Quick answer

The EU AI Act sorts AI systems into four tiers: unacceptable risk (banned practices), high risk (strict requirements for uses such as hiring and credit), limited risk (transparency duties for chatbots and synthetic content), and minimal risk (no new obligations). General-purpose AI models sit in a separate parallel regime.

Updated June 2026 · MmowW AI Compliance

EU AI Act Risk Categories Explained: The Four Tiers and GPAI Layer

How Do the EU AI Act Risk Categories Work

The architecture of Regulation (EU) 2024/1689 is a pyramid. At the top sits a short list of AI practices considered incompatible with EU values, which are banned. Below that sits a defined set of high-risk uses, where AI is permitted but tightly conditioned. Next comes a transparency band for AI that interacts with people or produces content. The wide base of the pyramid is minimal risk, where the Act imposes no new requirements. Alongside the pyramid, because they can feed systems at any level, general-purpose AI models have their own chapter of obligations. Classification is not a one-time label on a company; it attaches to each AI system based on its intended purpose and context of use, which is why the same underlying technology can sit in different tiers in different products.

The Four Tiers at a Glance

TierExamplesLegal consequenceApplies from
Unacceptable riskSocial scoring, harmful manipulation, untargeted facial image scraping, emotion recognition at work and schoolProhibited under Article 5February 2, 2025
High riskCV screening, credit scoring, exam assessment, safety components, border control toolsFull requirements, conformity assessment, registrationAugust 2, 2026, product-embedded cases August 2, 2027
Limited riskChatbots, deepfakes, AI-generated text and mediaTransparency duties under Article 50August 2, 2026
Minimal riskSpam filters, game AI, inventory forecasting, recommendation widgetsNo new obligations, voluntary codes encouragedNot applicable

Unacceptable Risk: The Banned Practices

Article 5 prohibits a closed list of practices rather than technologies. The list includes subliminal or purposefully manipulative techniques that materially distort behaviour and cause or are reasonably likely to cause significant harm; exploitation of vulnerabilities linked to age, disability, or social and economic situation; social scoring leading to detrimental treatment unrelated to the original context of the data; assessing the risk of a person committing a criminal offence based solely on profiling or personality traits; untargeted scraping of facial images from the internet or CCTV to build facial recognition databases; emotion inference in workplaces and educational institutions except for medical or safety reasons; biometric categorisation to deduce sensitive attributes such as race, political opinions, or sexual orientation; and real-time remote biometric identification in publicly accessible spaces for law enforcement, subject to narrow, authorised exceptions. These bans have applied since February 2, 2025 and carry the highest fines in the Act.

High Risk: Permitted but Conditioned

High-risk status arises by two routes under Article 6. Route one covers AI that is a product, or a safety component of a product, already regulated by EU harmonisation legislation listed in Annex I, machinery, medical devices, toys, lifts, vehicles, and similar, where that product requires third-party conformity assessment. Route two covers the standalone use cases listed in Annex III: biometric identification and categorisation, critical infrastructure management, education and vocational training, employment and worker management, access to essential private and public services including credit scoring and life and health insurance pricing, law enforcement, migration and border management, and administration of justice and democratic processes. A derogation softens route two: a system in an Annex III area that performs only narrow procedural or preparatory tasks and does not materially influence decisions may escape high-risk status, but the provider must document that assessment and, for most cases, still register the system. Providers of high-risk systems face the full programme of risk management, data governance, documentation, logging, transparency to deployers, human oversight, accuracy and robustness, quality management, conformity assessment, CE marking, and registration; deployers face oversight, monitoring, log retention, and information duties.

Limited Risk: The Transparency Band

Article 50 attaches disclosure duties to AI whose risk lies mainly in people not realising AI is involved. Systems intended to interact directly with people must be designed so users know they are dealing with AI, unless that is obvious from context. Providers of systems generating synthetic audio, images, video, or text must ensure outputs are marked as artificially generated in a machine-readable, technically feasible way. Deployers must disclose deepfakes, and must disclose AI-generated or manipulated text published to inform the public on matters of public interest, unless the content underwent human editorial review with a person taking responsibility. These duties stack with other tiers: a high-risk system that also chats with users carries both sets of obligations.

