What are the four risk tiers under the EU AI Act?

The EU AI Act establishes four risk tiers: Unacceptable Risk (banned practices), High Risk (strict compliance requirements), Limited Risk (transparency obligations), and Minimal Risk (no specific obligations).

How do I know if an AI system is High Risk?

High-risk AI systems are listed in Annex III of the EU AI Act. They include systems used in employment, credit scoring, education, law enforcement, critical infrastructure, and other sensitive areas that significantly affect people's rights.

What happens if I classify an AI system incorrectly?

Misclassification can lead to either unnecessary compliance costs (over-classification) or regulatory violations and potential fines (under-classification). Accurate classification is the foundation of EU AI Act compliance.

AI Risk Classification

Classify AI systems into the correct EU AI Act risk tier.

What Is AI Risk Classification?

Learn the EU AI Act's four-tier risk classification system and practice classifying real-world AI use cases. Determine which systems are banned, which require strict compliance, and which can operate freely.

What You'll Learn in AI Risk Classification

Identify the four risk tiers defined by the EU AI Act
Classify AI systems into the correct risk tier based on their function and impact
Recognize prohibited AI practices under Article 5
Understand Annex III high-risk categories including employment and creditworthiness
Distinguish between Limited Risk transparency obligations and High Risk compliance requirements

AI Risk Classification — Training Steps

The Four Risk Tiers

The EU AI Act classifies every AI system into one of four risk tiers, and the classification determines everything that follows: Unacceptable Risk (Banned) - AI practices that are prohibited outright. These systems cannot be deployed in the EU under any circumstances. High Risk - AI systems in sensitive areas like employment, credit scoring, and law enforcement. Permitted, but subject to strict compliance obligations. Limited Risk - AI systems that interact with people. The main obligation is transparency - users must know they are dealing with AI. Minimal Risk - The vast majority of AI systems. No specific obligations under the Act.
Email from the CCO

An email arrives from the Chief Compliance Officer with an urgent classification assignment.
Open the Assessment Portal

Alice clicks the link in the email to open the Velox GRC Portal where the six AI systems are waiting for classification.
Review the Risk Tier Reference

The portal landing page summarizes the four risk tiers Alice will use to classify each AI system. Each tier carries different compliance obligations - getting the classification right determines what work follows.
Start the Assessment

To begin classifying, Alice needs to sign in to the GRC portal with her Velox credentials.
Sign In to the GRC Portal

Alice signs in with her corporate credentials. After authentication, the portal will load the six AI systems queued for classification.
Case 1: Email Spam Filter

The first AI system to classify is an email spam filter. It uses machine learning to detect and filter spam based on content patterns and sender reputation.
Case 2: Resume Screening Tool

The next system scores and ranks job applicants' resumes, automatically filtering out candidates before a human ever reviews them.
Case 3: Employee Productivity Scorer

This system monitors keystrokes, mouse movements, and break frequency to produce a 0-100 productivity score for each employee. Scores are shared with department heads quarterly and influence performance reviews.
Why the Productivity Scorer Is Banned

The Employee Productivity Scorer is one of those systems that sounds like a reasonable management tool but crosses a legal line under the EU AI Act.

What Is AI Risk Classification?

What You'll Learn in AI Risk Classification

AI Risk Classification — Training Steps

The Four Risk Tiers

Email from the CCO

Open the Assessment Portal

Review the Risk Tier Reference

Start the Assessment

Sign In to the GRC Portal

Case 1: Email Spam Filter

Case 2: Resume Screening Tool

Case 3: Employee Productivity Scorer

Why the Productivity Scorer Is Banned