Minimal-risk AI systems, the large majority of business AI such as spam filters, forecasting, and productivity tools, face no new requirements under the EU AI Act. Two things still apply: the Article 4 AI literacy duty for staff who operate AI, and the need to document why each system is genuinely minimal risk.
EU AI Act Minimal-Risk AI: What Obligations Actually Apply
What Is Minimal-Risk AI Under the EU AI Act
Minimal risk is the default category in Regulation (EU) 2024/1689: every AI system that is not prohibited under Article 5, not high-risk under Article 6, and not subject to the transparency rules of Article 50 lands here. The Act attaches no new requirements to the tier itself. No conformity assessment, no registration, no technical documentation, no logging mandates, no CE marking. This is a deliberate design decision: the European legislator chose to concentrate regulatory weight on a defined set of sensitive uses and to leave the broad mass of everyday AI alone. For most ordinary businesses, most of the AI they touch, often all of it, is minimal risk, which makes the category the single most reassuring fact about the Act and also the one most worth verifying rather than assuming.
Which Tools Typically Qualify
Common minimal-risk examples include spam and phishing filters, predictive text and autocomplete, grammar and writing assistants used internally, machine translation for internal purposes, code completion tools, route and logistics optimisation, demand and inventory forecasting, anomaly detection in IT operations, internal search and document retrieval, photo organisation, meeting transcription and summarisation for internal use, and AI in video games. The shared pattern is that these systems do not make or materially shape decisions about people's access to work, money, education, or essential services, do not interact with the public in ways that could mislead, and do not generate content published outward. Note the qualifier internal that recurs in the list: the same writing assistant drifts toward transparency territory the moment its output is published to inform the public without human editorial responsibility.
The One Duty That Always Applies: AI Literacy
Article 4 requires providers and deployers of AI systems, of any risk level, to take measures to ensure, to their best extent, a sufficient level of AI literacy among staff and other persons operating and using AI systems on their behalf. The duty has applied since February 2, 2025, and it scales with context: the training a logistics planner needs to use a forecasting tool sensibly differs from what an HR officer overseeing a screening system needs. For a minimal-risk-only organisation, a proportionate programme usually means a short structured training covering what the organisation's AI tools do, their known limitations such as fabricated outputs and bias, what data may and may not be entered into them, and when to escalate to a human, plus a record of who was trained and when. The record matters: literacy is the one Act obligation a purely minimal-risk business can demonstrably fail.
What Minimal Risk Does Not Exempt You From
| Still applies | Why |
|---|---|
| GDPR | Any processing of personal data by an AI tool remains fully regulated, including data entered into prompts |
| Consumer protection and unfair practices law | Misleading uses of AI outputs remain unlawful regardless of AI Act tier |
| Sector rules | Financial, medical, and other supervisory frameworks continue to govern AI use in their domains |
| Employment law | Workplace monitoring and management duties exist independently of the Act |
| Contract and liability law | Harm caused by AI-assisted work is judged under ordinary rules |
Minimal risk describes the AI Act's posture only. The most common compliance failure involving minimal-risk tools is not an AI Act breach at all; it is staff pasting personal or confidential data into external AI services, which is a GDPR and confidentiality problem the literacy training should address head-on.
Voluntary Codes of Conduct Under Article 95
The Act encourages, without requiring, providers and deployers of non-high-risk AI to adopt codes of conduct that voluntarily apply selected high-risk practices, such as elements of risk management, documentation, or human oversight, and commitments on sustainability, accessibility, stakeholder participation, and team diversity. The AI Office and member states are tasked with facilitating such codes, with SME interests taken into account. For a business, joining or writing a code is a governance and trust instrument: it signals to customers and partners that AI use is managed, and it builds the internal muscle that becomes mandatory if any tool later crosses into high risk. Voluntary means voluntary, though: a minimal-risk organisation that adopts no code breaches nothing.
