L2.7 — Risk-tier a portfolio of AI features under the EU AI Act (Lab, Optional)¶
Type: Lab · Duration: ~30 min · Status: Optional Module: Module 2 — AI Security Foundations Framework tags: EU AI Act (Annex III, GPAI provisions)
Goal of the lab¶
Take a fictional 8-product portfolio (portfolio.json in the lab repo) and classify each product under the EU AI Act risk tiers. Justify each classification by citing the article or annex that grounds it. By the end you'll have practiced the single most-asked-of-an-AI-security-engineer judgment call in 2026: "which tier is this?"
Why this matters¶
Risk-tier classification is the gating decision for almost every EU AI Act compliance activity. Wrong tier → wrong obligations → wrong roadmap → audit failure or wasted effort. The decision is rarely obvious; many real products live on the boundary between limited-risk and high-risk, and the call must be defended.
Prerequisites¶
- Lessons: L2.5.3 (EU AI Act).
- A copy of EU AI Act Annex III open in another tab is helpful but not required (we ship a summary).
What you'll build¶
runs/lab2_7/classifications.md— one entry per product with tier, justification, and any flagged uncertainty.
Steps¶
Step 1 — Open the portfolio¶
You'll see 8 product descriptions. Examples:
{
"product_id": "P-01",
"name": "Helios Health — Triage Copilot",
"description": "LLM-powered triage assistant for hospital intake nurses. Suggests likely diagnoses and recommended next steps from patient-presented symptoms.",
"region": "EU + US",
"uses_biometrics": false,
"automated_decision": "advisory only — nurse confirms"
}
Step 2 — Skim the cheat sheet¶
The cheat sheet lists each Annex III high-risk category in plain language with example use cases. Use it as a lookup, not as gospel; cite the actual Annex III text when borderline.
Step 3 — Classify each product¶
For each product, write an entry in runs/lab2_7/classifications.md:
## P-01 — Helios Health — Triage Copilot
**Tier:** High-risk
**Why:** Annex III §5(a) "AI systems intended to be used by medical devices…" — though this is a copilot not an autonomous diagnostic, the Annex III scope captures AI systems intended to be used in the medical-decision pathway. Article 14 human-oversight obligations apply (the nurse-confirms architecture supports compliance but doesn't reduce the tier).
**Uncertainty:** Could be argued limited-risk if the system is purely informational and never blocks/automates clinical action; depends on jurisdictional interpretation. Treat as high-risk in practice.
Do all 8 products.
Step 4 — Roll up¶
At the bottom of the file, tally:
## Portfolio summary
- Prohibited: 0
- High-risk: 4
- Limited-risk: 3
- Minimal-risk: 1
- GPAI obligations triggered: yes (P-06 distributes a fine-tuned base model)
Step 5 — Self-check¶
The lab's reference classifications live in solutions/lab2_7_classifications.md (instructor-only on the lab platform). After you've done your own pass, compare. Differences are valuable — they often reflect genuine interpretive ambiguity, which is itself the lesson.
What just happened (debrief)¶
You did the most-asked-of-an-AI-security-engineer thing in EU AI Act compliance: risk-tier triage. Three observations to take away.
The tier is determined by use case, not by tech. Two products that use the same LLM through the same API can land in different tiers because they're applied to different domains. P-01 (triage) is high-risk; a hypothetical product using the same LLM for, say, recipe suggestions would be minimal-risk.
Borderline cases are common; defensibility matters more than certainty. Many real products sit between limited-risk and high-risk. The procedural defense is to document the call, cite the article you relied on, and flag your uncertainty in writing. Auditors accept "we considered it carefully and reached this conclusion, here's why" much more than they accept silent decisions.
GPAI obligations cut across the portfolio. If your company distributes any general-purpose AI model — even a fine-tuned base — the GPAI obligations apply, separate from the application-tier classifications. Surface this early in your portfolio review.
This skill is exercised in the Module 9 capstone and is one of the most marketable skills the cert credentials.
Extension challenges (optional)¶
- Easy. Re-classify each product as if the EU AI Act Annex III is updated to add "autonomous coding agents in production critical infrastructure" as a high-risk category. Which of the 8 changes tier?
- Medium. Pick two of your high-risk classifications and draft a one-page "Compliance Roadmap" for each: which obligations apply, in what order would you address them, and what would the first 90 days of work look like.
- Hard. Find a real publicly-listed AI product in 2026 and write a defensible risk-tier classification for it, citing the company's public marketing, your interpretation of EU AI Act Annex III, and any disclosed compliance posture from the company. (Don't publish; this is a writing exercise.)
References¶
- EU AI Act Annex III (high-risk use cases) — via EUR-Lex
- EU AI Act portal — https://artificialintelligenceact.eu/
- AI Act Compliance Checker (community tool) — https://artificialintelligenceact.eu/assessment/
Provisioning spec (for lab platform admin)¶
Container base image: aisec/labs-base:0.1
Additional pre-installed files:
- /workspace/ai-sec-course/datasets/eu-ai-act/portfolio.json — 8 fictional product descriptions
- /workspace/ai-sec-course/datasets/eu-ai-act/annex-iii-summary.md — plain-language Annex III lookup
- /workspace/ai-sec-course/solutions/lab2_7_classifications.md — reference classifications (instructor-only)
- /workspace/ai-sec-course/runs/lab2_7/.gitkeep
Network access: outbound to artificialintelligenceact.eu, eur-lex.europa.eu (reference lookups).
Estimated resource use: trivial.
Wallclock: 25–40 min.
Notes: This is the only lab in Module 2 that does not require any executable code; it's purely a written exercise. Ensure the lab platform exposes a text editor.