AI Recommendation Engines and the EU AI Act
Most AI recommendation engines are minimal-risk under the EU AI Act — no conformity assessment required. Learn when Annex III or Article 5 changes that.
Most AI recommendation engines — product carousels, content feeds, "you may also like" widgets — are minimal-risk under Regulation (EU) 2024/1689. They do not appear in Annex III, carry no mandatory obligations under the EU AI Act, and face no conformity assessment or registration requirement. That is the answer for the vast majority of recommenders. The caveats that change it are specific and worth knowing precisely.
Is an AI recommendation engine high-risk under the EU AI Act?
The EU AI Act assigns risk tiers by what a system does in its specific context of use, not by what technique it employs. A recommendation engine — whether collaborative filtering, content-based ranking, or a hybrid neural model — is classified by purpose and deployment, not by architecture.
The high-risk tier is defined by Article 6 read together with Annex III. Article 6(1) covers AI systems embedded in products that are already regulated under specific EU product legislation listed in Annex I (medical devices, machinery, vehicles and similar). Article 6(2) covers stand-alone AI systems listed explicitly in Annex III. Neither route catches a typical product recommender or content-feed system. Annex III sets out eight areas — biometrics, critical infrastructure, education, employment and worker management, access to essential private and public services, law enforcement, migration and asylum, and administration of justice. A back-end system that ranks products for a retail customer, or selects articles for a news reader, does not fall within any of those eight headings.
The Article 6(3) filter adds a further layer: even a system that falls within an Annex III area is not high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights — for instance, because it performs a narrow preparatory task or improves the output of a previously completed human activity without replacing or influencing a human assessment. However, any system that profiles natural persons is always high-risk regardless of the Article 6(3) filter. For most standard recommenders, the Annex III check ends at the first step: they are simply not listed.
The default classification for anything outside Annex III and outside Article 5's prohibitions is minimal risk — the fourth and most populated tier. Minimal-risk systems carry no mandatory obligations under the Act. Voluntary codes of practice are encouraged but not required.
When a recommender can be high-risk or prohibited
Two routes can convert a recommender into a higher-risk category, and both turn on context of use rather than on whether the underlying system uses collaborative filtering or a transformer model.
Annex III contexts. A recommender deployed to rank or select job candidates falls within Annex III Area 4: employment, workers management, and access to self-employment. Under Article 6(2), that makes it high-risk. The same logic applies to a system that screens or evaluates applicants for access to essential private or public services under Area 5 — for example, a system that ranks individuals for public benefit eligibility, or that influences access to health or life insurance pricing and risk assessment. In those contexts the full high-risk obligation stack applies: a risk management system under Article 9, data and data governance requirements under Article 10, technical documentation under Article 11 and Annex IV, record-keeping under Article 12, transparency obligations to deployers under Article 13, human oversight under Article 14, accuracy and robustness standards under Article 15, conformity assessment under Article 43 before market placement, registration in the EU database under Article 49, and post-market monitoring under Article 72. The Article 11 technical documentation alone takes months to assemble; the obligation deadline for stand-alone Annex III systems is 2 December 2027 under the Digital Omnibus agreed in May 2026 (the original 2 August 2026 date has been deferred).
Article 5 prohibitions. Certain practices are outright banned regardless of risk tier, and they have applied since 2 February 2025. A recommender that uses subliminal techniques beyond a person's consciousness to materially distort their behaviour in a way that causes or is likely to cause harm is prohibited under Article 5(1)(a). A recommender that exploits a specific group's vulnerability — owing to age, disability, or socioeconomic circumstances — in a way that causes or is likely to cause harm is prohibited under Article 5(1)(b). The line between aggressive personalisation and prohibited manipulation is not always obvious in advance, but the statutory test is specific: it is the combination of a technique that bypasses rational agency, and harm, or a real likelihood of harm. A product recommender that surfaces relevant items from a catalogue sits nowhere near that line. A system designed to exploit a known vulnerability — say, pushing high-interest credit products to users who have previously disclosed financial distress — may well cross it. Violations of Article 5 carry the highest fine tier under Article 99(3): up to €35,000,000 or 7% of total worldwide annual turnover, whichever is higher.
The DSA overlap (a different law)
Very large online platforms (VLOPs) and very large online search engines (VLOSEs) designated under the Digital Services Act face mandatory transparency obligations for their recommender systems under DSA Articles 27 and 38. Those include publishing clear information about the main parameters that determine ranking, offering users the option to receive recommendations not based on profiling, and conducting annual risk assessments related to recommender systems.
That is not the EU AI Act. The DSA and the EU AI Act are separate regulations with distinct legal bases, enforcement chains, and compliance timelines. It is a common conflation — partly because both regulations use the word "recommendation" — but merging them leads to incorrect compliance planning. A VLOP subject to DSA recommender obligations may simultaneously have a minimal-risk recommender under the EU AI Act. Complying with the DSA's transparency and profiling-opt-out requirements does not satisfy (and is not required by) the EU AI Act, and vice versa. Keep the two analyses separate and document them in separate workstreams.
What obligations actually apply
For a stand-alone product or content recommender that does not fall into an Annex III area and does not deploy Article 5 prohibited techniques, the honest answer is: no mandatory obligations under the EU AI Act.
That is not the same as saying there is nothing to do. Two items apply to all AI systems, regardless of tier.
Article 4 requires organisations that deploy AI systems to ensure their staff have sufficient AI literacy — an appropriate level of competence to understand the systems they operate. Article 4 has been in force since 2 February 2025 and is not confined to high-risk systems. For a team managing a recommender, that means people interacting with the system should understand, at a minimum, what it optimises for, how outputs are generated, and what its limitations are.
