Is the checker's output a legal determination of our compliance status?

No. The checker applies the Act's classification logic to your inputs and returns the most likely tier. It is a structured starting point, not a legal opinion. You should use the result to focus your internal review and then engage qualified legal counsel before submitting any conformity assessment or registration.

How does the tool decide which risk tier applies?

The rules are evaluated in a fixed order. Prohibited practices are checked first; if one applies, the analysis stops there. If not, the tool checks whether the primary use case matches an Annex III high-risk category. If neither applies, it checks for transparency triggers such as direct human interaction or synthetic content generation. If none of those conditions are met, the system is classified as minimal-risk.

What if our system spans more than one use case category?

Select the highest-risk category that genuinely describes a material function of the system in production. The Act assesses the intended purpose and reasonably foreseeable use, so a system used for both internal analytics and credit decisions should be assessed against the credit-decision category.

What are the limitations of this tool?

The checker relies on your own characterization of the system. If the use case is described more narrowly than it operates in practice, the output may understate the risk tier. The tool also does not account for national implementing measures, sector-specific guidance, or future amendments to Annex III. Results should be treated as indicative and reviewed against the full text of the Act.

Our AI vendor says their system is minimal-risk. Should we trust that?

Vendor classifications are often based on the broadest or most favorable reading of the use case. Your obligations as a deployer depend on how you actually use the system within your institution. Running the checker based on your specific use case is a reasonable way to form an independent view before accepting a vendor's characterization.

When do transparency obligations apply even to a low-risk system?

Transparency obligations under Article 50 are triggered when a system interacts directly with a natural person, for example a customer-facing chatbot, or generates synthetic content including AI-written text or manipulated images. These obligations apply regardless of whether the underlying use case falls under Annex III, so a system that would otherwise be minimal-risk still requires disclosure controls if it meets either condition.

EU AI Act Applicability Checker

Find the likely EU AI Act risk tier and obligations for your AI system.

Calculations run entirely in your browser. Nothing is submitted.

The EU AI Act Applicability Checker classifies an AI system into its regulatory risk tier, prohibited, high-risk, transparency-obligated, or minimal-risk, and lists the specific compliance obligations that apply. Knowing your tier is the first step any compliance officer needs before building a conformity assessment or GPAI documentation plan.

How to use the EU AI Act Applicability Checker

The checker asks three questions. Work through them in order.

Step 1: Prohibited practice screening. Answer whether your system uses any practice the Act flatly bans. Examples include social scoring by public authorities, untargeted scraping of facial images from the internet, and subliminal techniques that manipulate behavior below conscious awareness. If the answer is yes, the tool stops there: the system cannot be deployed in the EU regardless of other factors.

Step 2: Primary use case. Select the category that best describes what the system actually does in production, not what it could theoretically do. Annex III of the Act lists the specific high-risk use cases: employment decisions, credit scoring, biometric identification, critical infrastructure management, law enforcement, and several others. Choose the closest match. If your system spans multiple categories, use the highest-risk one.

Step 3: Direct interaction or synthetic content. Indicate whether the system talks directly to people (a chatbot, a virtual assistant) or generates synthetic content such as deepfakes or AI-written text. These features trigger transparency obligations even when the underlying use case would otherwise be minimal-risk.

Once you submit, the checker returns a risk tier and a list of the obligations that attach to it. The result is a starting point, not a legal opinion, so bring it to your legal counsel before filing any conformity assessment.

What the result means

The checker can return one of four tiers.

Prohibited means the practice is banned outright under Article 5. Deployment in the EU is not permitted. If you receive this result, the immediate action is to halt any planned rollout and engage legal counsel.

High-risk means your system falls under Annex III and is subject to the Act's core conformity requirements: a risk management system, technical documentation, data governance measures, human oversight mechanisms, logging of events, and registration in the EU database before market placement. High-risk obligations are substantial and typically require months of preparation.

Transparency-obligated means the system interacts with people or generates synthetic content in ways that require disclosure. Users must know they are interacting with an AI, and certain synthetic content must be labeled. This tier has lighter obligations than high-risk but still requires documented controls.

Minimal-risk means no specific obligations apply under the Act. You may still want to maintain internal documentation for procurement or audit purposes, but there is no statutory conformity assessment required.

The result page lists obligations in plain language. Use that list as a gap analysis: check each item against your current controls and note what is missing.

Why this matters for compliance teams

The EU AI Act applies to providers who place AI systems on the EU market and to deployers who put those systems into service within the EU. Financial institutions using AI for credit decisions, fraud detection, or customer-facing services are frequently in scope. The stakes are real: non-compliance with high-risk requirements can carry fines of up to 3 percent of global annual turnover, and prohibited-practice violations can reach 7 percent.

For a compliance officer or MLRO, the practical challenge is that many vendors do not clearly state their system's risk tier. Running this checker yourself, based on actual use in your institution, is faster than waiting for vendor documentation and gives you an independent view to bring into due-diligence conversations.

FluxForce built this tool specifically for financial crime and compliance contexts, where AI is increasingly embedded in transaction monitoring, customer onboarding, and adverse-media screening, all areas that sit close to the Annex III boundary. Use the output to prioritize which AI systems need a full conformity review first.

Close the gap with FluxForce

FluxForce AI agents cut false positives, clear alert backlogs, and produce evidence-backed decisions with full audit trails, so the numbers above move in the right direction.

Explore AI Modules icon

Request a Demo

← Back to all tools