ActCheck

EU AI Act Risk Classification Checklist

Last reviewed: 2026-06-23

Short answer: The EU AI Act uses a risk-based approach. Practical screening starts with purpose, affected users, output use, transparency, human oversight, and sensitive contexts.

Four Practical Risk Buckets

Risk bucketWhat it generally meansFirst evidence to check
Unacceptable riskUses that may be prohibited.Manipulation, exploitation, social scoring, certain biometric uses.
High-riskSensitive uses that may affect health, safety, or fundamental rights.Employment, education, essential services, law enforcement, migration, safety components.
Transparency riskUsers may need to know AI or synthetic content is involved.Chatbots, deepfakes, synthetic media, user-facing AI output.
Limited or minimal riskLower-impact uses may still need governance and privacy evidence.Internal productivity, drafting assistants, low-impact content support.

Risk Classification Questions

QuestionWhy it mattersEvidence to collect
What is the intended purpose?Risk is use-case driven.Product spec, user flow, internal policy.
Who is affected by the output?Impact on individuals changes scrutiny.User group and workflow map.
Does output influence jobs, education, credit, public services, or essential benefits?These can be high-risk signals.Decision owner, escalation path, human review.
Does the system rank, score, recommend, or decide?Output function matters.Output examples, decision criteria.
Are users told AI is involved?Transparency obligations may apply.UI copy and disclosure text.
Is sensitive data involved?Privacy and risk review may deepen.Data inventory, DPIA notes, vendor docs.

Common Evidence Gaps

What ActCheck Can Do

FAQ

Is every AI system high-risk?

No. Screening starts with intended purpose, affected users, output use, and sensitive contexts.

Can a chatbot be high-risk?

A chatbot may create transparency questions and could raise deeper review questions depending on use, users, and impact.

Should we classify risk before collecting documents?

Collect basic system facts first. Risk screening is more useful when purpose, users, outputs, and oversight are documented.

Generate a risk-classification evidence gap report

Use the existing ActCheck assessment flow from the homepage.

ActCheck provides informational self-assessment and evidence-readiness support. It does not provide legal advice, legal review, compliance certification, lawyer services, or a guarantee of compliance.

Related Pages

Official Sources