Under the EU AI Act, classification is the first and most consequential step. The same model can be unregulated in one use and high-risk in another — risk attaches to the use case, not the algorithm. This guide gives you a practical decision path. For the broader context, deadlines and penalties, start with the EU AI Act for Belgian businesses.
TL;DR — the four questions
- Is the use a prohibited practice (Art. 5)? → Stop. It cannot be deployed.
- Is it listed in Annex III or a safety component of a regulated product? → Likely high-risk.
- Does it interact with people or generate content? → Limited risk (transparency duties).
- None of the above? → Minimal risk — no mandatory obligations.
Step 1 — Is it a prohibited practice? (Art. 5)
A short list of AI uses is simply banned in the EU because they are considered a clear threat to fundamental rights. These prohibitions have applied since 2 February 2025. They include:
- Subliminal, manipulative or deceptive techniques that materially distort behaviour and cause harm.
- Exploiting vulnerabilities of age, disability or socio-economic situation.
- Social scoring of people leading to unjustified or disproportionate detrimental treatment.
- Predicting criminal behaviour purely from profiling or personality traits.
- Untargeted scraping of facial images to build facial-recognition databases.
- Emotion inference in the workplace and schools (save narrow medical/safety exceptions).
- Biometric categorisation to infer sensitive attributes; and most real-time remote biometric identification in public spaces for law enforcement.
If your use falls here, classification is over — the system must not be placed on the market or used.
Step 2 — Is it high-risk? (Annex III & Art. 6)
High-risk is the heavy regime. There are two routes into it. First, AI that is a safety component of a product already covered by EU harmonisation law (machinery, medical devices, toys, vehicles…). Second — the one most Belgian businesses hit — AI used in the Annex III areas:
| Annex III area | Typical examples |
|---|---|
| Employment & workers | CV-screening, candidate ranking, task allocation, performance monitoring. |
| Education & vocational training | Admission scoring, exam proctoring, evaluation of learning outcomes. |
| Essential private & public services | Credit scoring, eligibility for benefits, life/health insurance risk pricing. |
| Biometrics | Remote biometric identification, biometric categorisation (where not prohibited). |
| Critical infrastructure | Safety management of utilities, traffic, water, gas, electricity. |
| Law enforcement, migration, justice | Risk assessments, evidence evaluation, visa/asylum support, judicial assistance. |
There is an important nuance: under Art. 6(3), an Annex III system is not high-risk if it does not pose a significant risk to health, safety or fundamental rights — for example, when it performs a narrow procedural task or only improves the result of a completed human activity. But you must document and justify that assessment, and systems that profile people never benefit from the exception. Treat the derogation as something you prove, not something you assume.
Step 3 — Limited risk: transparency (Art. 50)
Many ordinary business systems land here. If your AI interacts directly with people (a chatbot) or generates or manipulates content (text, images, audio, video — including deepfakes), you owe transparency: people must be told they are interacting with an AI, and AI-generated or manipulated content must be labelled as such (in a machine-readable way for synthetic media). No conformity assessment, no CE marking — just clear disclosure.
Step 4 — Minimal risk
Everything else — spam filters, recommendation engines, inventory forecasting, most productivity copilots — carries no mandatory obligations under the AI Act. Voluntary codes of conduct are encouraged, and the AI-literacy duty (Art. 4) still applies to your staff, but you are not in the conformity regime.
A note on general-purpose AI
Foundation models sit on a separate track. If you merely use a general-purpose model through an API, you are a deployer of whatever application you build. If you fine-tune, rebrand or substantially modifya model and place it on the market, you can inherit provider obligations — including the GPAI rules. When in doubt, document the modification and check before assuming the lighter role.
Worked example
A Brussels HR-tech firm offers a tool that ranks job applicants. Ranking candidates is an Annex III employment use → high-risk. The same firm adds a chatbot to answer candidate questions: that is limited risk → transparency only. Its internal spam filter is minimal risk. One company, three classifications — which is exactly why you classify per system and per use, then build the compliance plan around the high-risk items first.
General information, not legal advice. Classification decisions carry real exposure — especially the Art. 6(3) derogation. ICTLAB helps Belgian organisations inventory and classify their AI and build the governance to match; see our compliance services or talk to our team.