EU AI Act Risk Classification: Step-by-Step Decision Tree

Every AI system deployed or placed on the EU market under Regulation (EU) 2024/1689 lands in one of four risk tiers. The tier determines your obligations, your deadlines, and — if you get it wrong — your fine exposure. This decision tree walks you through the six nodes in order, with the article, the one-line test, and concrete examples at each step.

Work through the nodes from top to bottom. Stop at the first node where you get a definitive outcome.

---

The Six-Node Decision Tree

Node 1 — Prohibited practice? (Article 5)

Test: Does the system fall within any of the eight banned categories listed in Article 5?

Article 5 has been in force since 2 February 2025. A system triggering it cannot be placed on the market or put into service — there is no exemption, no self-assessment escape, and no grace period.

The eight Article 5 prohibitions are:

• Subliminal techniques that distort behaviour below conscious awareness (Art 5(1)(a))
• Exploitation of vulnerabilities — children, elderly, people with disabilities — to impair rational decision-making (Art 5(1)(b))
• Social scoring by public authorities based on social behaviour or personal characteristics (Art 5(1)(c))
• Predicting the risk of an individual committing a criminal offence solely on the basis of profiling or personality traits (Art 5(1)(d))
• Untargeted scraping of facial images from the internet or CCTV to build biometric databases (Art 5(1)(e))
• Emotion recognition in the workplace or educational institutions (Art 5(1)(f))
• Biometric categorisation of natural persons to infer sensitive attributes — race, political opinions, trade-union membership, religious beliefs, sexual orientation (Art 5(1)(g))
• Real-time remote biometric identification in publicly accessible spaces by law enforcement, except for the three narrow exceptions (serious crime, missing child, imminent terrorist threat) under Art 5(1)(h)

Examples: A workplace productivity tool that reads employees' facial expressions to flag disengagement — prohibited under Art 5(1)(f). A recidivism-scoring tool that derives its prediction solely from a demographic profile — prohibited under Art 5(1)(d).

→ YES: outcome is UNACCEPTABLE RISK — STOP. The system must not be deployed. Penalty ceiling: €35,000,000 or 7% of worldwide annual turnover (Art 99(3)), whichever is higher.

→ NO: proceed to Node 2.

---

Node 2 — Safety component of an Annex I product requiring third-party conformity? (Article 6(1))

Test: Is the system a safety component of a product covered by EU harmonisation legislation listed in Annex I and does that product require third-party conformity assessment under its sectoral law?

Annex I covers products such as machinery (Machinery Regulation 2023/1230), medical devices (MDR 2017/745), in vitro diagnostic devices (IVDR 2017/746), motor vehicles (Regulation 2018/858), civil aviation products, and railway rolling stock. All three conditions must be met simultaneously: (1) safety-component function, (2) Annex I product, (3) third-party conformity assessment required.

This pathway applies mechanically — there is no self-assessment discretion and no Article 6(3) filter.

Examples: AI image-analysis software integrated into a Class IIb IVD device under IVDR; an AI-based emergency-braking decision module in a type-approved motor vehicle.

→ YES: outcome is HIGH RISK (Article 6(1)). Deadline: 2 August 2028 (per Digital Omnibus agreed May 2026; the original 2 August 2026 date has been deferred). Full obligations: Articles 9, 11, 13, 14, 15, 16–17, 43, 47–49, 72–73.

→ NO: proceed to Node 3.

---

Node 3 — Does the system fall within an Annex III area? (Article 6(2))

Test: Does the system's intended purpose place it within one of the eight Annex III high-risk categories?

The eight Annex III categories are:

1. Biometrics — remote biometric identification; biometric categorisation; emotion recognition where not prohibited by Art 5 (Annex III, point 1)
2. Critical infrastructure — safety components in digital infrastructure, road traffic, utilities supply (point 2)
3. Education and vocational training — access and admission systems, evaluation, exam-cheating detection (point 3)
4. Employment, workers management, access to self-employment — recruitment and screening, performance and promotion decisions, task allocation, monitoring (point 4)
5. Access to essential private and public services — creditworthiness / credit scoring (excluding fraud detection), health and life insurance risk and pricing, emergency dispatch, public-benefits eligibility (point 5)
6. Law enforcement — risk of offending or re-offending, polygraphs, evidence reliability, profiling (point 6)
7. Migration, asylum, border control — risk assessment, application examination, document verification (point 7)
8. Administration of justice and democratic processes — assisting judicial authorities, influencing elections or referenda (point 8)

Examples: A CV-ranking tool that filters job applicants (point 4(a)); a credit-scoring model used by a regional lender (point 5(b)); a student exam-proctoring system (point 3(b)).

