Does the system do any of these prohibited things?

Article 5 bans a short list of practices outright. If any of these apply, the system is prohibited regardless of anything in the later screens. Tick every one that applies.

Social scoringEvaluates or scores people based on social behaviour or personal traits, leading to detrimental or unjustified treatment.

Untargeted facial scrapingBuilds or expands facial-recognition databases through untargeted scraping of facial images from the internet or CCTV.

Manipulative / subliminal techniquesUses subliminal, manipulative, or deceptive techniques that materially distort behaviour and cause harm.

Exploiting vulnerabilitiesExploits vulnerabilities of a person or group (age, disability, social or economic situation) to distort behaviour and cause harm.

Real-time remote biometric IDPerforms real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes (outside the narrow permitted exceptions).

Emotion inference at work / schoolInfers emotions in workplaces or educational settings (outside medical or safety purposes).

None of these apply — continue to Step 2.

Does it fall in a high-risk Annex III area?

Annex III lists the use areas treated as high-risk, plus AI that is a safety component of a regulated product. If any apply, the system is high-risk. Tick every one that applies.

Employment & worker managementRecruitment, screening, task allocation, promotion, termination, or monitoring of workers.

Education & vocational trainingAdmissions, assigning people to programmes, evaluating learning outcomes, or monitoring during tests.

Essential services & creditworthinessAccess to essential private or public services, credit scoring/creditworthiness, or risk pricing in life/health insurance.

Biometric ID / categorizationRemote biometric identification, or biometric categorization / emotion recognition (where not prohibited).

Critical infrastructureSafety management of critical digital infrastructure, road traffic, or supply of water, gas, heating, or electricity.

Law enforcementUse by or for law enforcement (risk assessment, evidence evaluation, profiling, etc.).

Migration, asylum & border controlMigration, asylum, and border-control management, including visa and application assessment.

Administration of justice & democracyAssisting judicial authorities in researching/interpreting facts and law, or influencing elections/referenda.

Safety component of a regulated productThe AI is a safety component of, or is itself, a product covered by EU harmonisation law requiring third-party conformity assessment (e.g. machinery, medical devices, toys).

None of these apply — continue to Step 3.

Does it trigger transparency obligations?

Some systems are not high-risk but carry limited-risk transparency duties — people must be told they are dealing with AI or AI-generated content. Tick every one that applies.

Interacts with people (chatbot)Interacts directly with natural persons (e.g. a chatbot or virtual assistant) such that they should be told they are dealing with an AI system.

Emotion recognition / biometric categorizationRecognises emotions or categorizes people biometrically (where not otherwise prohibited or high-risk) — subjects must be informed.

Generates or manipulates contentGenerates or manipulates image, audio, video, or text content (deepfakes, synthetic media, generated articles) that must be disclosed as AI-generated.

None of these apply — the system is likely minimal-risk.

Optional — describe the system (included in your downloaded result):

Where does your AI system land under the EU AI Act?

Does the system do any of these prohibited things?

Does it fall in a high-risk Annex III area?

Does it trigger transparency obligations?

Likely tier: —

Why this tier

What this tier expects of you

Get your AI risk classification validated by a practitioner.

A readiness read. Not legal advice.