Skip to main content
regulation

EU AI Act Risk Categories: A Glossary Reference for Legal Professionals

A plain-language, article-cited glossary defining the four EU AI Act risk categories — unacceptable, high, limited, and minimal — with practical examples for legal practice, a classification decision tree, and the updated Digital Omnibus timeline.

Primary source: Regulation (EU) 2024/1689, Art. 3(2), Art. 5, Art. 6, Annex III, Art. 50, Art. 99
Related terms: high-risk AI system, general-purpose AI, systemic risk, prohibited AI practices, transparency obligation
Updated

Regulation (EU) 2024/1689, the EU Artificial Intelligence Act, does not apply a single set of rules to all AI systems. Instead, it establishes a risk-based framework: the greater the potential for harm to health, safety, or fundamental rights, the stricter the obligations. The Act formally defines risk in Article 3(2) as "the combination of the probability of an occurrence of harm and the severity of that harm." This definition underpins the four-tier classification system that determines what a provider or deployer must do — or must not do — before and while an AI system is placed on the market.

The four categories are: unacceptable risk (prohibited outright under Article 5), high risk (subject to the Act's most comprehensive compliance requirements under Article 6 and Annex III), limited risk (subject only to transparency obligations under Article 50), and minimal risk (the default category with no mandatory obligations). Only the first two categories are formally named in the regulation text. "Limited risk" and "minimal risk" are descriptive labels used in Commission communications and secondary literature to describe systems that fall outside the higher tiers.

A four-tier inverted pyramid infographic showing the EU AI Act risk categories from top to bottom: Unacceptable Risk (dark red, Art. 5), High Risk (burnt orange, Art. 6 + Annex III) as the largest tier, Limited Risk (amber, Art. 50), and Minimal Risk (green) as the widest tier.
The EU AI Act's four risk categories form a pyramid, with the strictest obligations at the top and the broadest, least regulated category at the base.

Unacceptable Risk (Art. 5) — Prohibited AI Practices

Article 5 lists AI practices that are considered an unacceptable threat to fundamental rights, safety, or democratic processes. These systems are banned outright within the EU. The prohibitions have been enforceable since February 2, 2025, making them the first set of obligations to take effect under the Act.

The prohibited practices under Article 5 include:

  • Deploying subliminal, manipulative, or deceptive techniques that materially distort a person's behavior and cause significant harm.
  • Exploiting vulnerabilities related to age, disability, or socio-economic situation to materially distort behavior and cause significant harm.
  • Social scoring by public or private entities that leads to detrimental or unjustified treatment.
  • Making individual risk assessments for criminal offending based solely on profiling or personality traits (with a narrow exception for supporting human assessment based on objective, verifiable facts).
  • Creating or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage.
  • Inferring emotions in workplaces or educational institutions (except for medical or safety reasons).
  • Biometric categorisation to deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation.
  • Use of "real-time" remote biometric identification in publicly accessible spaces for law enforcement, with narrow exceptions for targeted searches for victims, prevention of specific substantial and imminent threats, and localization of suspects of serious crimes listed in Annex II.

For legal professionals, the practical implication is clear: a law firm cannot deploy an AI system that performs social scoring of job applicants, nor can it use an AI tool that scrapes facial images from public sources to build a database. Any system that falls into these categories is illegal to place on the market or put into service in the EU, regardless of the intended use case.

High Risk (Art. 6 + Annex III) — Strictest Compliance Obligations

The high-risk category carries the most extensive set of obligations in the AI Act. Classification follows a dual pathway established by Article 6.

The Dual-Pathway Classification

Under Article 6(1), an AI system is high-risk if it is intended as a safety component of a product (or is itself a product) covered by the Union harmonisation legislation listed in Annex I, and that product requires third-party conformity assessment under that legislation. This covers AI embedded in medical devices, lifts, vehicles, and machinery.

