Shadow AI: Governance, Classification, and EU AI Act Obligations
Shadow AI triggers Art 4 literacy failures, Art 5 prohibitions, and high-risk deployer duties. Build an AI inventory before the 2027 obligations arrive.
Shadow AI refers to AI tools and systems used by employees or teams without the knowledge, approval, or oversight of the organisation's IT, legal, or compliance function. The name mirrors "shadow IT" — the longstanding problem of unsanctioned software adoption — but the compliance stakes are higher. An employee using an unapproved spreadsheet macro is an IT governance problem. An employee pasting customer data into a public AI chatbot, or using an AI scoring tool to pre-filter job applicants without anyone in the company knowing, is potentially a data protection breach, a high-risk AI deployment without the required oversight controls, and an Article 4 AI literacy failure all at once.
"Shadow AI" is not a term from Regulation (EU) 2024/1689. The Act does not use the phrase. But the regulatory obligations it creates — AI literacy, classification, inventory, oversight, and in some cases the full high-risk compliance stack — apply regardless of whether the organisation sanctioned the tool or was even aware of it. That gap is the problem shadow AI creates.
Why the EU AI Act Makes Shadow AI a Legal Exposure
Three articles are most directly implicated.
Article 4 — AI literacy. Providers and deployers must take measures to ensure that their staff, and other persons dealing with the operation and use of AI systems on their behalf, have a sufficient level of AI literacy. Article 4 has applied since 2 February 2025. An organisation where employees routinely use AI tools that the organisation has not catalogued, assessed, or trained staff on is failing the Article 4 requirement from the date it became law.
AI literacy is not a training certificate. It means staff understand the capabilities and limitations of the AI tools they use, the risks involved, and when to escalate. That requires the organisation to know which tools its people are using. Shadow AI by definition means the organisation does not know. The literacy obligation cannot be discharged for tools the organisation has not identified.
Article 6 / Annex III — High-risk classification. A high-risk AI system is high-risk regardless of whether the deployer formally approved its use. If an employee uses an AI tool to filter CVs for a hiring process (Annex III, point 4(a)), that tool is operating as a high-risk AI system under the Act — even if the HR director has never heard of it. The deployer organisation inherits the Article 26 obligations: follow instructions for use, ensure human oversight, maintain logs for at least six months (Art 26(6)), and (for certain categories including credit and insurance tools under Annex III points 5(b) and 5(c)) run a Fundamental Rights Impact Assessment under Article 27.
None of those obligations can be met for a system the organisation does not know exists.
Article 5 — Prohibited practices. Some AI uses are banned outright. Emotion recognition systems in the workplace (Art 5(1)(f)) have been prohibited since 2 February 2025. If employees are using a tool — perhaps a video-call add-on that claims to read engagement levels — that falls within this prohibition, the organisation is in breach even if the tool was never formally adopted. The fine ceiling for Article 5 violations is €35,000,000 or 7% of total worldwide annual turnover under Article 99(3) — the highest tier. Ignorance of what employees are running is not a defence.
Building an AI Inventory: The First Control
The practical foundation of shadow AI governance is an AI inventory — a register of every AI system the organisation builds, procures, or uses. Confir calls this the AI register. The EU AI Act does not mandate a formal inventory as a named requirement, but the combination of Article 4 (literacy), Article 26 (deployer obligations for known tools), and Article 9 (risk management, for provider-side deployments) makes one functionally necessary.
An effective AI inventory captures:
- Tool name, vendor, and access method. Who provides it, how it is accessed (direct account, API, browser plugin, integrated into another product).
- Use case and user population. What the tool does in this organisation, which teams use it, and whether it touches decisions about natural persons.
- Risk classification. Is this prohibited (Art 5), high-risk (Art 6 / Annex III), limited-risk (Art 50), or minimal-risk? For tools that might be high-risk, has the Art 6(3) exemption been assessed?
- Data flows. What data is processed by the tool, and is personal data leaving the organisation's environment? This feeds GDPR obligations alongside the AI Act.
- Approval status. Is the tool sanctioned, under review, or flagged for removal?
Discovery is the hard part. Employees do not advertise unsanctioned tool use. Shadow AI inventories are typically built through a combination of: a voluntary self-disclosure amnesty period; IT log analysis (browser extensions installed, API keys registered, SaaS subscriptions on expense claims); procurement data (software purchases on company cards); and periodic team-level interviews.
Classification Before Sanction or Removal
Once a shadow AI tool is identified, the first compliance question is its risk classification — not whether to keep it.
Many shadow AI tools are minimal-risk. An employee using a general-purpose AI assistant to draft internal memos, or to summarise meeting notes, is using a minimal-risk tool. The Article 4 literacy obligation still applies — the employee should understand the tool's limitations — but there is no mandatory compliance stack beyond that. A proportionate governance response is to add the tool to the inventory, establish usage guidelines, and ensure staff have been briefed on appropriate use.
Some shadow AI tools are limited-risk under Article 50. A customer-facing chatbot that an employee has connected to the company's support channel without IT approval is a limited-risk deployment. Disclosure to customers that they are interacting with an AI is mandatory from 2 August 2026. The governance response includes formal approval or removal, and ensuring the disclosure obligation is met before that date.
A small proportion of shadow AI tools will turn out to be high-risk — typically where they are being used for Annex III purposes such as candidate screening, creditworthiness scoring, or performance monitoring. For those tools, the organisation must either:
- Implement the Article 26 deployer obligations (instructions for use, oversight, logging) and get confirmation from the provider that the system meets the high-risk requirements of Articles 9–15; or
- Stop using the tool until compliance is established.
And a smaller number will be prohibited. Those must stop immediately.
