EU AI Act Risk Classes Explained Simply: The 4 Tiers With Examples

The EU AI Act risk classes assign every AI system to one of four tiers: unacceptable risk (prohibited), high risk, limited risk with transparency obligations and minimal risk. The decisive factor is not the technology but the specific intended purpose. This classification determines which obligations apply and how high the fine risk is.

Important to note upfront: the AI Regulation (Regulation (EU) 2024/1689) does not recognise any separate legal term for AI agents or agentic AI. An AI agent is always classified as an ordinary AI system under Art. 3(1), based on its intended purpose. This is precisely why a close look at the four risk classes is worthwhile.

• Four classes, one standard: The classification follows the use case, not the model. The same chatbot can be minimal or high risk depending on the task.
• Most B2B applications are non-critical: Marketing agents, internal knowledge assistants and customer service bots almost always end up in the lower two tiers.
• High risk arises from the purpose: HR screening, credit scoring or insurance pricing pull an AI system into the high-risk area. Within such an Annex III case, the profiling of natural persons always remains high risk.

The four risk classes at a glance

The EU AI Act builds what is known as a risk pyramid. The higher the potential risk to health, safety or fundamental rights, the stricter the obligations. The following table summarises the risk classes, typical examples and the key obligations.

Important: the tiers are not mutually exclusive. A single agent can simultaneously fall under Art. 5, Art. 50 and, via its underlying model, under the GPAI rules.

Tier 1: Unacceptable risk (prohibited, Art. 5)

Eight practices are completely prohibited across the EU. They have already been in force since 2 February 2025 and carry the highest fine framework. Particularly relevant for marketing and HR:

• Manipulative or deceptive techniques causing significant harm, for example persuasion-optimised marketing agents that exploit cognitive biases below the level of conscious perception (Art. 5(1)(a)).
• Exploitation of vulnerabilities due to age, disability or socio-economic situation, for example agents that target older customers with disadvantageous financial products (point (b)).
• Social scoring by public or private actors with detrimental treatment in unrelated contexts (point (c)).
• Emotion recognition in the workplace and in educational institutions. An HR analytics agent that infers the mood, concentration or stress of employees from video, audio or biometrics is prohibited in the work context (point (f)). The exceptions for medical and safety purposes are narrow.

The Digital Omnibus (political agreement of 7 May 2026) has added a ninth prohibition: AI systems that generate non-consensual intimate content or AI-generated abuse material must be withdrawn from the market by 2 December 2026.

Tier 2: High-risk AI system (Art. 6, Annexes III and I)

There are two routes into the high-risk area. Annex I covers AI as a safety component of regulated products (such as machinery, medical devices). Annex III lists eight standalone categories, of which the following are particularly relevant for B2B:

• Employment and personnel management (point 4): recruitment, CV screening, performance evaluation, promotion, termination, task allocation.
• Essential private and public services (point 5): creditworthiness assessment and credit scoring (except fraud detection), risk assessment and pricing in life and health insurance.
• Critical infrastructure (point 2): AI as a safety component in the operation of electricity, water, gas or transport.

An important exception is governed by Art. 6(3): even an Annex III use case is not high risk if the system only performs a narrowly defined procedural task, improves the result of a completed human activity, detects deviations without replacing the human assessment, or performs a preparatory task. However: the profiling of natural persons always remains high risk and is excluded from this exception (Art. 6(3) second subparagraph). Anyone relying on the exception must document the justification and register in the EU database (Art. 6(4), Art. 49(2)).

High-risk systems require, among other things, a risk management system (Art. 9), data governance (Art. 10), technical documentation (Art. 11 with Annex IV), record-keeping (Art. 12), human oversight (Art. 14) as well as accuracy, robustness and cybersecurity (Art. 15). Deployers are additionally subject to the obligations under Art. 26, including the obligation, often underestimated in the DACH region, to inform employees and workers' representatives before deployment (Art. 26(7)).

