How do I tell which EU AI Act category our AI use case falls in?
The AI Act has prohibited practices, high-risk systems, limited-risk (transparency) and minimal-risk. Effective dates phase in. Category drives your obligations.
Try this first
- 1Start with the exclusions. Prohibited practices such as government social scoring or certain biometric identification are banned from February 2025 in the EU.
- 2Check the high-risk annexes. Hiring, access to education, credit scoring, critical infrastructure and some law-enforcement tools typically land here.
- 3Limited risk. Chatbots, generated content (deepfakes) and emotion recognition mostly require user-facing transparency.
- 4GPAI models. Providers of general-purpose AI models get specific documentation and transparency duties under the AI Act from August 2025.
- 5Document the classification and the rationale. When in doubt go stricter until the regulator clarifies your case.
When to bring us in
Building something tilting towards high-risk with direct effects on people? An AI Act lawyer plus DPIA is not optional.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.