AI act Risk and Compliance Assessment for AI Systems
AI systems posing an unacceptable risk—such as those involving subliminal manipulation, exploitation of vulnerabilities, social scoring, harmful biometric surveillance, or violations of fundamental rights—are strictly prohibited; The EU AI Act strictly prohibits specific applications of artificial intelligence (AI). These include systems that manipulate decision-making or exploit vulnerabilities, those that assess or classify individuals based on social behavior or personal traits, and systems predicting a person's likelihood of committing a crime. It also bans the use of AI for scraping facial images from the internet or CCTV, inferring emotions in workplaces or educational settings, and categorizing individuals based on biometric data. Limited exceptions exist for law enforcement, such as locating missing persons or preventing terrorism. Evaluate your AI system to ensure compliance with the EU AI Act for other risk categories.
Consistency with AIGP Classification Logic
The following five screening questions align with internationally recognized risk-based AI governance frameworks, including the AI Governance Principles (AIGP) and the EU AI Act. Each question reflects a core risk factor:
Critical infrastructure involvement maps to the AI system’s intended purpose and potential systemic impact.
Potential to harm individuals directly corresponds to the severity of outcomes from failure or misuse.
Use of sensitive data raises privacy, bias, and fairness concerns, consistent with impact analysis under AIGP.
Legal consequences imply high-stakes decision-making, engaging concerns over fundamental rights and due process.
Lack of human oversight indicates higher system autonomy and reduced accountability, key indicators of elevated risk.
This structure offers a practical, user-friendly approach to identifying high-risk AI systems while remaining conceptually aligned with regulatory frameworks and ethical AI principles.
Disclaimer and Need for Comprehensive Risk Assessment
Disclaimer: This preliminary checklist is for informational and awareness purposes only. It does not constitute a formal risk classification under the EU AI Act or any other regulatory framework.
To formally categorize your AI system’s risk level (e.g., minimal, limited, high, or unacceptable), a more in-depth assessment is required. This should include:
A detailed analysis of the system’s intended use and deployment context
Evaluation of impacts on fundamental rights and safety
Assessment of data quality, bias, and representativeness
Review of the system’s level of autonomy and transparency
Documentation of human oversight mechanisms and accountability structures
For high-risk AI systems, conformity assessments, post-market monitoring plans, and technical documentation are legally required under the EU AI Act.