Under Article 6(2), standalone AI systems that fall into any of the eight categories listed in Annex III are also considered high-risk. These categories are:

The eight Annex III categories that trigger high-risk classification for standalone AI systems under Article 6(2).
Annex III CategoryExamples Relevant to Legal Practice
1. BiometricsRemote biometric identification, biometric categorisation inferring sensitive attributes, emotion recognition
2. Critical infrastructureSafety components in management of critical digital infrastructure, road traffic, or utility supply
3. Education and vocational trainingAI used to determine access to institutions or evaluate learning outcomes
4. Employment and workers managementRecruitment tools, candidate evaluation, performance monitoring
5. Access to essential private and public servicesCreditworthiness assessment, health/life insurance risk pricing, emergency call prioritization
6. Law enforcementRisk assessment for crime, evaluation of evidence reliability, profiling during investigations
7. Migration, asylum, and border controlRisk assessment for security or health, examination of visa or asylum applications
8. Administration of justice and democratic processesAI used by a judicial authority to assist in researching or interpreting facts and law, or used similarly in alternative dispute resolution

Category 8 is the most directly relevant to legal practice. An AI tool that assists a judge in researching case law, or that helps an arbitrator interpret facts and apply the law, is classified as high-risk under Annex III. This means the provider of such a tool must comply with the full set of high-risk obligations before placing it on the market.

The Article 6(3) Exemption

A provider can escape high-risk classification for an Annex III system by documenting that the system does not pose a significant risk of harm to health, safety, or fundamental rights, and that it meets at least one of four conditions under Article 6(3):

  • (a) The system performs a narrow procedural task.
  • (b) The system improves the result of a previously completed human activity.
  • (c) The system detects decision-making patterns or deviations from prior patterns without replacing or influencing the prior human assessment without proper human review.
  • (d) The system performs a preparatory task to an Annex III assessment.

However, Article 6(4) makes clear that an Annex III system is always high-risk if it performs profiling of natural persons. Providers who believe their system qualifies for the exemption must document that assessment before placing the system on the market and must register the system under Article 49(2).

The Seven Compliance Requirements

For systems that are classified as high-risk, providers must meet seven requirements before market entry:

  • Establish a risk management system throughout the system lifecycle.
  • Implement data governance and data management practices, including examining for biases.
  • Draw up detailed technical documentation.
  • Design for automatic record-keeping and logging.
  • Provide transparency and instructions for use to deployers.
  • Design for human oversight.
  • Achieve appropriate levels of accuracy, robustness, and cybersecurity.

For a detailed breakdown of these obligations from a deployer's perspective, see our EU AI Act High-Risk AI Obligations for Legal Services: A Deployer's Guide.

Limited Risk (Art. 50) — Transparency Obligations

The limited risk category covers AI systems that present a risk of manipulation or deceit — primarily chatbots, deepfakes, and emotion recognition systems. The term "limited risk" is not a formal statutory heading in the Act text; it is a descriptive label used in Commission communications. Some sources refer to this tier as "transparency risk" instead.

The only obligation for limited risk systems is transparency under Article 50: deployers must ensure that end-users are informed they are interacting with AI, unless it is obvious from the context. For AI-generated or manipulated content (deepfakes), the disclosure must be disclosed as artificially generated or manipulated.

For legal practice, this means a law firm's client-facing chatbot must clearly disclose that it is an AI system and not a human attorney. A firm using AI to generate client communications or legal documents must ensure that recipients are aware of the AI-generated nature of the content where required.

Minimal Risk — Default Category, No Mandatory Obligations

Minimal risk is the default category for AI systems that do not fall into any higher-risk tier. These systems face no mandatory obligations under the AI Act. Examples include spam filters, AI-enabled video games, and AI-powered grammar checkers used internally.

This category covers the majority of AI applications currently available on the EU single market. For legal professionals, a simple internal document formatting tool or a calendar scheduling assistant that uses AI would typically fall into this category — provided it does not perform any of the functions listed in Annex III.

General-Purpose AI (GPAI) and Systemic Risk (Art. 51–55)

General-purpose AI models are defined in Article 3(63) as AI models trained with a large amount of data using self-supervision at scale that display significant generality and are capable of competently performing a wide range of distinct tasks. These models — such as GPT-4o, Claude, and Llama — are subject to their own tiered framework.

GPAI models are divided into two tiers:

  • Non-systemic GPAI models: Subject to transparency requirements, including providing technical documentation and a summary of training data.
  • Systemic GPAI models: Triggered when the cumulative compute used for training exceeds 10^25 FLOPs (Article 51). These models face additional obligations including model evaluations, adversarial testing, incident reporting, and cybersecurity requirements.

For legal professionals, the practical implication is that a law firm using a GPAI model through an API — for example, using GPT-4o to draft contract clauses — should verify that the model provider is compliant with the applicable GPAI obligations. The firm itself may not be the provider, but it should be aware of the compliance posture of the tools it deploys.