Tier 3: Limited risk and transparency obligations (Art. 50)

This is where most marketing and customer dialogue applications end up. Only transparency obligations apply, no substantial high-risk requirements:

• Art. 50(1): AI systems that interact directly with humans must be designed so that users recognise that they are talking to an AI, unless this is obvious from the context. This obligation falls on the provider. Take care when re-branding a white-label chatbot: in that case you become the provider yourself and bear the obligation.
• Art. 50(2): Providers of AI that generates synthetic audio, image, video or text content must mark the outputs as artificially generated in a machine-readable format.
• Art. 50(4): Deployers must disclose deepfakes. For AI-generated texts on matters of public interest, the obligation does not apply if a human has assumed editorial responsibility.

The obligations apply from 2 August 2026; according to the Digital Omnibus, the technical deadline for labelling and watermarking ends on 2 December 2026.

Tier 4: Minimal risk

Everything else, for example spam filters, internal RAG agents over non-sensitive documents or code copilots for internal use. No substantial obligations apart from AI literacy under Art. 4 and voluntary codes of conduct (Art. 95).

Where do typical AI agents fall?

Practice shows: the same technical stack can fall into completely different classes depending on the task. Examples from the research:

• Marketing copywriting agent (internal): minimal, plus labelling under Art. 50(2).
• Customer service chatbot in retail: limited risk (Art. 50(1)).
• Internal knowledge management agent: minimal.
• CV screening agent: high risk (Annex III point 4).
• Credit decision agent: high risk (Annex III point 5(b)).
• Fraud detection agent for payment cards: minimal/limited, thanks to an explicit exception. If the same model is reused for credit scoring, the classification tips over.
• Employee mood recognition in the workplace: prohibited (Art. 5(1)(f)).

A common misconception: "We only use Microsoft 365 Copilot, so we are not affected." Wrong. Anyone who uses Copilot to prepare an employment-related decision moves into Annex III point 4. The deployer is the responsible operator under Art. 26.

A concrete example with figures

An Austrian industrial SME deploys a CV screening agent that pre-sorts around 3,000 applications per year. This constitutes a clear high-risk case under Annex III point 4(a), because the system influences employment decisions and profiles individuals.

Consequences: the agent requires human oversight (recruiters review every ranking) and the workforce must be informed before deployment (Art. 26(7)). The works council must be involved under Section 91 ArbVG (Austrian Labour Constitution Act), which can extend the rollout in practice by 3 to 6 months. A mandatory fundamental rights impact assessment (FRIA under Art. 27), on the other hand, does not apply to a private-sector company in a pure HR screening case: the FRIA is only mandatory for private deployers in the case of creditworthiness (Annex III point 5(b)) and life/health insurance pricing (point 5(c)), as well as for public bodies and providers of public services. A voluntary fundamental rights review nevertheless remains good practice.

The financial risk is considerable. The fine tiers under Art. 99 are graduated:

For SMEs and start-ups, under Art. 99(6), the lower of the two amounts applies in each case; the Digital Omnibus extends this protection to small mid-cap companies.

Temporal caveat: Digital Omnibus

As of 2026, subject to change: the political agreement on the Digital Omnibus of 7 May 2026 postpones the high-risk obligations under Annex III to 2 December 2027 and under Annex I to 2 August 2028, provided that formal adoption takes place before 2 August 2026. Until then, the original 2 August 2026 remains the legally binding default date. The prohibitions (Art. 5, since 2 February 2025), AI literacy (Art. 4), the GPAI rules (since 2 August 2025) and the fine framework remain in force unchanged. A pause in governance is therefore not an option.

For agencies and B2B

For agencies: risk classification belongs at the beginning of every AI project, not at the end. Anyone building chatbots or marketing agents for clients should factor in the transparency obligation under Art. 50 from the outset and, when re-branding third-party systems, check their own provider role. For B2B decision-makers: create an inventory of your AI applications, assign each to a risk class and pay particular attention to the jump from minimal to high risk, which often arises unnoticed through a new data source or a new intended purpose. Blck Alpaca supports you with classification and with building robust compliance documentation.

Note: This article is for general information purposes and does not replace legal advice. For a binding assessment of your specific case, please consult qualified legal counsel.