Is the classifier's verdict legally binding?

No. The verdict is a structured assessment based on the deployer's answers to the six questions. Legal review of the verdict, and ultimately the conformity assessment under Article 43, is the binding artifact. The classifier produces a defensible starting point and a documentary trail.

What happens if a use case crosses multiple Annex III categories?

The full obligation set applies. The classifier's output names every Annex III paragraph the use case touches and consolidates the obligations. A credit-scoring system that also produces employment-relevant signals (rare but possible) inherits the obligations from both §5(b) and §4.

How often does Annex III change?

The Commission has authority to update Annex III under Article 7. The first review is scheduled for August 2, 2026. Subsequent reviews run at least every two years. The classifier is versioned against the active Annex III text and updates within 30 days of a published amendment.

Does the classifier work for non-EU deployers selling into the EU?

Yes. Article 2 of the EU AI Act extends to providers and deployers outside the EU when the output of the AI system is used in the EU. A US-based deployer with EU customers has the same obligation surface as an EU-based deployer for the same use case. The classifier asks one question (the deployment region) and applies the rules accordingly.

EU AI Act Classifier: A Free Tool to Score Your AI System Against Annex III High-Risk Categories

The EU AI Act sets four risk tiers for AI systems: prohibited (Article 5), high-risk (Articles 6 to 49), limited-risk (Article 50), and minimal-risk. The high-risk tier is where most enterprise deployers land, and where Articles 9, 10, 12, 13, 15, 17, 19, and 26 stack up. The classification determines which obligations apply, which deadline matters, and which audit infrastructure has to be in place. The August 2, 2026 effective date for high-risk obligations is six weeks away as of this writing.

The classifier scores your AI system against the Annex III categories and the supporting articles. The output is a defensible verdict the deployer can hand to legal review.

What the classifier does

The classifier walks the deployer through six structured questions. Each question maps to a clause in Article 6 (classification rules) and Annex III (high-risk use cases). The output is one of:

Prohibited (Article 5). The system is in the eight prohibited categories. Deployment is not permitted in the EU.
High-risk (Article 6 + Annex III). The system falls in one or more Annex III categories. The full obligations under Articles 9-49 apply by August 2, 2026 (Annex I systems) or August 2, 2027 (Annex II systems).
High-risk with deployer exception (Article 6(3)). The system is in an Annex III category but qualifies for the narrow exception (narrow task, no significant influence on the outcome).
Limited-risk (Article 50). The system interacts with people and triggers transparency obligations (chatbots, deepfakes, emotion recognition) but does not carry the full high-risk obligations.
Minimal-risk. No specific obligations beyond general-purpose AI model rules under Article 53 (which fall on the model provider, not the deployer).

The six classifier questions

1. Is the AI system used for any prohibited practice under Article 5?

Article 5 names eight prohibited categories: social scoring by public authorities, untargeted facial-recognition scraping, real-time biometric identification in public spaces (with narrow law-enforcement exceptions), subliminal manipulation, exploitation of vulnerabilities, emotion inference in workplaces or schools, biometric categorization on sensitive attributes, and predictive policing based on profiling. A yes on any sub-question routes to Prohibited.

2. Is the AI system a safety component of a product covered by Annex I?

Annex I lists EU product-safety regulations (machinery, toys, lifts, medical devices, automotive, aviation). If the AI system is a safety component of a regulated product, the high-risk obligations apply and the August 2, 2026 effective date is binding.

3. Is the AI system used in one of the eight Annex III domains?

The eight Annex III domains:

Biometric identification and categorization
Critical infrastructure (water, gas, electricity, traffic)
Education and vocational training (admissions, evaluation, proctoring)
Employment and worker management (recruitment, performance, termination)
Access to essential public and private services (credit scoring, insurance, emergency response, public benefits)
Law enforcement
Migration, asylum, border control
Administration of justice and democratic processes

A yes on any sub-question routes to High-risk pending the Article 6(3) exception check.

4. Does Article 6(3) apply (deployer exception)?

Article 6(3) lets a deployer claim exception if all four conditions hold: the AI system is intended for a narrow procedural task, the task is preparatory rather than decisional, the human-in-the-loop substantively influences the outcome, and the system does not profile natural persons. If all four hold, the deployer is required to document the exception and register the assessment with the EU AI Office.

5. Does the system interact with natural persons in a way that triggers Article 50 transparency?

Chatbots, deepfake systems, emotion-recognition systems, and biometric-categorization systems carry transparency obligations under Article 50 regardless of the risk tier. The user has to be informed they are interacting with AI.

6. Is the system a General-Purpose AI model itself?

If the system being classified is the model provider's own product (e.g., GPT-5, Claude Opus 4.6), Article 53 applies. Most enterprise deployers are not in this category; they consume general-purpose models inside their applications.

The output

The classifier produces a verdict plus a list of obligations:

The verdict is auditable. The classifier's question history, the deployer's answers, and the mapping from Annex III paragraph to article obligation are all included in the exportable report.

What the classifier does not do

The classifier does not produce a conformity assessment. Article 43 requires a formal third-party or self-conformity assessment depending on the Annex III category. The classifier's output is the input to that assessment, not a substitute.

The classifier does not advise on penalty exposure. Penalty exposure depends on actual non-conformity, supervisory authority discretion, and the deployer's mitigation history.

When to run the classifier

Three triggers:

Before scoping a new AI use case. Run the classifier on the proposed use case before engineering work starts. A use case that lands in Annex III §4 (employment) carries the full obligation set and has to be designed for compliance from the first sprint.
Before any go-live. Run the classifier as part of the pre-production gate. The classification is a required input to the deployer's risk-management documentation under Article 9.
Quarterly thereafter. Use cases drift. A chatbot that started as a marketing FAQ can drift into customer-service routing, which intersects Annex III §5(b) if the routing affects access to essential services.

DeepInspect

DeepInspect's gateway implements the runtime evidence Articles 12, 19, and 26 require. The classifier complements the gateway: classify the use case, deploy the gateway, and the audit-record set produces the per-decision evidence that satisfies the obligations triggered by the classification.

The classifier is available at deepinspect.ai/tools/eu-ai-act-classifier. The output is exportable as a JSON report your legal team can attach to the Article 9 documentation. For deployers facing the August 2, 2026 deadline, the classifier-plus-gateway pairing is the operational answer.

If you are facing the August deadline, let's talk.