The EU AI Act uses four risk levels: unacceptable (banned), high-risk (heavy regulation), limited risk (transparency rules), and minimal risk (mostly free to use). Most common business tools like ChatGPT fall into the limited or minimal risk categories.
AI Risk Categories: How the EU AI Act Classifies Your AI Tools
The Four Risk Levels
The EU AI Act doesn't treat all AI the same way. Instead, it sorts AI systems into four categories based on how much harm they could cause. This risk-based approach means that a simple email filter gets treated very differently from an AI system that decides who gets a bank loan.
Understanding which category your AI tools fall into is the first step toward knowing what rules you need to follow. Most small businesses will find their tools sit in the lower two categories, which means lighter requirements.
Unacceptable and High-Risk AI
At the top are AI systems that are simply banned — things like social scoring (rating citizens based on behavior), real-time facial recognition in public spaces (with limited exceptions), and AI that manipulates people in harmful ways. If you're running a normal business, you're unlikely to encounter these.
High-risk AI includes systems used for hiring and recruitment, credit scoring, educational assessments, and critical infrastructure management. If your business uses AI for any of these purposes, you'll face strict requirements including risk assessments, human oversight, technical documentation, and quality management systems.
Limited and Minimal Risk AI
Limited-risk AI systems have mainly transparency obligations. This includes chatbots (you must tell users they're talking to AI), deepfake generators (you must label the content), and emotion recognition systems. If you use a chatbot on your website, you need to make sure visitors know it's AI-powered.
Minimal-risk AI covers everything else — spam filters, AI-powered search, recommendation systems, and most business productivity tools. These have almost no specific requirements under the EU AI Act, though you still need to comply with the general AI literacy obligation.
How to Figure Out Where Your Tools Fall
Start by listing every AI tool your business uses. For each one, ask: what decisions does it make or help make? If it's just helping you write emails or organize your calendar, it's likely minimal risk. If it's screening job applications or assessing creditworthiness, it's probably high-risk. When in doubt, treat it as the higher category until you can confirm otherwise.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.