nexalign

Glossary term

AI Act Risk Categories

Also: EU AI Act Risk Classes

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited risk (Art. 50 transparency), minimal risk. Classification is the first duty; it must be documented and defensible.

Prohibited (since February 2025): social scoring, manipulative AI, real-time remote biometric identification in publicly accessible spaces, emotion recognition in workplaces and education, untargeted scraping of facial images.

High-risk Annex III: AI in employment, education, credit scoring, insurance risk, law enforcement, migration, critical infrastructure, justice, democratic processes, biometric categorisation. High-risk Annex I: AI as safety component in regulated products (machinery, medical devices, toys, lifts).

Limited risk: chatbots, deepfakes, emotion recognition, biometric categorisation, AI-generated content (with labelling). Minimal risk: everything else. Classification must be documented; the EU authority can revise the classification at any time.

Related terms

EU AI Act

World's first comprehensive AI law. Four risk classes: prohibited, high-risk, limited (transparency)

FRIA

Mandatory assessment under EU AI Act Art. 27 for deployment of specific high-risk AI systems. Requir

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for

BCM

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI

BSI C5

Cloud audit catalogue of the German BSI that defines minimum security baseline and transparency duti

CASB

Security layer between users and SaaS providing visibility (shadow IT discovery), data protection (D

← All termsBook a demo →