Aigolex Logo

Understand your AI Act obligations.
Prove compliance.
Keep it aligned as AI evolves.

A practical compliance platform for companies deploying AI in the EU and the consultants who support them. Built around real deployments, not abstract models.

Join 300+ professionals already exploring AI Act compliance with Aigolex

Aigolex product dashboard

The real AI Act problem

Companies don't know if they are AI providers, deployers, or both.

Obligations depend on how AI is used, not on the model itself.

Documentation becomes outdated as soon as systems or vendors change.

Audits, enterprise customers, and boards expect immediate answers.

AI Act compliance is not a one-time exercise.
It's an operational problem.

Compliance attaches to deployments, not to AI models

That's why the platform mirrors the structure of the AI Act itself

Company

the legal entity ultimately responsible for compliance

Workspaces

distinct operational perimeters where AI is developed, tested, or used

AI assets

the underlying AI systems or models, independent from any single feature

Deployments

how those AI assets are actually used in practice, by whom, and for what purpose

Under the AI Act, obligations, risk classification, and roles attach to deployments not to AI models in isolation. This ensures compliance decisions reflect real-world AI use, not theoretical system descriptions.

Scope

Define where AI exists, how it's used, and who is responsible.

  • Maps AI usage across companies and workspaces
  • Identifies AI assets and their concrete deployments
  • Determines your role under the AI Act (provider, deployer, or both)

Misclassifying your role means misapplying every obligation that follows.

Scope feature preview

Obligations

Know exactly what the AI Act requires, per deployment.

  • Assigns regulatory requirements at the deployment level
  • Based on role, risk classification, and usage context
  • Generates clear, trackable checklists
  • Separates applicable obligations from irrelevant ones

The AI Act is obligation-driven. Guessing is not a strategy.

Obligations feature preview

Evidence

Always-ready documentation to prove compliance.

  • Centralizes compliance documentation per workspace and deployment
  • Includes system descriptions and risk assessments
  • Tracks human oversight measures and monitoring controls

Static documents fail the moment reality changes.

Evidence feature preview

Continuity

Stay compliant as AI systems, vendors, and uses change.

  • Monitors changes to AI assets, deployments, and operational perimeters
  • Flags when obligations or risk levels must be updated
  • Alerts when documentation needs to be refreshed

Most compliance failures happen after the first assessment.

Continuity feature preview

AI Act compliance readiness assessment

Identify your AI Act obligations, classify risk exposure, and uncover compliance gaps — with a guided interactive assessment.

Built for teams that can't ignore regulation

EU-based or EU-operating

Active AI deployments

Exposure to audits

Legal & compliance leaders

Risk & trust teams

Engineering leaders accountable for AI systems

Built by people who've done this before

Experience in legaltech and regulated environments

Built with legal and technical teams

Not Big-4 complexity

Prepare now. Don't scramble later.

Aigolex Logo

Aigolex is made by Aigolex · Bologna (BO) Italy · VAT IT04292571208

Aigolex Logo
Compliance

How does the regulation define and categorize high-risk AI systems?

Aigolex Team24 October 2025
How does the regulation define and categorize high-risk AI systems?

The EU AI Act classifies AI systems as high-risk based on two main criteria: whether they act as safety components for regulated products, or whether they fall under specific, predefined use cases known to pose significant risks to fundamental rights, health, or safety.

1. Safety components and regulated products (Annex I)

An AI system is classified as high-risk if it meets both of the following conditions:

  • It is intended to be used as a safety component of a product, or is itself a product, that is already covered by specific Union harmonization legislation listed in Annex I of the Act.
  • The product is required to undergo a third-party conformity assessment under that existing legislation before being placed on the market or put into service.

Examples of product categories covered under Annex I include machinery, toys, medical devices, in vitro diagnostic medical devices, lifts, recreational craft, radio equipment, personal protective equipment, and civil aviation security systems.

2. Specific predefined use cases (Annex III)

Regardless of whether they are attached to a regulated product, AI systems are classified as high-risk if they are intended for use in any of the following eight critical areas:

  • Biometrics: Remote biometric identification systems (excluding simple one-to-one verification), biometric categorization based on sensitive attributes, and emotion recognition systems.
  • Critical infrastructure: Safety components in the management and operation of critical digital infrastructure, road traffic, and the supply of water, gas, heating, or electricity.
  • Education and vocational training: Systems used to determine admissions, evaluate learning outcomes, assess an individual's appropriate educational level, or monitor prohibited behavior during tests.
  • Employment and workers' management: Systems used for recruitment, filtering applications, allocating tasks based on behavior/traits, evaluating performance, or making decisions about promotions or terminations.
  • Essential private and public services: Systems used to evaluate eligibility for public assistance/benefits, establish credit scores (excluding financial fraud detection), assess risk and pricing for life and health insurance, or classify emergency calls and dispatch first responders.
  • Law enforcement: Tools used as polygraphs, evaluating the reliability of evidence, profiling natural persons to assess the risk of offending, or assessing the risk of a person becoming a victim of a crime.
  • Migration, asylum, and border control: Systems used as polygraphs, assessing security or health risks of individuals entering the territory, assisting in the examination of asylum and visa applications, or identifying natural persons.
  • Administration of justice and democratic processes: Systems assisting judicial authorities in researching and interpreting facts and the law, or systems intended to influence the outcome of elections or voter behavior.

Exceptions to high-risk classification

By way of derogation, an AI system listed in the Annex III use cases is not considered high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights, meaning it does not materially influence the outcome of decision-making.

This exemption applies specifically if the AI system fulfils one of the following conditions:

  • It performs a narrow procedural task.
  • It is intended to improve the result of a previously completed human activity.
  • It is meant to detect decision-making patterns or deviations without replacing or influencing the previously completed human assessment.
  • It performs a preparatory task to a relevant assessment.

Absolute rule on profiling: Notwithstanding these exceptions, if an AI system under Annex III performs profiling of natural persons, it is always classified as high-risk.

Providers who classify an Annex III system as non-high-risk based on these exceptions must document their assessment before placing the system on the market and register the system in the EU database.

Aigolex Logo

Aigolex is made by Aigolex · Bologna (BO) Italy · VAT IT04292571208