From lawvable-awesome-legal-skills
Guides classification of AI systems under the EU AI Act — determines AI system status per Art. 3(1) and risk tier (prohibited, high-risk, GPAI, limited, minimal). Useful for compliance assessments.
How this skill is triggered — by the user, by Claude, or both
Slash command
/lawvable-awesome-legal-skills:eu-ai-act-classification-oliver-schmidt-prietzThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Determine whether a technology qualifies as an **AI system under Art. 3(1) AI Act** (Regulation (EU) 2024/1689) and classify its risk tier.
LICENSE.txtREADME.mdreferences/ai-system-definition.mdreferences/art50-transparency.mdreferences/art6-exception.mdreferences/case-studies.mdreferences/compliance-deadlines.mdreferences/enforcement-framework.mdreferences/gpai-systemic-risk.mdreferences/high-risk-annexes.mdreferences/jurisdiction-requirements.mdreferences/prohibited-practices.mdreferences/scope-exclusions.mdreferences/sector-guidance.mdDetermine whether a technology qualifies as an AI system under Art. 3(1) AI Act (Regulation (EU) 2024/1689) and classify its risk tier.
IMPORTANT NOTICE This assessment provides structured guidance based on the EU AI Act (Regulation (EU) 2024/1689), Commission guidelines, and OECD AI framework. It does not constitute legal advice. Final classification decisions should involve qualified legal counsel with AI Act expertise.
Do you acknowledge this and wish to proceed?
Wait for acknowledgment before proceeding.
On activation — always search for:
EU AI Act Commission guidelines AI system definition 2025 2026
EU AI Act high-risk classification guidelines Art. 6 latest
During Annex III assessment — search for:
EU AI Act Annex III delegated acts modifications [current year]
EU AI Act high-risk classification new categories
For GPAI assessment — search for:
EU AI Office GPAI systemic risk threshold FLOP [current year]
EU AI Office GPAI Code of Practice latest
EU AI Act Art. 51 general purpose AI model classification
For open-source exception — search for:
EU AI Act open source exception Art. 2(12) guidance [current year]
EU AI Act Art. 53(2) GPAI open source partial exemption
Prior Assessment Context (optional):
"If you have previously run another EU AI Act skill, you may paste the Assessment Context block here. This pre-fills several questions and avoids redundant input."
If context is provided, pre-populate applicable fields and skip questions that are already answered. If any field conflicts with user answers, flag the inconsistency.
Q1 — System Description:
"Please provide a brief description of the AI technology or system you want to classify. Include: what it does, how it works (at a high level), who uses it, and in what context."
Q2 — Scope Exclusion Check (system-description-informed):
Based on the Q1 system description, assess whether any scope exclusion signals are present:
If a military, international law enforcement, personal use, pure R&D, or pre-market exclusion applies: Output exclusion analysis with legal basis → STOP.
If the system is released under a free and open-source license: Run the dedicated open-source checklist from references/scope-exclusions.md.
If no exclusion applies: Continue to Phase 2.
Read references/ai-system-definition.md for the full 7-criteria framework.
Walk through 7 criteria one at a time, providing examples for each:
Criterion 1 — Machine-based operation:
"Is this system operated by machine-based processes (maschinengestütztes System)? This includes any software or hardware that processes information computationally."
Criterion 2 — Degree of autonomy (Autonomiegrad):
"What degree of autonomy does the system exhibit? Use the ISO 22989 scale:
- Level 0: No automation — fully human-controlled
- Level 1: Assistance — system suggests, human decides
- Level 2: Partial automation — some subfunctions automated, human controls overall
- Level 3: Conditional automation — autonomous in specific contexts, human ready to intervene
- Level 4: High automation — operates parts of mission without intervention
- Level 5: Full automation — completes entire mission without intervention
- Level 6: True autonomy — adapts goals without oversight"
Criterion 3 — Adaptability after deployment:
"Can the system adapt its behavior after deployment? Does it learn from new data, user interactions, or environmental feedback? (Note: this includes continuous learning, online learning, and reinforcement from human feedback.)"
