AI Risk Tiers
Artificial Intelligence regulations, particularly the EU AI Act, classify AI systems by risk tier. This approach ensures that obligations match the level of risk posed to individuals, organizations, and society. Risk-based regulation is becoming the global norm, guiding compliance frameworks and deployment decisions.
Risk Tier Framework
Risk tiers help regulators, enterprises, and developers align safeguards with potential harms. The table below shows the commonly referenced tiers and their implications.
| Risk Tier | Description | Examples | Obligations |
|---|---|---|---|
| Unacceptable Risk | AI uses that violate fundamental rights or safety | Social scoring, real-time biometric surveillance in public spaces | Prohibited outright |
| High Risk | AI systems impacting health, safety, or fundamental rights | Medical devices, hiring systems, credit scoring, autonomous vehicles | Strict requirements: risk assessments, documentation, human oversight |
| Limited Risk | AI systems requiring transparency but lower impact on rights | Chatbots, deepfake content | Transparency notices, opt-out mechanisms |
| Minimal Risk | Low-impact AI where risks are negligible | Spam filters, AI-enabled video games | No specific obligations beyond general laws |
Cross-Sector Examples
AI risk tiers affect different industries in unique ways.
| Sector | High-Risk Examples | Limited/Minimal Risk Examples |
|---|---|---|
| Healthcare | AI diagnostic tools, robotic surgery systems | Appointment scheduling bots, patient Q&A assistants |
| Mobility & Transport | Robotaxis, autonomous trucks, aviation autopilot AI | In-car voice assistants, predictive maintenance AI |
| Employment & HR | AI-driven hiring and performance evaluation systems | Employee chatbots, calendar optimization tools |
| Consumer Tech | Deepfake generators without disclosure | Spam filters, content recommendation engines |
Deployment Implications
Different risk tiers shape how AI systems are deployed across sectors. High-risk categories like robotaxis or humanoid robots must pass safety tests, audits, and compliance reviews, while minimal-risk systems such as office productivity assistants face fewer constraints.
- Unacceptable Risk - Cannot be deployed
- High Risk - Mandatory conformity assessments, logs, oversight
- Limited Risk - Transparency disclosures, user awareness
- Minimal Risk - Market entry with baseline consumer protection
Compliance Actions by Tier
Each risk tier comes with a different set of compliance actions. The stricter the risk category, the more documentation, governance, and oversight are required.
| Risk Tier | Documentation | Governance | Oversight & Monitoring |
|---|---|---|---|
| Unacceptable Risk | Not applicable (deployment banned) | Prohibited systems cannot enter market | Enforcement by regulators only |
| High Risk | Conformity assessment, risk management files, technical documentation, audit logs | Human-in-the-loop governance, compliance officers, escalation policies | Continuous monitoring, periodic audits, post-market surveillance |
| Limited Risk | Transparency statements, user notices, data handling policies | Basic accountability structures | User opt-outs, spot checks, disclosure enforcement |
| Minimal Risk | General product documentation | Standard corporate governance | Voluntary monitoring, consumer feedback |