Unacceptable Risk

For example, AI systems that allow “social scoring” by governments or companies are considered a clear threat to people's fundamental rights and are therefore banned.

High Risk

High-risk AI systems such as AI-based medical software or AI systems used for recruitment must comply with strict requirements, including risk-mitigation systems, high-quality data sets, clear user information, human oversight, etc.

Limited Risk

Systems like chatbots must clearly inform users that they are interacting with a machine, while certain AI-generated content must be labelled as such.

Minimal Risk

Most AI systems such as spam filters and AI-enabled video games face no obligation under the AI Act, but companies can voluntarily adopt additional codes of conduct.

Submit Complaint

Comformity Assesment

Conformity Assessment

The EU AI Act sets specific procedures to ensure that high-risk AI systems comply with legal, ethical, and technical standards before they reach the European market. The conformity assessment (CA) process verifies whether an AI system meets all requirements, depending on its nature, use, and level of oversight needed.

Routes

1

Route 1: AI systems covered by existing EU sectoral legislation (Annex I)

This route applies when the AI system is part of a product already regulated under specific EU sectoral legislation, such as medical devices under the Medical Devices Regulation (MDR). In this case, the conformity assessment is carried out by the Notified Body designated under that sector’s legislation.

2

Route 2: Systems with harmonized standards and opt-out option

Providers may follow this route when the relevant EU legislation allows an opt-out from Notified Body involvement and the AI system fully complies with all applicable harmonized standards. This procedure is a self-assessment process performed internally by the provider.

3

Route 3: Systems listed in points 2–8 of Annex III

This route covers AI systems referred to in Annex III, points 2 to 8, for example, AI used in education, employment, or law enforcement (Annex III, point 1). If harmonized standards are applied correctly, only self-assessment is required; no external evaluation is needed.

4

Route 4: Systems without harmonized standards or critical uses

This route applies to cases where no harmonized standards exist or when the AI system performs critical functions, such as biometric identification (Annex III, point 1). In these situations, the conformity assessment must be conducted by a Notified Body.

Market Entry and Monitoring

Once conformity is achieved and the system is registered in the EU database, it can be placed on the market. From there:

Deployers, distributors, and importers ensure proper use and compliance in practice.

The Market Surveillance Authorities (MSA) monitors systems post-market to verify continuous compliance, react to incidents, and manage updates or significant changes.

If a system undergoes major modifications, it must re-enter the conformity assessment cycle.