→ NO: skip to Node 5 — the system cannot be high-risk under Art 6(2) but may still carry limited-risk transparency duties.

→ YES: proceed to Node 4.

---

Node 4 — Does the Article 6(3) exemption apply, and is this not a profiling system?

Test: Can the provider document that the system satisfies at least one Article 6(3) condition and does not profile natural persons?

Article 6(3) allows a provider to rebut the Annex III high-risk presumption. The exemption applies when the system satisfies at least one of the following conditions:

1. Performs a narrow procedural task — it does not make or substantially influence a substantive decision affecting a person's rights or interests
2. Improves the result of a previously completed human activity — it assists after the core human decision, not before or instead of it
3. Detects decision patterns without replacing or influencing human assessment — it surfaces information but leaves the evaluation entirely to a human
4. Does preparatory work only — analytics, drafting, or data processing that a human will independently review and act on

Satisfying any one of these conditions is sufficient, but the provider must document the reasoning and register the system in the EU database under Article 49 even where the exemption is claimed.

Hard rule: any system that profiles natural persons is automatically high-risk regardless of whether the four conditions above are met. Profiling is defined in Article 4(4) of the GDPR (applicable by cross-reference) as automated processing of personal data to evaluate personal aspects, including predicting behaviour.

Examples of systems that may qualify for the exemption: an HR-analytics dashboard that presents aggregate attrition statistics for management review (preparatory work, no individual decisions); a CV-formatting tool that standardises layout before human recruiters read applications (narrow procedural task).

Examples that do NOT qualify: any tool that ranks, scores, or filters individual candidates — even as a first pass — because it influences the human assessment of specific persons.

→ Exemption applies (at least one condition met AND not profiling): outcome is EXEMPT FROM HIGH RISK. Classify as limited risk or minimal risk (per Node 5/6 below). Provider must still document the Article 6(3) assessment and register the system under Article 49.

→ Exemption does not apply (one or more conditions not met, OR system profiles individuals): outcome is HIGH RISK (Article 6(2)). Deadline: 2 December 2027 for stand-alone systems (per Digital Omnibus); full obligations as per Node 2 above.

---

Node 5 — Article 50 transparency trigger? (chatbot, synthetic media, emotion recognition output, deepfake)

Test: Does the system fall within any of the four Article 50 categories requiring disclosure to users?

Article 50 applies independently of the Article 6 pathway — it catches systems that are not high-risk but still create a transparency risk. The four triggers are:

1. Chatbots and conversational AI — systems designed to interact with natural persons must disclose that the person is interacting with an AI, unless it is obvious (Art 50(1))
2. Emotion recognition systems — where not already prohibited under Art 5, systems that detect or infer emotions must inform the natural person (Art 50(3))
3. Deep fake / synthetic-media generation — systems generating synthetic audio, image, video, or text content that could falsely appear real must label the output as artificially generated or manipulated (Art 50(4))
4. AI-generated text on matters of public interest — general-purpose AI providers publishing text to inform the public on public-interest topics must mark it as AI-generated (Art 50(4))

Deadline for Article 50 compliance: 2 August 2026 (the general application date; this was not deferred by the Digital Omnibus).

Examples: A customer-service chatbot that appears human — must identify itself as AI. A marketing tool that generates deepfake product videos — must label outputs. An emotion-detection kiosk in a retail environment (where Art 5 does not apply) — must notify users.

→ YES: outcome is LIMITED RISK. Obligation: disclosure and labelling duties under Article 50. Penalty ceiling if breached: €15,000,000 or 3% of worldwide annual turnover (Art 99(4)).

→ NO: proceed to Node 6.

---

Node 6 — Minimal risk

Test: Has the system cleared Nodes 1 through 5 without triggering any outcome?

If yes, the system is MINIMAL RISK under the EU AI Act. No mandatory obligations apply beyond general product safety and sector-specific law (GDPR, consumer protection, etc.). Voluntary adherence to codes of practice is encouraged but not required.

Examples: A spam filter; a content recommendation algorithm on an entertainment platform; an automated translation tool; a photo-editing application.