Article 5's prohibition screen applies to every AI system. Even if classification ends at minimal risk, a provider or deployer should be able to confirm — and document — that the system does not employ subliminal or manipulative techniques that cause harm, and does not exploit specific vulnerabilities. That is a quick screen, not a deep audit, for a standard recommender; but it should be recorded.
Beyond those two items, no conformity assessment, technical documentation, registration, or risk management system is required for minimal-risk recommenders. The European Commission and AI Office encourage voluntary adherence to codes of conduct, and some companies will choose to adopt the high-risk framework voluntarily as a quality and trust signal — but that is a business decision, not a legal requirement.
What to do
Classify by use. The first step is stating what the system actually does in its deployed context: what it optimises for, who it surfaces outputs to, and in what decision environment. A recommender that ranks products for retail customers is minimal-risk. The same underlying model retooled to rank job applicants for a hiring manager is high-risk under Annex III Area 4.
Document the Annex III check. Run through each of the eight Annex III areas explicitly and record that none applies. If one does apply, then apply the Article 6(3) filter and record that reasoning too. The documentation does not need to be elaborate for a clear minimal-risk system, but it should exist. Regulators auditing deployers will ask what classification analysis was done; "we assumed it was fine" is not a defensible answer.
Run the Article 5 screen. Confirm that the system does not use subliminal techniques causing harm under Article 5(1)(a), and does not exploit specific group vulnerabilities under Article 5(1)(b). Record the outcome.
Satisfy Article 4 literacy. Ensure the team managing or using the recommender understands what it does and what it does not do. This is already live and applies regardless of risk tier.
Keep the DSA question separate. If your organisation is or may be a VLOP or VLOSE, address recommender transparency under the DSA in a separate compliance workstream. Do not mix DSA obligations and EU AI Act obligations into a single compliance record.
How Confir helps
Classifying a recommender takes about fifteen minutes in Confir. The tool walks through the Annex III check and the Article 6(3) reasoning via plain-English scenarios, and produces a documented risk-tier finding. If the system is minimal-risk, that finding — with the reasoning behind it — is recorded in your AI register and available for audit. If a future use-case change shifts the deployment context into Annex III territory, rerunning the classification surfaces the change and triggers the appropriate obligation stack.
Confir's classification engine is rule-based and deterministic — the same intake produces the same finding every time, the rule that fired is human-readable, and there is no inference or generation involved. For a compliance product, that is not a limitation; it is the point. Pricing starts at €600 per year. Details at confir.eu.
Frequently Asked Questions
Is a product recommendation engine subject to the EU AI Act?
Yes — all AI systems placed on the EU market or put into service in the EU fall within the Act's scope. But for a typical product recommender (retail, content, "you may also like"), classification under Articles 5 and 6 results in minimal risk: it is not in Annex III, the Article 5 prohibitions do not apply to standard recommendation logic, and no mandatory obligations arise beyond Article 4 AI literacy and documenting the classification itself.
What makes a recommender system high-risk under the EU AI Act?
Context of use is the determining factor. A recommender used to rank or screen job candidates falls within Annex III Area 4 (employment and worker management) and is high-risk under Article 6(2). A system that influences access to essential services such as public benefits eligibility or health insurance risk pricing falls within Annex III Area 5. Outside those specific Annex III contexts, a recommender is minimal-risk by default.
Can a recommendation engine be prohibited rather than just high-risk?
Yes, if it employs the techniques banned by Article 5, which has been in force since 2 February 2025. A recommender that uses subliminal methods beyond a person's consciousness to distort behaviour in harmful ways is prohibited under Article 5(1)(a). One that exploits a specific group's known vulnerability — age, disability, financial distress — to cause or risk causing harm is prohibited under Article 5(1)(b). Standard personalisation that serves relevant content does not engage either prohibition; the test is the combination of a technique that bypasses rational agency and actual or likely harm.
Do DSA recommender-transparency obligations and EU AI Act obligations overlap?
They involve some of the same systems but they are different rules under different regulations. The Digital Services Act imposes recommender-transparency and profiling-opt-out requirements on very large online platforms and search engines. The EU AI Act classifies AI systems by risk tier and attaches obligations at the high-risk level. A VLOP's recommender can be simultaneously DSA-regulated and minimal-risk under the EU AI Act. Maintain separate compliance records for each.
Does Article 50 of the EU AI Act apply to recommendation engines?
Generally not. Article 50 — which applies from 2 August 2026 — covers systems that interact directly with natural persons in real time (chatbots and other AI interactions that could be mistaken for human communication), systems that generate synthetic audio, image, video, or text content, and systems using emotion recognition or biometric categorisation. A back-end recommender that produces a ranked list of items without generating synthetic content or passing as a human does not trigger Article 50. If a recommender is paired with a conversational interface that could be mistaken for a human response, the interaction layer may attract Article 50(1) disclosure duties — but that is the interface, not the recommender itself.
When do high-risk obligations apply for recommenders classified as high-risk?
Under the Digital Omnibus, agreed between the European Parliament and Council in May 2026 and expected to be formally adopted before 2 August 2026, the application date for stand-alone high-risk AI systems listed in Annex III is 2 December 2027. High-risk AI systems that are safety components of products covered by EU product safety legislation (Annex I) apply from 2 August 2028. A recruitment recommender classified as Annex III Area 4 high-risk must be compliant by 2 December 2027.
Related guides
- EU AI Act risk classification: all four tiers explained
- Minimal-risk AI systems: what the EU AI Act requires
- Article 5 prohibited AI practices: what is banned and since when
- Annex III: the complete list of high-risk AI use cases
- Article 6: how high-risk AI classification works
- Is my AI system high-risk? A step-by-step guide
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →