Question 1

What are the EU AI Act risk categories?

Accepted Answer

The EU AI Act uses a four-tier risk classification: (1) Unacceptable risk — prohibited AI practices including social scoring, real-time biometric identification in public spaces, and manipulation of vulnerable groups. (2) High risk — AI used in critical infrastructure, education, employment, essential services, law enforcement, migration, or administration of justice. Requires conformity assessment, risk management system, data governance, logging, and human oversight. (3) Limited risk — AI with transparency obligations only (e.g., chatbots must disclose they are AI). (4) Minimal risk — most AI applications with no specific obligations.

Question 2

Is a recruitment AI system high-risk under the EU AI Act?

Accepted Answer

Yes. Annex III of the EU AI Act explicitly lists AI systems used for recruitment or selection of natural persons, notably for advertising vacancies, screening or filtering applications, and evaluating candidates as high-risk. If you use AI to screen CVs, score applicants, or rank candidates, you face Article 9 (risk management system), Article 10 (data and data governance), Article 13 (transparency), and Article 17 (quality management) obligations.

Question 3

When does the EU AI Act apply?

Accepted Answer

The EU AI Act entered into force in August 2024. Prohibitions on unacceptable risk practices apply from February 2025. Obligations for high-risk AI systems in Annex III apply from August 2026. GPAI model obligations apply from August 2025. The Act applies to providers and deployers placing AI on the EU market or affecting EU users, regardless of where they are established.

EU AI Act Risk Classification

The four risk tiers

Unacceptable risk — Prohibited

High risk — Full compliance obligations

Limited risk — Transparency only

Minimal risk — No specific obligations

Classify your AI and build your compliance plan