Penalties for Misclassification (Art. 99)

Article 99 establishes a tiered penalty structure that scales with the severity of the infringement. The highest penalties apply to the most serious violations.

Penalty tiers under Article 99 of the EU AI Act.
Infringement TypeMaximum Penalty
Prohibited practices (Art. 5) and non-compliant high-risk systems€35 million or 7% of global annual turnover, whichever is higher
Non-compliance with most other obligations (e.g., transparency, data governance)€15 million or 3% of global annual turnover
Providing incorrect or misleading information to notified bodies€7.5 million or 1% of global annual turnover

Penalties apply to both providers and deployers. A law firm that deploys a high-risk AI system without ensuring the provider has completed a conformity assessment faces penalties up to the higher of €35 million or 7% of its global annual turnover. For a large international firm, this could represent a substantial financial exposure.

For a comprehensive reference on all compliance obligations, see our EU AI Act Compliance Obligations for Legal Professionals: A Structured Reference.

Classification Decision Tree for Legal AI Tools

Legal professionals evaluating an AI system for use in practice can follow this decision tree to determine its risk category under the EU AI Act.

A decision tree flowchart for EU AI Act high-risk classification with a top node asking if the AI system is intended for use in an Annex III category, branching to 'Not high-risk under Art. 6(2)' on the left and to a second decision node on the right asking if an Art. 6(3) exemption applies.
Decision tree for classifying AI systems under the EU AI Act's high-risk framework.

The classification process follows these steps:

  1. Is the system a prohibited practice under Article 5? If yes, it is unacceptable risk and cannot be deployed.
  2. Is the system a safety component of a product covered by Annex I harmonisation legislation (Article 6(1))? If yes, it is high-risk.
  3. Does the system fall into one of the eight Annex III categories (Article 6(2))? If no, proceed to step 5.
  4. If the system is in an Annex III category, does an Article 6(3) exemption apply? If yes, document the exemption and register the system. If no, it is high-risk.
  5. Does the system require transparency under Article 50 (chatbots, deepfakes, emotion recognition)? If yes, it is limited risk.
  6. If none of the above apply, the system is minimal risk with no mandatory obligations.

Updated Compliance Timeline After the 2026 Digital Omnibus Revisions

The Digital Omnibus on AI, adopted in 2026, revised the implementation schedule for high-risk AI systems. The key compliance deadlines are now:

Revised compliance deadlines under the Digital Omnibus on AI.
ObligationOriginal DeadlineRevised Deadline (Digital Omnibus)
Prohibited AI practices (Art. 5)February 2, 2025February 2, 2025 (unchanged)
GPAI model rules (Art. 51-55)August 2, 2025August 2, 2025 (unchanged)
High-risk Annex III systems (Art. 6(2))August 2, 2026December 2, 2027
High-risk Annex I systems (Art. 6(1))August 2, 2027August 2, 2028
Commission guidelines on high-risk classification (Art. 6(5))February 2, 2026May 19, 2026 (draft published)

For a detailed analysis of how these timeline changes affect law firms and in-house legal departments, see our EU AI Act Compliance Deadlines for Legal AI Systems: What the Digital Omnibus Delay Means for Law Firms and In-House Counsel.

  • ABA Model Rule 1.1 and AI: The Duty of Technology Competence for Attorneys

    A glossary-style definition of ABA Model Rule 1.1 Comment 8 and its application to AI, covering the rule text, its 2012 origin, the 2024 ABA Formal Opinion 512 interpretation, state adoption status, practical compliance frameworks, and escalating sanctions for unverified AI use.

  • AI Hallucination in Legal Practice: Definition, Sanctions, and Attorney Obligations

    A formal glossary entry defining AI hallucination in the legal context — fabricated case citations, distorted holdings, and false procedural information — and explaining the governing legal frameworks (Rule 11, ABA Model Rules, inherent authority), the documented sanctions spectrum, and attorney verification obligations.

  • Unauthorized Practice of Law (UPL) in the AI Era: A Legal Definition

    A source-cited glossary entry defining the unauthorized practice of law (UPL) for legal professionals, explaining how AI tools challenge traditional UPL frameworks, the regulatory gap created by AI's lack of legal personhood, and the practical implications for attorneys under Model Rule 5.3.

← Legal AI Glossary

Corrections & feedback

Submit corrections, suggest improved definitions, or note usage variations across jurisdictions or practice areas. Comments are moderated.

Comments

Join the discussion with an anonymous comment.

Loading comments...