AI Risk Classes Simply Explained

The risk-based approach is the heart of the EU AI Act. The idea: not every AI system poses the same dangers. A spam filter is less risky than an AI system that decides on credit approval. By categorizing into risk classes, requirements are proportional to the risk – companies with harmless AI applications are not unnecessarily burdened, while critical systems are strictly controlled.

These AI systems are completely prohibited. They include: • Social scoring systems by authorities • AI that subliminally manipulates human behavior • Systems that deliberately exploit people's vulnerabilities • Real-time biometric remote identification in public spaces (with exceptions) Companies using such systems must discontinue them immediately. There is no transition period.

High-risk AI systems are subject to the strictest requirements. Examples: • Personnel selection and HR decisions • Creditworthiness assessments and lending • Education and exam evaluation • Medical diagnostics • Law enforcement and justice Obligations: Technical documentation, risk management, conformity assessment, human oversight, quality management system.

Limited risk mainly concerns transparency obligations (Art. 50): • Chatbots must be identified as AI • AI-generated content (text, image, video, audio) must be marked as such • Deepfakes must be disclosed Minimal risk covers the majority of all AI applications (e.g., spam filters, recommendation systems). Only voluntary codes of conduct apply here.