RoutineMetric

EU AI Act Risk Class Checker

Quickly assess your AI system's risk class according to the 2026 EU AI Act guidelines. Answer the questions below to determine your compliance obligations.

System Assessment

1. Does the system use subliminal techniques to materially distort a person's behavior causing harm?

2. Is the system used for 'social scoring' by public authorities?

3. Is it a real-time remote biometric identification system used in publicly accessible spaces for law enforcement?

4. Is the system used as a safety component of a product (e.g., medical devices, machinery, vehicles)?

5. Is it used in critical infrastructure that could put people's lives and health at risk?

6. Is the system used in employment, worker management, or access to self-employment (e.g., CV sorting)?

7. Is the system used for determining access to essential private or public services (e.g., credit scoring)?

8. Does the system interact with humans (e.g., chatbots, generative AI)?

9. Does the system generate deepfakes (audio/video/image)?

Source: Official EU AI Act (Regulation (EU) 2024/1689) guidelines and risk classification framework.

Next Steps

Need to calculate costs for AI compliance? Coming soon to RoutineMetric. In the meantime, check your Cross-Border tax.

Cross-Border Tax Estimator

What is the EU AI Act?

The European Union Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework specifically designed to regulate the development, deployment, and use of Artificial Intelligence systems. Unlike sweeping privacy regulations like the GDPR, the AI Act takes a risk-based approach, categorizing AI applications based on their potential to cause harm to fundamental human rights, safety, and democracy.

Breakdown of AI Risk Categories

The regulation defines four primary tiers of risk, each carrying different compliance obligations:

  • Prohibited (Unacceptable Risk): AI systems that pose a clear threat to safety, livelihoods, and rights. Examples include social scoring by governments, subliminal manipulation, and real-time remote biometric identification in public spaces (with narrow law enforcement exceptions). These are strictly banned.
  • High Risk: Systems used in critical infrastructure, education, employment (e.g., automated CV sorting), essential services, law enforcement, and medical devices. These face rigorous obligations including conformity assessments, risk management, data governance, and human oversight.
  • Limited Risk: Systems like chatbots, deepfakes, and generative AI (like ChatGPT or Midjourney). The primary obligation here is transparency—users must be explicitly informed that they are interacting with or viewing content generated by AI.
  • Minimal / No Risk: The vast majority of AI systems (e.g., spam filters, video game AI) fall into this category. The AI Act imposes no mandatory rules on these systems, though voluntary codes of conduct are encouraged.

Frequently Asked Questions

When does the EU AI Act come into effect?

The Act entered into force in mid-2024. However, the rules apply in a phased approach: Prohibited AI systems are banned 6 months after entry into force (late 2024), General Purpose AI rules apply after 12 months (mid-2025), and most High-Risk obligations apply after 24 to 36 months (2026-2027).

Does the AI Act apply to non-EU companies?

Yes. Similar to GDPR, the AI Act has extraterritorial scope. If your AI system is placed on the market in the EU, or if the output of the system is used in the EU, you must comply with the regulation regardless of where your company is headquartered.

Is this checker tool legally binding?

No. This tool provides a high-level educational estimation based on the official guidelines. Because the legal definitions are nuanced and context-dependent, you should always commission a formal audit by specialized AI compliance counsel before launching your product in the European Economic Area.