Why You Must Still Document the Classification
Minimal risk is a conclusion, not an assumption, and conclusions need evidence. Three reasons make a written record worth the small effort. First, classifications are contestable: if an authority or customer asks why your CV-parsing plugin is not an Annex III employment tool, a dated assessment with reasoning answers in minutes what an unprepared scramble answers badly. Second, tools drift: vendors add features, teams find new uses, and yesterday's harmless summariser becomes today's candidate-ranking assistant. A documented inventory with classifications is what lets you notice the drift. Third, procurement: enterprise customers increasingly require suppliers to state classifications for the AI in their products and operations, and a maintained register turns that from a project into a lookup. A single spreadsheet with system name, vendor, purpose, classification, reasoning, owner, and review date is fully adequate for a small organisation.
Watch the Boundaries: When Minimal Risk Stops Being Minimal
Four boundary crossings deserve standing vigilance. Repurposing: pointing any tool at decisions about employment, credit, education, essential services, or biometrics moves it toward high risk regardless of how it is marketed. Publication: AI-generated text, images, audio, or video released to the public engages Article 50 marking and disclosure duties, and deepfakes engage them strongly. Interaction: deploying a bot that converses with customers triggers the duty to make its artificial nature clear unless obvious. Emotion and biometrics: switching on features that infer emotions or categorise people biometrically can jump several tiers at once, including into prohibited territory in workplace settings. Build these triggers into change management: any new AI feature, vendor upgrade, or novel use case gets a one-line reclassification check before launch.
A Right-Sized Programme for a Minimal-Risk Organisation
The complete, proportionate package for a business whose AI is all minimal risk fits on one page. Maintain the AI inventory with documented classifications and a named owner. Run and record AI literacy training appropriate to each role, refreshed periodically and at onboarding. Set an acceptable-use rule for AI tools covering data entry, confidentiality, and output verification. Add the reclassification check to change management. Ask vendors to notify you of material feature changes. Review the whole picture quarterly. That is the entire AI Act footprint for the majority of small and medium businesses in Europe, and it doubles as the foundation you would build on if your AI ambitions later grow into regulated territory.
How Minimal Risk Compares Across Roles
The category treats providers and deployers almost identically, which is unusual in the Act. A provider selling a minimal-risk product faces no conformity assessment, registration, or technical file requirements from the Act itself, though sensible vendors prepare a short classification statement because business customers ask for one. A deployer using minimal-risk tools owes literacy training and nothing tier-specific. The one asymmetry worth noting is reputational and contractual: providers are the ones markets hold responsible for classification claims. A vendor that markets a tool as minimal risk while its intended purpose plainly serves hiring decisions is not just wrong, it exposes every customer who relied on the claim, and deployers are learning to verify rather than accept labels. Both sides benefit from the same artefact: a plain-language statement of intended purpose, because intended purpose is what classification legally follows, and vague purpose statements are how tools wander across tier boundaries unnoticed.
Frequently Misclassified Tools
Experience with early inventories shows a handful of tools that organisations habitually misfile as minimal risk. CV parsers and applicant-matching plugins inside HR suites belong to the employment category and are presumptively high-risk, even when bought as minor add-ons. Productivity monitoring dashboards that score employee performance touch worker management. Chat widgets on public websites are not minimal risk but transparency-tier, requiring disclosure of their artificial nature. Identity verification using face matching is biometric and regulated heavily. In the other direction, organisations sometimes over-classify: internal code assistants, meeting summarisers, and translation tools used by staff are normally minimal risk, and treating them as high-risk wastes effort that the genuinely sensitive systems need. The corrective for both errors is the same discipline: classify by documented intended purpose and actual use, tool by tool, rather than by product category or vendor marketing language. When an inventory review surfaces one of these misfiled tools, treat it as a routine correction rather than a crisis: reclassify it, pull the corresponding duties into your plan, inform the affected teams, and note the lesson in the next literacy session so the same pattern is spotted earlier next time.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.