Criterion 4 — Explicit or implicit goals:
"Does the system have defined goals — either explicitly programmed (e.g., 'classify images') or implicitly learned through training data (e.g., learned optimization objectives)?"
Criterion 5 — Inference capability:
"Does the system derive outputs through inference — i.e., making predictions, drawing conclusions, or generating recommendations beyond simple deterministic rules? This distinguishes AI from traditional rule-based software."
Criterion 6 — Output generation:
"What outputs does the system generate? This includes:
- Predictions (e.g., risk scores, forecasts)
- Content (e.g., text, images, audio, video)
- Recommendations (e.g., product suggestions, decision support)
- Decisions (e.g., automated approvals, classifications)"
Criterion 7 — Environmental influence:
"Does the system's output influence physical or virtual environments? Examples: controlling physical devices, modifying user interfaces, filtering content, triggering automated processes."
AI System Determination Output:
After all 7 criteria, output:
### AI System Definition Analysis (Art. 3(1))
| # | Criterion | Met? | Reasoning |
|---|-----------|------|-----------|
| 1 | Machine-based operation | [Yes/No] | [brief reasoning] |
| 2 | Degree of autonomy | [Level X] | [brief reasoning] |
| 3 | Adaptability after deployment | [Yes/No] | [brief reasoning] |
| 4 | Explicit or implicit goals | [Yes/No] | [brief reasoning] |
| 5 | Inference capability | [Yes/No] | [brief reasoning] |
| 6 | Output generation | [Yes/No] | [brief reasoning] |
| 7 | Environmental influence | [Yes/No] | [brief reasoning] |
**Determination:** [This system IS / IS NOT an AI system under Art. 3(1) AI Act]
**Confidence:** [High / Medium / Low — explain if not High]
If NOT an AI system → output determination with reasoning → STOP. If YES → continue to Phase 3.
Read the relevant reference files for each step.
Step 1: Prohibited Practice Screening (Art. 5) — Analyst-Driven Pre-Filtering
Read references/prohibited-practices.md.
"I will now screen against the 8 categories of prohibited AI practices under Art. 5."
Internal relevance scoring (do not show this step to the user):
Based on the Q1 system description, silently categorize each of the 8 prohibited practices as:
Present findings as a single assessment table (all 8 shown for transparency):
| # | Prohibition | Article | Relevance | Reasoning |
|---|---|---|---|---|
| 1 | Subliminal, manipulative, or deceptive techniques | Art. 5(1)(a) | [assessment] | [brief reasoning based on system description] |
| 2 | Exploitation of vulnerabilities (age, disability, social/economic) | Art. 5(1)(b) | [assessment] | [brief reasoning] |
| 3 | Social scoring by public authorities or on their behalf | Art. 5(1)(c) | [assessment] | [brief reasoning] |
| 4 | Individual criminal offense risk assessment/prediction (without factual basis) | Art. 5(1)(d) | [assessment] | [brief reasoning] |
| 5 | Untargeted facial recognition database scraping | Art. 5(1)(e) | [assessment] | [brief reasoning] |
| 6 | Emotion recognition in workplace and education | Art. 5(1)(f) | [assessment] | [brief reasoning] |
| 7 | Biometric categorization for sensitive characteristics | Art. 5(1)(g) | [assessment] | [brief reasoning] |
| 8 | Real-time remote biometric identification in public (law enforcement) | Art. 5(1)(h) | [assessment] | [brief reasoning] |
After presenting the table, ask: "Do any flagged items need discussion, or should I explore any I marked 'Not applicable'?"
Deep-dive only on items marked "Possibly relevant" or "Likely relevant," or on any items the user asks about, using references/prohibited-practices.md for detailed edge cases, boundary analysis, gray zone scenarios, and multi-category interactions.
If ANY prohibition is flagged:
WARNING — PROHIBITED AI PRACTICE DETECTED
Art. 5(1)([x]) AI Act: [description]
This AI system falls within the scope of a PROHIBITED practice.
Deployment, placing on market, or putting into service is PROHIBITED.
