Skip to content

L2.5.3 — EU AI Act: risk tiers and obligations

Type: Theory · Duration: ~5 min · Status: Mandatory Module: Module 2 — AI Security Foundations Framework tags: EU AI Act (Regulation (EU) 2024/1689)

Learning objectives

  1. Recall the four EU AI Act risk tiers and one example system in each.
  2. Identify the three high-impact obligations on high-risk and GPAI systems that an engineer must support.

Core content

The EU AI Act — Regulation (EU) 2024/1689 — entered into force August 1, 2024, with phased applicability through 2026–2027. It is the first comprehensive AI regulation in a major jurisdiction. Compliance is mandatory for AI systems placed on the EU market or whose output is used in the EU, regardless of where the provider is based.

The four risk tiers

┌──────────────────────────────┐
│ PROHIBITED                   │  ← outright banned
│ e.g., social scoring,        │
│ real-time biometric ID in    │
│ public spaces (with carve-   │
│ outs), emotion recognition   │
│ at work or school            │
└──────────────────────────────┘
┌──────────────────────────────┐
│ HIGH-RISK                    │  ← permitted, heavy obligations
│ e.g., AI in critical infra,  │
│ employment/HR decisions,     │
│ credit scoring, law          │
│ enforcement, medical devices │
└──────────────────────────────┘
┌──────────────────────────────┐
│ LIMITED-RISK                 │  ← transparency obligations only
│ e.g., chatbots, deepfakes,   │
│ emotion-recognition systems  │
│ in non-prohibited contexts   │
└──────────────────────────────┘
┌──────────────────────────────┐
│ MINIMAL-RISK                 │  ← no specific obligations
│ e.g., spam filters, AI in    │
│ video games                  │
└──────────────────────────────┘

PLUS: GPAI (General-Purpose AI) — separate obligation regime
       for foundation-model providers, layered on top.

Most LLM-powered enterprise products land in limited-risk (transparency obligations: tell users they're talking to an AI; label AI-generated content), but the moment the product is used in an in-scope high-risk domain (HR, credit, healthcare), it's high-risk regardless of the underlying tech.

Three engineering-relevant obligations for high-risk systems

Article 15 — Accuracy, robustness, and cybersecurity. "High-risk AI systems shall be designed and developed in such a way that they achieve an appropriate level of accuracy, robustness, and cybersecurity, and perform consistently in those respects throughout their lifecycle." Engineering implications: documented eval results, adversarial robustness testing, security-incident response.

Article 12 — Record-keeping. High-risk systems must automatically log events relevant to "the identification of situations that may result in the AI system presenting a risk." Engineering implications: prompt/response logging, retention, integrity (tamper-evident).

Article 14 — Human oversight. High-risk systems must be designed to be effectively overseen by natural persons during the period in which the AI system is in use. Engineering implications: human-in-the-loop patterns for consequential decisions, the ability for a human to "monitor, intervene, override" — designed for, not bolted on.

GPAI obligations

If you build or distribute a general-purpose AI model (the foundation model itself, not a specific application), you have a separate obligation set: model documentation, copyright compliance for training data, summary of training data publicly available, EU AI Office cooperation, and — for "systemic risk" GPAI — additional evaluation and incident reporting obligations.

Most application teams aren't GPAI providers, but the obligations flow down via contract. Read your vendor's terms; they should expose AI Act-relevant documentation to you.

Timelines

Phased: - 6 months after entry into force (Feb 2025): prohibited-tier bans applicable. - 12 months (Aug 2025): GPAI obligations applicable. - 24 months (Aug 2026): most other provisions applicable, including high-risk obligations. - 36 months (Aug 2027): high-risk obligations on AI systems that are safety components of products already regulated under specified Union harmonisation legislation.

If you're shipping in 2026, treat the regulation as substantively in effect for everything except specific harmonised-legislation cases.

Real-world example

A European fintech using an LLM to make credit decisions: that's high-risk (creditworthiness assessment is a listed high-risk use case in Annex III). The engineering checklist becomes: Article 15 (documented eval results for accuracy and robustness, security incident plan), Article 12 (full prompt/response logging with tamper-evidence), Article 14 (human review on every credit decision, with documented override path), Article 9 (a documented risk management system covering the lifecycle), and several documentation requirements. Real timelines for these have driven engineering re-architecture work across EU financial services in 2025.

Key terms

  • Risk tier — the EU AI Act's four-level classification (prohibited / high-risk / limited / minimal).
  • GPAI — General-Purpose AI model; separate obligation regime.
  • Notified body — third-party that performs conformity assessments for certain high-risk systems.

References

  • EU AI Act (Regulation (EU) 2024/1689) — full text via EUR-Lex
  • AI Act portal — https://artificialintelligenceact.eu/
  • AI Act Annex III — list of high-risk use cases

Quiz items

  1. Q: Name the four EU AI Act risk tiers. A: Prohibited, High-risk, Limited-risk, Minimal-risk.
  2. Q: Which EU AI Act article is the cybersecurity-and-robustness one most AI security findings cite? A: Article 15.
  3. Q: Your application uses an LLM to assess loan creditworthiness for EU customers. Risk tier? A: High-risk (creditworthiness assessment is in Annex III's high-risk list).

