A high-risk AI system is not identified by marketing language alone. Companies need to inspect the use case, the operational setting, the affected people, and whether the system supports sensitive or regulated decisions.
Operational information, not legal advice.
Risk classification model
System purpose
Clarify the system purpose, operational context and decision surface.
Affected people
Identify who may be influenced, ranked, assessed, prioritized or excluded.
Sensitive decision
Check whether outputs support access, employment, education, health, finance or safety decisions.
Control gap
Locate missing oversight, validation, documentation, monitoring or escalation controls.
Direct answer
A system is not high-risk simply because it uses AI. High-risk analysis looks at what the system does, who is affected, how decisions are supported, and whether the system operates in a sensitive area such as employment, education, healthcare, finance, safety or access to essential services.
For the next layer, compare provider vs deployer roles, review high-risk AI system signals, or start with an EU AI Act risk assessment.
Decision criteria
First inspection
This page provides operational information for AI governance readiness. It is not legal advice.
Related guides
A practical guide to assessing EU AI Act risk before committing budget to implementation.
Clarify the difference between provider and deployer roles under EU AI Act readiness work.
Build a practical implementation path after scope, role and risk have been diagnosed.
Run a diagnostic-first EU AI Act assessment for role, risk, documentation and implementation exposure.
Official sources
Official European Commission overview of the EU AI Act and its risk-based regulatory framework.
Official publication of Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence.
External references are included for source orientation. This page remains operational information and is not legal advice.