EU AI Act risk levels: the four tiers explained

Tier 1: Unacceptable risk (Article 5)

Eight categories of AI practice are prohibited outright across the EU as of 2 February 2025. The list covers subliminal, purposefully manipulative, or deceptive techniques that materially distort behaviour and cause significant harm; exploitation of vulnerability by age, disability, or a specific social or economic situation; social scoring of natural persons leading to detrimental or unjustified treatment; predictive policing based solely on profiling or personality traits; creation or expansion of facial recognition databases through untargeted scraping of images from the internet or CCTV; emotion recognition in workplaces and educational institutions (with narrow exceptions); biometric categorisation that infers sensitive attributes such as race, political opinions, or sexual orientation; and real-time remote biometric identification in publicly accessible spaces by law enforcement (with narrow exceptions for serious crimes).

Note that the social scoring prohibition is not limited to public authorities. The Commission’s 2021 proposal narrowed it to "public authorities or on their behalf"; the Parliament and Council removed that limitation in trilogue, and the law as adopted catches any provider or deployer doing social scoring with the prohibited effects.

An ordinary SaaS or B2B product is almost never in this category. If you recognise your product in the list, stop and call a lawyer.

Tier 2: High risk (Article 6 + Annex III)

Permitted but heavily regulated. Annex III lists eight use cases: biometric identification, critical infrastructure, education and vocational training, employment and workforce management, access to essential services and benefits, law enforcement, migration and border control, and administration of justice and democratic processes.

Article 6 sets a second legal test: a system is high-risk if it is a safety component of a product covered by EU sectoral legislation listed in Annex I (medical devices, toys, machinery, lifts, radio equipment, marine equipment, and others), and if that product requires third-party conformity assessment.

Most SME B2B products do not fall in Annex III. The exception that catches founders most often is employment. Any AI that materially affects hiring decisions, performance evaluation, promotion, or termination is in scope, even if the buyer is a third party using your product to make those decisions.

Tier 3: Limited risk (Article 50)

Transparency obligations only. This is where most consumer-facing and B2B AI products land.

Users must be told they are interacting with an AI system when it is not obvious from context. Deepfakes must be labelled. AI-generated text published in the public interest must be disclosed. Chatbots must identify themselves as such unless the entire interaction context makes it obvious. Synthetic content (images, audio, video) must be machine-readable as AI-generated.

Tier 4: Minimal risk

No specific obligations under the Act. Most AI in the market today falls here: spam filters, recommendation engines, the autocomplete in your CRM, AI-assisted code completion, basic content moderation. Voluntary codes of conduct are encouraged but not required.

How to classify your own system

• List the AI systems you provide or deploy. For each one, write a one-line intended purpose.
• Run the prohibitions check first (Article 5). If you recognise your product in the prohibited list, stop here.
• Run the Annex III check second. Does the intended purpose fall under any of the eight listed use cases?
• Run the Article 6 sectoral check third. Is your product a safety component of an Annex I product?
• If neither high-risk test catches you, check Article 50. Does the system interact with users, generate synthetic content, or produce text published in the public interest?
• If none of the above, you are in the minimal-risk tier.
• Document the reasoning at each step. Classification rationale is itself a regulatory artefact.

Worked examples (the SME product types we see most often)

Abstract classification is hard to apply to a specific product. The following are the SME product types we see most often, and the default tier each lands in. Your own classification still depends on your exact intended purpose and how the system is deployed.

• CV-screening or candidate-ranking AI used in hiring. High risk. Annex III point 4 catches AI used for recruitment, selection, or decisions materially affecting work relationships. Applies whether you are the provider selling the AI or the deployer using it. This is the exception that catches founders most often.
• AI-assisted performance evaluation or promotion-decision support. High risk. Same Annex III point 4: materially affects work relationships.
• AI used to determine creditworthiness or credit-scoring. High risk. Annex III point 5 catches this explicitly, with a narrow exception for fraud detection.
• Customer-facing chatbot or AI assistant on your product. Limited risk (Article 50). You must disclose that users are interacting with an AI system, unless the context makes it obvious. No further AI Act obligations.
• Generative AI producing synthetic images, audio, video, or text (deepfake-capable or otherwise). Limited risk. Article 50 requires the synthetic output to be machine-readable as AI-generated, plus user-facing disclosure where applicable.
• AI-generated text published in the public interest (a news bot, an analyst-report generator, a public commentary tool). Limited risk. Article 50 requires explicit disclosure that the content is AI-generated.
• Recommendation engine on a B2C site (product recommendations, content recommendations). Minimal risk in most cases. Annex III point 5 catches AI that allocates essential services or benefits, not e-commerce ranking.
• AI-assisted code completion or developer tooling. Minimal risk. Outside Annex III, and Article 50 transparency is satisfied by context: the user knows it is an AI tool.
• Internal RAG over your own company documents, used only by employees. Minimal risk for AI Act purposes (no external output placed on the market). Data protection obligations still apply if it processes personal data.
• Biometric authentication for consumer app login (face unlock or fingerprint match). Annex III(1)(a) is scoped to remote biometric identification systems. Biometric verification, defined in Article 3(36) as one-to-one matching where the person actively presents themselves to confirm a claimed identity, sits outside that scope. The typical "log in with your face" use case is therefore generally outside the high-risk regime, but verify against the latest Commission guidance for your exact deployment, particularly if the verification is done remotely or at scale.
• Emotion recognition for sentiment analysis on customer-support tickets. Limited risk if used outside workplace and education contexts. Article 5(1)(f) prohibits emotion recognition in workplaces and educational institutions specifically; analysing customer-facing text is outside that prohibition.