Video script (~640 words, ~4.5 min)

[SLIDE 1 — Title]

EU AI Act. Risk tiers and obligations. Five minutes. By the end you'll know the four tiers, the engineering-relevant obligations, and where your product lands.

[SLIDE 2 — What it is]

EU AI Act — Regulation EU 2024 slash 1689 — entered into force August 1, 2024. Phased applicability through 2026 and 2027. First comprehensive AI regulation in a major jurisdiction. Compliance is mandatory for AI systems placed on the EU market or whose output is used in the EU, regardless of where the provider is based. If you ship to EU customers, this applies to you. Don't read it as "Europe's problem"; it's now everyone's problem because the EU market is large enough that few products opt out.

[SLIDE 3 — The four risk tiers]

Four risk tiers. Prohibited: outright banned. Examples: social scoring, real-time biometric identification in public spaces with carve-outs, emotion recognition at work or school. High-risk: permitted, heavy obligations. Examples: AI in critical infra, employment and HR decisions, credit scoring, law enforcement, medical devices. Limited-risk: transparency obligations only. Examples: chatbots, deepfakes, emotion recognition in non-prohibited contexts. Minimal-risk: no specific obligations. Spam filters, AI in video games. Plus a separate GPAI regime for foundation-model providers.

[SLIDE 4 — Where most enterprise LLM products land]

Most LLM-powered enterprise products land in limited-risk: tell users they're talking to an AI, label AI-generated content. But the moment your product is used in an in-scope high-risk domain — HR, credit, healthcare — it's high-risk regardless of the underlying tech. Don't try to argue your way out of the tier based on the tech; the tier is determined by the use case.

[SLIDE 5 — Three engineering-relevant obligations]

Three engineering-relevant obligations for high-risk systems. Article 15: accuracy, robustness, and cybersecurity. The article that grounds most AI security findings — documented eval results, adversarial robustness testing, security incident response. Article 12: record-keeping. High-risk systems must automatically log events relevant to identifying risk situations. Prompt and response logging, retention, tamper-evident integrity. Article 14: human oversight. High-risk systems must be designed for effective oversight by natural persons. Human-in-the-loop for consequential decisions, designed for, not bolted on.

[SLIDE 6 — GPAI obligations]

GPAI obligations. If you build or distribute a general-purpose AI model — the foundation model itself, not a specific application — separate obligation set: model documentation, copyright compliance for training data, summary of training data publicly available, EU AI Office cooperation, and for "systemic risk" GPAI, additional evaluation and incident reporting. Most application teams aren't GPAI providers, but the obligations flow down via contract. Read your vendor's terms; they should expose AI Act-relevant documentation to you.

[SLIDE 7 — Timelines]

Timelines. Phased. Six months after entry into force — February 2025 — prohibited-tier bans applicable. Twelve months — August 2025 — GPAI obligations applicable. Twenty-four months — August 2026 — most other provisions including high-risk obligations. Thirty-six months — August 2027 — for AI systems that are safety components of products already regulated under specified Union harmonisation legislation. If you're shipping in 2026, treat the regulation as substantively in effect.

[SLIDE 8 — Worked example]

One worked example. European fintech using an LLM to make credit decisions: high-risk because creditworthiness assessment is in Annex III. Engineering checklist: Article 15 documented eval results plus security incident plan. Article 12 full prompt and response logging with tamper-evidence. Article 14 human review on every credit decision with documented override path. Article 9 documented risk management system. Plus documentation requirements. Real timelines for these have driven engineering re-architecture work across EU financial services through 2025.

[SLIDE 9 — Up next]

All theory is done. Lab next. You'll build a complete threat model of the Module 1 RAG app — DFD, STRIDE-MA table, ATLAS technique mapping, NIST RMF citations. About 60 minutes. See you there.

Slide outline

  1. Title — "EU AI Act: risk tiers and obligations".
  2. What it is — regulation header + key facts (date, jurisdiction, extraterritorial scope).
  3. Four risk tiers — pyramid: Prohibited (top, smallest) → High-risk → Limited → Minimal. Plus GPAI off to the side.
  4. Where most enterprise LLM products land — limited-risk callout + warning: "use case determines tier, not tech."
  5. Three engineering-relevant obligations — Article 15, 12, 14 as three cards.
  6. GPAI obligations — GPAI box from slide 3 expanded with sub-obligations.
  7. Timelines — horizontal calendar from 2024 → 2027 with phase markers.
  8. Worked example — European fintech architecture diagram with Article tags on components.
  9. Up next — "L2.6 — Lab: Threat-model the Module 1 RAG app, ~60 min."

Production notes

  • Recording: ~4.5 min. Cap 5.
  • Slide 3 (the tier pyramid) is the visual most learners will save and reuse — make it clean.
  • Date references need to be checked against the actual EU AI Act timeline at recording time.