Require risk management, technical documentation, EU registration, transparency and human oversight (Arts. 8–15).

Category 3 — Limited (Art. 50)

Transparency obligations

Systems that interact directly with people (chatbots, voice assistants) or generate synthetic content (deepfakes, AI-generated text). The primary obligation is to notify users they are interacting with AI or that content has been AI-generated. Applies to image, audio and video synthesis systems.

Category 4 — Minimal

No specific obligations

The vast majority of current AI systems: spam filters, content recommenders, AI in video games, productivity tools with embedded AI that do not influence significant decisions. No mandatory obligations, though voluntary codes of conduct are encouraged.

The 8 Annex III high-risk domains

If a system operates in any of these 8 domains, it is high-risk. Verification of each domain must be documented in the inventory — even when the conclusion is negative:

Domain 1 — Biometric identification and categorisation

Remote biometric identification systems (facial recognition, voice, gait). Also includes systems that categorise persons by sensitive characteristics (ethnicity, gender, sexual orientation, political beliefs) inferred from biometric data. Most facial recognition systems are automatically high-risk.

Domain 2 — Critical infrastructure

Systems acting as safety components in electricity network management, water and gas supply, transport infrastructure (rail, aviation, traffic), critical digital infrastructure and systemic financial services.

Domain 3 — Education and vocational training

Systems determining access to educational or training institutions, assessing learning outcomes, assigning educational tasks or detecting prohibited behaviour (cheating) in exams. University admissions systems using AI fall within this domain.

Domain 4 — Employment and worker management

Candidate screening and filtering (ATS with AI, CV screening), performance evaluation, task assignment, worker productivity monitoring and systems making decisions affecting employment terms. One of the highest-impact domains for mid-to-large enterprises.

Domain 5 — Essential private and public services

Credit scoring and creditworthiness assessment, health and life insurance eligibility evaluation, eligibility for public benefits (unemployment, housing, healthcare), and emergency services systems determining priority of response.

Domain 6 — Law enforcement

Recidivism risk assessment, evidence analysis, digital polygraphs, crime prediction, criminal network identification. Only applicable to law enforcement authorities and equivalent public bodies — not applicable to private companies unless acting in delegation.

Domain 7 — Migration, asylum and border control

Irregular migration risk assessment, document verification, asylum and visa application assessment, AI-based border management systems. Primarily a governmental scope.

Domain 8 — Administration of justice and democratic processes

Systems assisting judicial bodies in law research and interpretation, alternative dispute resolution systems, and systems influencing electoral processes and democratic participation.

Step-by-step classification process

Step 1 — Is it an AI system under the regulation's definition?

Art. 3(1) of the EU AI Act defines an AI system as a machine-based system that operates with varying degrees of autonomy and can generate outputs such as predictions, recommendations, decisions or content that influence real environments. Not every piece of software qualifies as an AI system under this definition.

Step 2 — Does it fall under Art. 5 prohibitions?

Check for prohibited categories: subliminal manipulation, exploitation of vulnerabilities, social scoring, real-time biometric identification in public spaces (with exceptions), emotion inference in workplaces/education, and crime prediction based on profiling.

Step 3 — Does it fall within any Annex III domain?

Check all 8 domains individually. The check must be explicitly documented for each domain, including justification for why the system does not fall within domains where the answer is negative. An undocumented check is equivalent to no check at all for an audit.

Step 4 — Does it have transparency obligations (Art. 50)?

If the system interacts directly with people (chatbot, virtual assistant) or generates synthetic content (images, audio, video, text presented as real), Art. 50 transparency obligations apply.

Step 5 — Document the classification

The final classification must be recorded in the inventory with: assigned risk level, normative justification (citing specific articles), date of classification, person who performed it, and next review date.

Common classification mistakes

  • Under-classifying to avoid obligations: assuming a system is minimal risk without systematically checking Annex III. If the system is actually high-risk and obligations have not been met, fines can reach 3% of global turnover.
  • Ignoring the use context: the same AI model can be minimal risk in one context (movie recommendations) and high-risk in another (credit scoring). Classification depends on the specific use case, not the algorithm type.
  • Not reviewing classification after changes: a significant system update or a change in its use can alter the risk category. Classifications must be reviewed when the system changes.
  • Treating classification as a purely technical decision: risk classification has legal consequences and must involve the legal or compliance team, not only technical staff.

How Kaitalog handles classification

Kaitalog's classification module guides the system owner through a structured questionnaire that verifies all 8 Annex III domains and Art. 5 prohibitions:

  • Guided questionnaire: plain-language questions adapted to the system's context, requiring no deep legal knowledge from the classifier.
  • Automatic Annex III check: the classification engine verifies each domain and generates a risk level proposal with exact normative references.
  • Auditable justification: each classification generates a justification document citing applicable articles and annexes, ready to present to auditors or the supervisory authority.
  • Committee validation: the classification proposal goes through a validation workflow where the AI Committee can approve, reject or escalate the decision with full traceability.

Frequently asked questions

Who is responsible for classifying an AI system's risk? +
Classification responsibility falls on the provider for systems they commercialise, and on the deployer for third-party systems they use. In practice, classification should involve the technical team (who knows the system), the legal or compliance team (who interprets the regulation) and the AI Committee (who validates and documents the decision).
What happens if I incorrectly classify a high-risk AI system as minimal risk? +
If the system should be classified as high-risk and the corresponding obligations have not been met (risk management, technical documentation, human oversight, etc.), the organisation can face fines of up to 3% of its global annual turnover. If the system causes harm, incorrect classification also aggravates liability. Classification must be documented with normative justification to demonstrate due diligence.
Is a customer service chatbot high-risk? +
It depends on its use. A chatbot that only answers questions about opening hours or products is limited risk (Art. 50 — obligation to identify as AI). If the chatbot makes or influences decisions about credit, insurance or access to essential services, it can be high-risk (Annex III Domain 5). If it also processes biometric data (voice recognition with identification), it may even be high-risk under Domain 1.
How often should I review the risk classification? +
Classification should be reviewed whenever there is a significant change in the system (new version, new use case, new training data) or in the regulatory context. At minimum, an annual review is recommended for all systems in the inventory. Annex III updates may expand or modify high-risk domains, which can affect previous classifications.
How does Kaitalog classify AI systems? +
Kaitalog guides the system owner through a structured questionnaire that systematically verifies all 8 Annex III domains and Art. 5 prohibitions. The system proposes a classification with normative justification citing applicable articles. The proposal goes through Committee validation before being recorded in the inventory, with full traceability of who classified, when and with what justification.

Classify your systems with legal certainty

Kaitalog checks Annex III automatically and generates auditable normative justification.

Start free →