Key facts

  • Four tiers: unacceptable, high-risk, limited-risk, minimal-risk.
  • Unacceptable-risk practices (e.g. social scoring) have been banned since 2 February 2025.
  • High-risk systems carry the strictest obligations — risk management, documentation, human oversight, conformity assessment.
  • Limited-risk systems mainly face transparency duties under Article 50, live from 2 August 2026.
  • Minimal-risk systems (most everyday business AI) have no specific EU AI Act obligations.

What are the four EU AI Act risk tiers?

The Act classifies AI by the risk it poses to health, safety or fundamental rights, not by the technology itself. The same type of model can fall into different tiers depending on how it is used.

Unacceptable risk

Practices banned outright: social scoring by public authorities, untargeted scraping of facial images to build recognition databases, emotion recognition in workplaces and schools (with narrow exceptions), and certain manipulative or exploitative AI systems. These bans have applied since 2 February 2025.

High-risk

Covers AI used in areas like recruitment, credit scoring, education, critical infrastructure, and certain medical or safety-critical products (see high-risk AI systems). Obligations include a documented risk-management system, data governance, technical documentation, logging, human oversight and a conformity assessment before use. These obligations are provisionally deferred to 2 December 2027 (Annex III) and 2 August 2028 (Annex I) under the Digital Omnibus, pending Official Journal confirmation.

Limited risk

AI that interacts directly with people, or generates or manipulates content, mainly faces transparency duties under Article 50: telling people they are dealing with AI, and labelling AI-generated or manipulated content such as deepfakes. These duties apply from 2 August 2026.

Minimal risk

The large majority of everyday business AI — spam filters, inventory forecasting, most internal productivity tools — falls here, with no EU AI Act-specific obligations, though good governance is still worthwhile. Start by building an AI inventory and classifying each system against these tiers.

Frequently asked questions

What are the EU AI Act risk categories?

Four tiers: unacceptable (banned), high-risk (strict obligations), limited risk (transparency), and minimal risk (no obligations).

Does the EU AI Act ban any AI?

Yes — for example social scoring, untargeted facial-recognition scraping, manipulative or exploitative systems, and certain biometric categorisation.

What is a high-risk AI system?

An AI system the EU AI Act designates as posing significant risk to health, safety or fundamental rights, carrying strict obligations.

What is Article 50 of the EU AI Act?

Transparency obligations: telling people they're interacting with AI, and labelling AI-generated or manipulated content, such as deepfakes.

How do I know if my AI is high-risk?

Map its use against the Annex III and Annex I criteria and any exemptions, and document the conclusion either way.

Related pages

Sources

Last updated 19 June 2026.