Paper Type
Complete
Abstract
The European Union’s AI Act introduces a framework for assessing and regulating AI systems based on risk levels. While the Act defines risk categories and compliance requirements, the classification of General-Purpose AI (GPAI) systems remains complex. This paper proposes a systematic risk classification enabling operators to categorise AI systems in accordance with the AI Act. We introduce a four-step classification process, distinguishing between high-risk AI systems, GPAI with and without systemic risk. Additionally, we outline key architectural considerations, including LLM-based AI agents, Retrieval-Augmented Generation, and hybrid deployment models. To validate our approach, we apply the framework to three real-world use cases, demonstrating its applicability. Our findings emphasise the challenges and impact of risk-based AI governance, offering practical insights for businesses developing or implementing GPAI under the AI Act.
Paper Number
1514
Recommended Citation
Schuster, Thomas; Waidelich, Lukas Falk; Schneider, Andreas; and Lambert, Marian, "Risk Classification and Compliance of AI Systems under the EU AI Act" (2025). AMCIS 2025 Proceedings. 17.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/17
Risk Classification and Compliance of AI Systems under the EU AI Act
The European Union’s AI Act introduces a framework for assessing and regulating AI systems based on risk levels. While the Act defines risk categories and compliance requirements, the classification of General-Purpose AI (GPAI) systems remains complex. This paper proposes a systematic risk classification enabling operators to categorise AI systems in accordance with the AI Act. We introduce a four-step classification process, distinguishing between high-risk AI systems, GPAI with and without systemic risk. Additionally, we outline key architectural considerations, including LLM-based AI agents, Retrieval-Augmented Generation, and hybrid deployment models. To validate our approach, we apply the framework to three real-world use cases, demonstrating its applicability. Our findings emphasise the challenges and impact of risk-based AI governance, offering practical insights for businesses developing or implementing GPAI under the AI Act.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC