Risk Classification Under the AI Act: The Decision That Sets Everything Else

Under the EU AI Act, almost every other decision, product design, governance, budget, follows from one: how each system is classified. Organisations that have not completed a portfolio classification are already behind on the obligations the Act has put in motion, because they cannot know what they owe until they know what they hold.

There are four tiers, and they are not points on a single scale. Prohibited systems are banned. High-risk systems carry the full set of obligations. Limited-risk systems owe transparency duties. The remainder fall outside the Act's binding requirements. The obligations differ qualitatively, which is why a rough sense of riskiness is not the same as a classification.

The gap between high-risk and limited-risk is the one that drives cost. A typical high-risk system needs six to eighteen months from initial assessment to lawful market placement, a dedicated cross-functional team, and meaningful advisory and tooling spend. A limited-risk system needs a transparency notice. Misjudging which side of that line a system sits on is the difference between a light obligation and a major programme.

Misclassification carries real exposure in both directions. Downward misclassification of a high-risk system risks fines up to 15 million euro or 3% of global turnover; placing a prohibited system on the market risks up to 35 million euro or 7%. The incentive to classify carefully, and to document the reasoning, is financial as much as legal.

The Article 6(3) exception is where over-optimism creeps in. It can take a system out of high-risk, but only in narrow circumstances, and providers must apply it conservatively, document every element of the assessment, and be ready to defend it to a market surveillance authority. Treated as a loophole, it becomes a liability.

The categories that need urgent attention are the ones the Act's drafters could see coming and existing frameworks cannot handle: agentic AI, dual-use systems, and AI features embedded in commercial software. Classification is use-case specific, so these need to be assessed deployment by deployment, and they should be prioritised before the August 2026 deadline rather than after it.

Our whitepaper, Risk Classification, sets out the four tiers, the high-risk versus limited-risk gap, the Article 6(3) exception, and the edge cases, with the analysis a decision-maker needs to classify a portfolio defensibly. The work starts with knowing what you run, and classifying it before someone else does.