---

Summary table: tiers, obligations, deadlines, penalties

Note on SME / start-up proportionality: for SMEs and start-ups, penalties under Article 99(6) are capped at the lower of the percentage or the fixed amount — a meaningful protection when turnover is modest.

---

Walking through the tree: three worked examples

Example A — Recruitment screening SaaS. A 30-person HR-tech company builds a tool that ranks job applicants by predicted fit. Node 1: no Art 5 prohibition. Node 2: not a product safety component. Node 3: Annex III point 4(a) — employment access, yes. Node 4: the tool ranks and filters individuals, so it profiles them — Art 6(3) exemption unavailable. Outcome: High Risk (Art 6(2)), deadline 2 December 2027.

Example B — Internal reporting chatbot. A finance company deploys a conversational assistant that employees use to query internal policy documents. Node 1: no. Node 2: no. Node 3: no Annex III category applies. Node 5: it is a chatbot — Art 50(1) disclosure duty applies. Outcome: Limited Risk, deadline 2 August 2026. Must disclose AI identity at session start.

Example C — Document formatting tool. A legal firm uses an AI tool to auto-format court filings before a lawyer reviews and files them. Node 1: no. Node 2: no. Node 3: arguably a preparatory task in administration of justice (Annex III point 8), but Node 4: it performs only formatting — narrow procedural task, improves a completed human activity, does no substantive evaluation or profiling. Outcome: Exempt under Art 6(3), classify as minimal risk. Provider must document the exemption assessment and register under Art 49.

---

What determines high-risk: two traps to avoid

Trap 1 — "We only assist, we don't decide." The Article 6(3) exemption is narrower than it reads. A system that filters, ranks, or scores individuals influences the human decision even if the human retains formal authority. Regulators will look at the actual workflow, not the label you put on it.

Trap 2 — Relying on the Art 5 / Art 6 boundary without checking Art 50. A system that is not high-risk can still carry disclosure duties under Article 50. The two questions — "how risky is this system?" and "does this system interact directly with users in a way that requires transparency?" — are independent. A minimal-risk chatbot is still subject to Art 50(1).

---

How Confir helps

Confir's classification engine runs this exact six-node tree for every AI system you register. You answer plain-English intake questions; the engine applies the Article 5 and Article 6 logic, checks the Art 6(3) conditions, flags Art 50 triggers, and returns a tier with the rule that fired. Because the logic is deterministic and rule-based — same intake, same output every time — the classification is reproducible and audit-defensible. The result feeds directly into your Article 11 technical documentation pack and your Article 49 registration entry.

---

Frequently asked questions

Who runs the Article 6 classification — provider or deployer? The provider carries primary responsibility: Article 6 and the technical documentation obligation (Article 11) sit with the entity that places the system on the market or puts it into service under its own name. Deployers must assess whether their specific use case changes the classification — Article 25 makes a deployer a provider if it substantially modifies the system or puts its name on it.

If my system qualifies for the Art 6(3) exemption, do I still have to register it? Yes. Article 49 requires providers claiming the Art 6(3) exemption to register the system in the EU database before deployment. The registration entry records that the exemption was claimed and the basis for it.

What does "profiling" mean in the Art 6(3) context? The Act cross-references the GDPR definition: automated processing of personal data to evaluate, analyse, or predict aspects of a natural person — including job performance, economic situation, health, personal preferences, or behaviour. Any tool that generates an individual-level score or ranking involves profiling and falls outside the Art 6(3) exemption.

Can a single AI system be both high-risk and subject to Art 50? Yes. A biometric identification system used at borders is high-risk under Art 6(1) and may also trigger Art 50(1) if it interacts conversationally with travellers. The tiers are not mutually exclusive — classify under Art 6 first, then layer Art 50 separately.

What is the penalty for deploying a prohibited system? Up to €35,000,000 or 7% of worldwide annual turnover (Art 99(3)), whichever is higher. For SMEs and start-ups the fine is the lower of the two amounts (Art 99(6)). Prohibition under Article 5 has applied since 2 February 2025.

How often should I re-run the classification? Re-run it whenever the system's intended purpose, training data, deployment context, or user population changes materially. At minimum, review as part of your Article 72 post-market monitoring cycle. Document each review in your technical file.

---

Related guides

• Articles 6-11 risk levels guide
• Article 6 high-risk classification
• Article 6 healthcare AI requirements
• risk assessment methodology framework
• 2026 implementation roadmap
• provider obligations checklist