Understanding the Risk Categories in the EU AI Act as Governments Zero in on Artificial Intelligence

Artificial intelligence is here in a big way. Most businesses are finding ways to implement AI programs to improve their work and make the work more efficient. But, as with any swift advance in technology, there are concerns about how businesses may create and use AI in ways that harm the public and potential employees.

Those concerns have led to calls for governments around the world to enact proactive legislation to protect the people and govern AI use in ways that foster progress while mitigating risks. The EU AI Act is one such example of legislative guidance on the development and use of artificial intelligence.

Our team is diving into these guidelines for a better understanding of the law and how it impacts our clients. One of the biggest developments of the EU AI Act is a tiered system classifying the risk of artificial intelligence. There are four main risk categories to consider: Unacceptable Risk, High Risk, Limited Risk, and Minimal Risk.

Image Source: European Commission Report on the EU AI Act

Unacceptable Risk for AI

The EU AI Act states that AI falling under the Unacceptable Risk tier is fully prohibited. This includes creating and using AI systems that:

• Creates a “social scoring system” to rank members of the public in any fashion
• Is used in manipulative or deceptive ways that unduly influence an individual’s ability to make independent decisions
• Exploits people based on their age, disability, or other protected classes
• Creates facial recognition systems or databases using the internet or CCTV footage
• Uses biometric data such as race, religion, sex, sexual orientation, or personal beliefs in a way that causes harm

Some of these categories are intentionally broad as quickly advancing technology makes it hard for governments to predict how the tech will be invented or applied.

High Risk for AI

The most broad category of any is the high-risk category, however. The Act defines high risk as any AI system that “is used as a safety component of a product, or if it is a product itself that is covered by EU legislation.” Those systems must be subject to a third-party assessment before being made available for sale or use. The burden falls on the creator of the AI system, not the user in this case (meaning the provider who creates the AI must get an assessment prior to making it available).

What’s clear about this category is that the EU isn’t interested in just creating a specific, static list. Instead, they are categorizing programs intended to be used for health and safety to ensure that systems comply with the relevant laws and don’t have unintended, harmful consequences in the health and safety space

Limited Risk for AI

Developers of AI systems that fall into the limited-risk category have fewer obligations than the above. Instead, these systems must ensure that users are aware that they are interacting with AI. This category is likely to have the biggest impact as it applies to chatbots like ChatGPT and “deepfakes” of celebrities or individuals which has become a rampant issue already in certain regions.

Individuals and entities governed by the EU must be transparent with the use of AI in order to protect users and ensure there isn’t intentional (or unintentional) confusion, a lapse in judgment based on faulty AI programs, or other similar issues.

Minimal Risk for AI

Any AI system not defined by the EU AI Act in the previous categories is considered to be minimal risk and is not regulated. This covers most AI that was previously available even before recent advancements such as spam filters, directional maps, programs that are enabled by AI when the end-user is not actually interacting with the AI, and other benign systems.

Preparing for AI Effectiveness with Regulatory Compliance

AI is a major part of our world. It actually has been for decades in ways most people don’t realize are considered “AI.” But now, these advancements are drawing the attention of governments around the world. At Ivory Law Group, we remain informed and in touch with these issues and will connect our clients to the appropriate subject matter experts when issues arise. Contact Ivory Law Group for modern general counsel services that stay in touch with evolving technologies and regulations.

*Disclaimer: The content provided in this blog is for informational purposes only and does not constitute legal advice. Reading this blog does not create an attorney-client relationship with Ivory Law Group or any of its attorneys. For legal advice, please consult with a qualified attorney directly.

The following two tabs change content below.

• Bio
• Latest Posts

Ivory Law Group

We provide fractional general counsel support for growth-stage companies, offering flexible coverage across commercial transactions, contracting, governance, capital raising, M&A, employment matters, and legal operations. Our model delivers the legal support companies need, without the cost or commitment of a full-time hire.

Latest posts by Ivory Law Group (see all)

• What’s on the Legal Checklist for Successful M&A in Growth-Stage Companies? - April 9, 2026
• How Do You Increase Contract Velocity Without Increasing Legal Risk? 6 Proven Tactics - March 5, 2026
• Legal Ops for Non-Lawyers: 6 Ways Finance & Operation Leaders Build Scalable Legal Systems for Growth - February 6, 2026