Minimal Risk: The Quiet Majority

Everything that is neither prohibited, high-risk, nor caught by transparency rules is minimal risk, and the Act deliberately leaves it alone. Spam filtering, predictive text, route optimisation, stock forecasting, code completion, and most internal analytics live here. Two horizontal points still apply. The AI literacy duty in Article 4 covers providers and deployers of all AI systems, requiring staff who operate AI to have sufficient understanding for their role. And Article 95 encourages voluntary codes of conduct, through which organisations can apply selected high-risk practices to lower-risk systems as a matter of good governance. Minimal risk is a floor under the Act, not an exemption from other law: GDPR, consumer protection, and sector rules continue regardless.

The Separate Layer: General-Purpose AI Models

General-purpose AI models, models trained on broad data, capable of many tasks, and usable in many downstream systems, are regulated through their providers rather than through the risk pyramid. All GPAI model providers must maintain technical documentation, give downstream system builders the information they need to comply, adopt a copyright policy, and publish a summary of training content. Models classified as posing systemic risk, by reference to criteria including a training-compute threshold of ten to the twenty-fifth floating point operations, additionally require model evaluations, adversarial testing, systemic risk mitigation, incident reporting, and cybersecurity protection. These obligations have applied since August 2, 2025, with models placed on the market before that date given until August 2, 2027. The model layer and the system pyramid interlock: a high-risk recruitment system built on a general-purpose model gives the system provider Annex III duties while the model provider answers for the model.

How to Classify Your Own Systems

Run each inventoried system through four questions in order. Does its use match any Article 5 prohibited practice? If yes, stop using or selling it; there is no compliance path for banned practices. Is it a regulated product safety component, or does its intended purpose fall within Annex III? If yes, it is presumptively high-risk; check whether the narrow-task derogation genuinely applies and document the reasoning. Does it interact with people or generate content? Then transparency duties attach. Otherwise it is minimal risk; record it and move on. Classify by intended purpose as defined by the provider, not by theoretical capability, and revisit classifications when a tool is repurposed, because pointing a minimal-risk tool at hiring or credit decisions re-runs the whole analysis with a different result.

Why the Tiers Are Drawn Where They Are

The categories follow a consistent logic that helps in borderline cases. The banned tier captures practices whose harm is considered inherent: no amount of documentation makes covert manipulation or social scoring acceptable, so the law offers no compliance path. The high-risk tier captures decisions that gatekeep people's lives, work, money, education, essential services, justice, where AI is valuable but errors and bias have serious consequences, so the law demands engineering and governance discipline rather than prohibition. The transparency tier captures deception risk: the harm of a chatbot or synthetic image lies mostly in people not knowing, so the remedy is disclosure rather than heavy process. Minimal risk is everything whose failure modes are ordinary commercial ones already handled by existing law. When you cannot decide where a novel use belongs, asking which of these four harms it most resembles, inherent harm, gatekeeping harm, deception harm, or ordinary harm, usually points to the right tier faster than rereading the annexes.

Timing: When Each Tier Starts to Bite

The tiers also switched on at different moments, which matters for planning. The prohibitions have applied since February 2, 2025, together with the AI literacy duty. The general-purpose model regime began on August 2, 2025. The transparency duties and the bulk of the high-risk regime apply from August 2, 2026, which is the operative deadline for most businesses. High-risk systems that are safety components of products under Annex I legislation have until August 2, 2027, aligned with their product conformity cycles. One practical consequence: an organisation cannot sequence its work purely by tier severity, because the banned tier is already live while parts of the high-risk tier are still approaching. The correct order of operations is screening against the prohibitions first, literacy second, then the August 2026 preparations by role, providers starting earliest because conformity assessment has the longest lead time.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.