Legal basis: Art. 5(1)([x]), Recital [XX]
Penalty: Art. 99(3) — up to EUR 35,000,000 or 7% of total worldwide annual turnover
IMMEDIATE ACTION REQUIRED: Consult qualified legal counsel.
→ STOP (unless user wants to explore exceptions listed in Art. 5).
Step 2: High-Risk Check — Annex I (Product Safety)
Read references/high-risk-annexes.md.
"Is this AI system a safety component of a product, or is it itself a product, covered by the EU harmonization legislation listed in Annex I?"
Screen all 18 Annex I product categories. If YES → high-risk under Art. 6(1).
Step 3: High-Risk Check — Annex III (Application-Based) — Auto-Pre-Screen
For sector-specific Annex III analysis, read references/sector-guidance.md. For worked classification examples, see references/case-studies.md.
Auto-assessment (internal — based on Q1 system description):
Using sector, use case, and deployment context signals from the system description, automatically map the system to relevant Annex III categories. Categorize each as:
Present auto-assessment table (all 8 categories shown for transparency):
"Based on your system description, here is my initial Annex III relevance assessment:"
| # | Category | Key Applications | Relevance | Reasoning |
|---|---|---|---|---|
| 1 | Biometrics | Remote biometric identification, emotion recognition, categorization | [assessment] | [reasoning from system description] |
| 2 | Critical infrastructure | Management/operation of critical digital/physical infrastructure | [assessment] | [reasoning] |
| 3 | Education & vocational training | Access determination, admission, assessment, monitoring | [assessment] | [reasoning] |
| 4 | Employment, workers management, self-employment | Recruitment, screening, evaluation, monitoring, termination | [assessment] | [reasoning] |
| 5 | Access to essential services | Creditworthiness, insurance, social benefits, emergency dispatch | [assessment] | [reasoning] |
| 6 | Law enforcement | Risk assessment, polygraphs, evidence reliability, profiling, crime analytics | [assessment] | [reasoning] |
| 7 | Migration, asylum, border control | Risk assessment, application examination, detection | [assessment] | [reasoning] |
| 8 | Administration of justice & democratic processes | Legal research, sentencing, dispute resolution, elections | [assessment] | [reasoning] |
"Do you agree with this assessment, or should I re-examine any categories?"
User confirms or overrides. If the system description contradicts a user override (e.g., user says "Not applicable" for Employment but system processes CVs), flag the contradiction and assess fully regardless.
Detailed assessment proceeds only for categories marked "Relevant" or "Potentially relevant" (or any the user asks to examine).
If Annex III hit → Check Art. 6(3) exception:
Read references/art6-exception.md.
"An Annex III category was triggered. Now checking the Art. 6(3) exception — does this system perform only a 'narrow procedural task' or 'complementary human activity' that does not replace or influence human assessment?"
Apply 4 exception conditions:
Special re-exception: Art. 6(3) last sentence — exception does NOT apply if the system performs profiling of natural persons (Art. 4(4) GDPR).
Step 4: GPAI Model Check
Read references/gpai-systemic-risk.md.
"Is this system based on, or does it incorporate, a general-purpose AI model (Art. 3(63))? If so, does the underlying model pose systemic risk (Art. 3(65), Art. 51)?"
Search for latest GPAI classifications and threshold updates.
Step 5: Transparency Obligations Check (Art. 50)
"Does this system trigger any transparency obligations under Art. 50?"
| Obligation | Trigger | Article |
|---|---|---|
| Interaction disclosure | System interacts directly with natural persons | Art. 50(1) |
| Synthetic content marking | System generates synthetic audio, image, video, text | Art. 50(2) |
| Emotion recognition disclosure | System performs emotion recognition | Art. 50(3) |
| Deepfake labeling | System generates deep fakes | Art. 50(4) |
For detailed implementation guidance — including the Code of Practice's multi-layered marking framework (metadata + watermarking), deployer labelling requirements, exceptions, boundary analysis, and interaction with other AI Act provisions — see references/art50-transparency.md.
┌─────────────────┐
│ SCOPE GATE │
│ Art. 2 Check │
└────────┬────────┘
│
Exclusion applies?
├── YES → STOP (out of scope)
└── NO
│
┌────────▼────────┐
│ AI SYSTEM TEST │
│ Art. 3(1) │
│ 7 Criteria │
└────────┬────────┘
│
Is it an AI system?
├── NO → STOP (not an AI system)
└── YES
│
┌──────────────▼──────────────┐
│ RISK CLASSIFICATION │
│ (assess in order) │
└──────────────┬──────────────┘
│
┌────────────▼────────────┐
│ Step 1: Art. 5 │
│ Prohibited Practices? │
├── YES → PROHIBITED │
└── NO │
│
┌────────────▼────────────┐
│ Step 2: Annex I │
│ Product Safety? │
├── YES → HIGH-RISK │
│ (Art. 6(1)) │
└── NO │
│
┌────────────▼────────────┐
│ Step 3: Annex III │
│ Application-Based? │
├── YES ──┐ │
└── NO │ │
│ ▼ │
│ Art. 6(3) Exception? │
│ ├── NO → HIGH-RISK │
│ │ (Art. 6(2)) │
│ └── YES → NOT high │
│ (Art. 6(4) doc) │
│ │
┌─▼───────────────────────┐
│ Step 4: GPAI Model? │
├── Systemic risk │
│ → Art. 53 + 55 │
├── Standard GPAI │
│ → Art. 53 │
└── No GPAI │
│
┌────────────▼────────────┐
│ Step 5: Art. 50 │
│ Transparency Trigger? │
├── YES → LIMITED RISK │
└── NO → MINIMAL RISK │
(Art. 4 only) │
└─────────────────────────┘
After completing all phases, output:
## AI Act Classification Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
System: [name]
Date: [date]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
AI System (Art. 3(1)): [YES/NO] — [confidence]
Risk Tier: [Prohibited/High-Risk/GPAI-Systemic/Limited/Minimal]
Classification Basis: [Art. 5(1x) / Annex I Nr. X / Annex III Nr. X / Art. 50 / None]
Art. 6(3) Exception: [Applicable/Not Applicable/N/A]
Scope Exclusions: [None / Art. 2(x) applies]
GPAI Model: [Yes — systemic risk / Yes — standard / No / N/A]
Transparency (Art. 50): [Applicable — Art. 50(1)-(4) / None]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
FLAGS:
[flags if any — examples:]
[PROHIBITED PRACTICE — Art. 5(1)(x) — immediate legal review required]
[QUASI-PROVIDER RISK — modifications may trigger Art. 25]
[GPAI SYSTEMIC RISK — Art. 55 obligations apply]
[PROFILING DETECTED — Art. 6(3) exception excluded per last sentence]
[OPEN-SOURCE — partial exemption conditions met/not met]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ASSESSMENT CONTEXT (paste into next skill)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
System: [name]
Classification: [risk tier]
Basis: [legal basis]
Role: [from prior assessment or TBD]
Quasi-Provider: [from prior assessment or TBD]
Sector: [sector]
Jurisdiction: [list]
Org Size: [size]
Art. 50: [applicable triggers]
GPAI: [yes/no, systemic risk]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
NEXT STEPS:
→ Run /ai-act-roles to determine organizational role
→ Run /ai-act-obligations for applicable requirements
→ Run /ai-act-report to generate formal assessment documentation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
npx claudepluginhub lawve-ai/awesome-legal-skillsClassifies AI systems under the EU AI Act (Regulation 2024/1689) and determines compliance obligations. Walks through scope, prohibited practices, high-risk categories, and GPAI/transparency rules by role.
Classifies AI systems under EU AI Act risk levels (prohibited, high, limited, minimal) using structured signals and MCP tools. Useful when users ask about AI Act scope, Annex III, Article 5/50, or risk classification.
Classifies AI systems under EU AI Act Annex III and US-state high-risk laws. Helps identify provider vs deployer obligations and prohibited practices.