Article 4 Literacy as an Ongoing Programme
Shadow AI thrives where employees have no framework for what AI use is acceptable and where the boundary lies. Article 4's literacy requirement gives compliance teams a statutory hook for the training and policy work that closes this gap.
A practical Article 4 programme for shadow AI governance:
Acceptable use policy. Define which AI tools are approved for which use cases, what data may be processed, and what employees must do before using a new AI tool (typically: declare it, wait for classification, receive guidance). This is not a legal document — it is an operational instruction.
Classification guidance for non-technical staff. Employees are more likely to self-declare a new tool if the process is simple and the classification framework is explained in plain terms. A one-page decision tree — "Does this tool make decisions about individuals? Does it score, rank, or filter people?" — is more actionable than a statutory text.
Periodic disclosure round. A regular cycle (quarterly for fast-moving teams, twice-yearly for stable functions) where team leads confirm their AI tool list. This does not require an elaborate survey; a simple email with a five-field form is sufficient.
An accessible declaration path. Shadow AI remains in the shadows partly because employees fear consequences for using unapproved tools. An amnesty-first approach — declare now, no penalties, we will work out together whether this is fine — surfaces more tools than a punitive one.
Data Protection Intersection
Shadow AI governance and GDPR compliance overlap significantly, and a finding in one often reveals an issue in the other.
Many AI tools process personal data. A tool that reads emails to draft responses is processing the personal data of the email senders. A tool that transcribes meetings captures personal data of all participants. If those tools are outside the organisation's GDPR data-processing record (GDPR Article 30 — records of processing activities), the organisation has a dual gap: an unsanctioned AI tool and an undisclosed processing activity.
Data subject access requests and data breach investigations are common discovery mechanisms for shadow AI. An employee's personal data processed by an unknown tool surfaces in a subject access request; a breach at a SaaS vendor reveals that an employee was routing company data through an unregistered account. These events often arrive before the compliance team has completed its inventory.
The practical fix is to include AI tools in the scope of data protection impact assessments (GDPR Article 35 — DPIA) where personal data is involved, and to ensure the GDPR Article 30 records are updated whenever a new AI tool is added to the inventory. The AI Act's Article 4 literacy requirement and the GDPR's Article 35 DPIA requirement are complementary controls, not competing ones.
Governance Maturity: From Detection to Prevention
Shadow AI governance matures through three stages.
Stage 1 — Detection. The organisation discovers, through an audit, incident, or employee disclosure, that AI tools are in use that are not in any register. The response is an inventory exercise and risk triage.
Stage 2 — Control. The organisation has an inventory, a classification process, and an acceptable use policy. New tool adoption is declared and reviewed before use. High-risk tools are either brought into compliance or removed. Article 4 training has been completed for all relevant staff.
Stage 3 — Prevention. The organisation's procurement and onboarding processes include AI tool screening as a standard step. Vendors are assessed for AI Act compliance before their tools are deployed. The inventory is reviewed automatically as new subscriptions appear in procurement systems.
Most organisations in mid-2026 are at Stage 1 or early Stage 2. The Article 4 obligation that has applied since February 2025 creates urgency for progression to Stage 2 before market surveillance authorities begin enforcement activity in earnest.
Frequently Asked Questions
Is "shadow AI" a legal term under the EU AI Act?
No. The Act does not use the phrase. "Shadow AI" is a governance term for unsanctioned AI use — adopted from the older "shadow IT" concept. The compliance obligations relevant to shadow AI are Article 4 (AI literacy), Article 6 / Annex III (high-risk classification for tools that turn out to be high-risk), Article 5 (prohibited uses, which apply regardless of sanction), and the deployer obligations of Article 26.
If an employee uses an unapproved AI tool, does the organisation bear the compliance risk?
Yes. The Act imposes obligations on organisations as deployers, not on individual employees. If an employee uses an AI tool in a professional context — for work purposes, on company data — the organisation is the deployer under Article 26. The fact that it was unsanctioned does not shift liability to the employee.
What does Article 4 require organisations to do about shadow AI?
Article 4 (in force since 2 February 2025) requires providers and deployers to ensure that staff dealing with AI systems have sufficient AI literacy — understanding of capabilities, limitations, and risks. An organisation whose employees are using AI tools it has not identified cannot fulfil this obligation for those tools. The practical implication is that organisations need an AI inventory as a prerequisite to meeting the literacy requirement.
Does shadow AI create GDPR exposure as well as EU AI Act exposure?
Frequently, yes. AI tools that process personal data without being recorded in the Article 30 GDPR records of processing, or without a lawful basis, create GDPR gaps alongside the AI Act classification and literacy gaps. Discovery of shadow AI through a subject access request or data breach is not uncommon.
What is the penalty for using a prohibited AI tool that employees adopted without approval?
The Article 5 prohibited practices carry the highest penalty tier: up to €35,000,000 or 7% of total worldwide annual turnover under Article 99(3), whichever is higher. The prohibition applies from 2 February 2025. For SMEs and start-ups, Article 99(6) caps the fine at the lower of the percentage or the fixed amount, but the prohibition itself is absolute.
When should an organisation conduct its AI inventory?
The Article 4 literacy obligation has applied since 2 February 2025. Organisations that have not yet built an AI inventory are already exposed. The December 2027 high-risk deadline (for stand-alone Annex III systems under the Digital Omnibus) creates additional urgency: discovering in late 2027 that a high-risk system has been running unsanctioned since 2025 produces a compliance backlog that is difficult to correct quickly.
Related guides
- EU AI Act Article 4: AI Literacy Requirements
- EU AI Act Article 26: Deployer Obligations
- EU AI Act Article 6: High-Risk Classification
- How to build an AI inventory
- GDPR and EU AI Act: where they overlap
- EU AI Act compliance checklist for deployers
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →