Skip to content
Confir.
Free trial
Risk Classification

Minimal-Risk AI Under the EU AI Act: What It Means and What You Still Owe

Guide23 May 2026· 11 min read· 2,195 words

Minimal-risk AI carries no mandatory EU AI Act system obligations — but Article 4 AI literacy still applies. Learn what qualifies and what to document.

Most AI in commercial use is minimal-risk. Spam filters, product recommenders, inventory forecasting tools, document drafting assistants, customer-support chatbots — none of these fall inside the prohibited tier (Article 5) or the high-risk list (Article 6 + Annex III), and most do not trigger the limited-risk transparency duties of Article 50 either. The EU AI Act leaves them largely unregulated by design: the legislature chose not to mandate conformity assessments, technical documentation, or risk management systems for systems that pose low or no harm to health, safety, or fundamental rights.

That is genuinely good news for most companies deploying AI today. But "no mandatory obligations for the system" is not the same as "no obligations at all." Two caveats apply regardless of risk tier, and misclassification into minimal risk when a system actually belongs in Annex III is a compliance failure with real exposure.

What "minimal risk" actually means in the Act

Regulation (EU) 2024/1689 does not use the phrase "minimal risk" as a defined legal term. The four-tier framework — unacceptable risk, high risk, limited/transparency risk, minimal risk — is the shorthand the compliance community uses to describe the Act's structure, and the Commission used it in explanatory materials. The Act itself creates obligations for three groups of systems and says nothing further about the rest:

  • Article 5 — certain practices are prohibited entirely (unacceptable risk). Banned since 2 February 2025.
  • Article 6 + Annex III — systems in eight use-case categories are high-risk and carry the full obligation stack.
  • Article 50 — specific system types (chatbots, deepfake generators, emotion-recognition systems, AI-generated content labelling) owe transparency duties regardless of their Annex III status.

Everything not caught by Articles 5, 6, or 50 sits in the residual tier. No conformity assessment. No Annex IV technical documentation. No Article 9 risk management system. No Article 11 technical file. No Article 14 human oversight obligations. No Article 43 conformity procedure. No CE marking. No Article 49 registration in the EU database.

The minimal-risk tier is not a lower-grade compliance programme — it is an absence of system-level obligations under the AI Act.

The two caveats that still apply

Article 4 AI literacy — in force since 2 February 2025

Article 4 requires providers and deployers of AI systems — any AI systems, regardless of risk tier — to take measures to ensure that their staff and anyone operating AI on their behalf has sufficient AI literacy. The obligation is proportionate to the role, the technical context, and the degree of automation involved. It does not mandate a specific training curriculum, but it does require you to have thought about competence, to have put something in place, and to be able to show it.

For a company deploying minimal-risk AI, Article 4 is the primary live obligation. Ignoring it entirely is a compliance gap, even if the system itself owes nothing further under the Act.

Other law still applies

Classifying a system as minimal-risk under the AI Act does not sanitise it for every other purpose. A product recommender that processes purchase history and browsing data is subject to GDPR. A workplace productivity tool that monitors keystrokes or communications must satisfy whatever national employment and data-protection law requires. A financial services firm running churn-prediction models may have sector-specific obligations under MiFID II or the EBA guidelines. The AI Act does not displace these frameworks — it layers on top of them.

The practical implication: minimal-risk classification narrows your EU AI Act exposure but does not conclude your legal analysis. Run the full regulatory map for your jurisdiction and sector.

Why misclassification is the real risk

The biggest compliance error for systems that look minimal-risk is assuming they are without checking. The Annex III list is broader than it appears at first read, and the Article 6(3) filter — which allows a provider to document why an Annex III system does not in fact pose significant risk — runs in one direction only: it removes a system from high-risk, it does not create a lower tier.

The eight Annex III categories cover: biometrics (remote identification, categorisation, emotion recognition where permitted); critical infrastructure safety components; education and vocational training (admission decisions, ongoing evaluation, exam-monitoring); employment and worker management (recruitment screening, promotion, termination, task allocation, monitoring); access to essential private and public services (creditworthiness assessment, health and life insurance risk pricing, emergency services dispatch, public-benefits eligibility); law enforcement (offending risk assessment, evidence reliability, profiling); migration, asylum and border control; and administration of justice and democratic processes.

A few examples of systems that look routine but need checking:

  • A tool that scores employee performance to inform promotion or termination decisions sits in Annex III point 4(b).
  • A credit-risk or affordability model used by a lender, insurer, or mortgage broker is Annex III point 5(b) — fraud detection is carved out, pure credit scoring is not.
  • An interview analysis tool that ranks candidates or filters CVs is Annex III point 4(a).
  • A benefits eligibility engine used by a public body processing welfare or social housing applications is Annex III point 5(d).

None of these are exotic edge cases. They are common commercial deployments that land squarely in high-risk territory.

The Article 6(3) filter does offer a genuine off-ramp: if your system performs a narrow procedural task, improves the result of a completed human activity without influencing the outcome, detects decision patterns without replacing human assessment, or carries out preparatory work, you may document that it does not pose significant risk and treat it as outside high-risk — even if it falls within an Annex III category. But any system that profiles natural persons is high-risk regardless, and providers using the exemption must document the assessment and register the system under Article 49. The filter is a reasoned defence, not a presumption.

What minimal-risk systems in practice look like

These systems consistently fall outside Articles 5, 6, and 50, and represent the large majority of commercial AI deployment:

Spam and phishing filters. Email and messaging platforms running machine-learning classifiers on message content. They do not determine access to services, assess creditworthiness, or make employment decisions. They apply to content routing, not to the rights or opportunities of natural persons.

Product recommendation engines. A fashion or electronics retailer using collaborative filtering to surface relevant products. The decision (whether to buy) remains entirely with the user. No Annex III category applies.

Demand forecasting and inventory optimisation. Time-series models predicting stock requirements for a manufacturer or logistics operator. Outputs are internal operational inputs; no external-facing decision on any person's rights or opportunities.

Document drafting and summarisation tools. Productivity software that generates draft contracts, meeting summaries, or customer communications. These assist a human who reviews and approves; they do not determine any outcome for an individual.

Predictive maintenance. Models flagging equipment for inspection in manufacturing or utilities. Safety components of regulated products are a different question (Annex I route, Article 6(1)); a maintenance scheduling tool sitting above that layer is not.

Content moderation assistants. A tool that flags posts for human review — not automatically removes them — does not itself determine a rights outcome. The human decision remains.

What these share: their outputs inform or assist a human decision, or they operate purely on the provider's own internal operations, without determining access, eligibility, employment, or safety for natural persons.

Voluntary codes of conduct — Article 95

The Act actively encourages providers and deployers of minimal-risk AI to adopt voluntary codes of conduct (Article 95). These are industry-developed frameworks — covering risk management, transparency, human oversight, and accountability practices — that apply the spirit of the Act to systems that do not legally require it. The European AI Office is supporting the development of such codes.

Voluntary adherence signals maturity to customers, regulators, and auditors. For companies operating in sectors where high-risk systems and minimal-risk systems coexist in the same product portfolio, a single governance framework applied across all AI — rather than a two-speed approach — is operationally simpler and defensibly consistent.

How Confir helps

The most practical thing Confir does for a minimal-risk system is confirm the classification and record the reasoning. Confir's intake runs your system through Articles 5 and 6 and the Annex III checklist using a deterministic, rule-based engine — the same intake produces the same finding every time, with the rule that fired stated in plain language. If the system is minimal-risk, you get a documented classification record: what was assessed, what was checked, and why it did not meet any high-risk or prohibited criteria.

That record matters for two reasons. First, it demonstrates due diligence if a regulator or customer ever asks. Second, if your system's intended purpose changes — a productivity tool repurposed for performance scoring, a recommendation engine extended into financial services — the classification logic is already documented and the delta is immediately visible.

Confir also tracks your Article 4 AI literacy obligation, which applies regardless of risk tier.

Frequently asked questions

Does the EU AI Act impose any obligations at all on minimal-risk AI systems?

Not on the system itself. No conformity assessment, no technical documentation under Annex IV, no risk management system under Article 9, no CE marking, no registration under Article 49. The one obligation that applies regardless of risk tier is Article 4 AI literacy: providers and deployers must ensure staff have sufficient AI literacy, proportionate to the context. Other law — GDPR, sector regulation — applies independently of the AI Act classification.

My AI tool does not appear in Annex III. Can I just assume it is minimal-risk?

Not without checking Article 5 (prohibited practices) and Article 50 (limited-risk transparency). A chatbot that passes a human-likeness test owes transparency disclosure under Article 50 even if it is not high-risk. A system that uses subliminal techniques to manipulate behaviour is prohibited under Article 5(1)(a) regardless of how it is marketed. Check all three before concluding minimal-risk.

What is the Article 6(3) filter and does it help me?

Article 6(3) lets a provider document that a system falling in an Annex III category does not in fact pose significant risk of harm — because it performs a narrow procedural task, improves a completed human activity, detects patterns without replacing human assessment, or does preparatory work. If the assessment holds, the system is not high-risk. But profiling natural persons is always high-risk; the filter does not apply. Providers using the exemption must document the assessment and still register the system under Article 49.

What penalties can apply to minimal-risk systems?

If a system is correctly classified as minimal-risk, the AI Act imposes no system-level obligations to breach. The exposure is indirect: misclassifying a high-risk system as minimal-risk, or breaching Article 50 transparency duties on a limited-risk system. Breaches of most obligations under the Act carry a maximum fine of €15,000,000 or 3% of total worldwide annual turnover, whichever is higher (Article 99(4)). For companies (not just start-ups), Article 99(6) caps SME/start-up fines at the lower of the percentage or the fixed amount.

Does Article 50 apply to all chatbots and AI-generated content?

Article 50 applies from 2 August 2026. It covers: chatbots and AI systems that interact with humans in a way designed to resemble human interaction (transparency disclosure required); deepfakes and synthetic audio-visual content (labelling required); emotion-recognition and biometric-categorisation systems (disclosure to persons subjected to them); and AI-generated text on matters of public interest published by providers. A basic customer-service chatbot that identifies itself as a bot and does not pretend to be human may still need to assess its Article 50 obligations carefully.

Can a system shift from minimal-risk to high-risk?

Yes. Article 3(23) defines "substantial modification" as a change that affects the system's compliance or performance in ways that were not anticipated in the original conformity assessment. If a minimal-risk system's intended purpose is substantially modified — for example, a productivity tool is extended to score employee performance and inform termination decisions — the new version must be reclassified. The provider of the modified system becomes responsible for the new classification and any resulting high-risk obligations.

What does AI literacy under Article 4 actually require?

Article 4 is deliberately open-ended. It requires providers and deployers to take measures to ensure staff and anyone deploying AI on their behalf has AI literacy commensurate with their role, the complexity of the systems involved, and the risks and opportunities presented. In practice, this means identifying which staff interact with AI systems, assessing whether their current knowledge is adequate, and putting proportionate measures in place — which might range from a short internal briefing for low-stakes deployments to structured training programmes for staff managing systems closer to the high-risk boundary. There is no prescribed format, but the obligation is live since 2 February 2025.

Related guides

Manage your EU AI Act compliance in one place

Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.

Start free trial →

Related guides

Complete Guide

EU AI Act Risk Classification: The 4 Tiers Explained (2026)

EU AI Act risk tiers explained: Art 5 bans, Annex III high-risk (deadline 2 Dec 2027), Art 50 transparency, minimal-risk. Art 6(3) exemption filter covered.

Guide

AI Chatbot Risk Classification Under the EU AI Act

Classify your chatbot under the EU AI Act: limited-risk (Article 50, Aug 2026), high-risk (Annex III), or prohibited (Article 5). Penalties included.

Template

EU AI Act Risk Classification: Step-by-Step Decision Tree

Six-node decision tree to classify any AI system under EU AI Act Article 6. Prohibited, high-risk, limited, or minimal — with deadlines and penalties.