From lawvable-awesome-legal-skills
Classifies AI systems under the EU AI Act (Regulation 2024/1689) and determines compliance obligations. Walks through scope, prohibited practices, high-risk categories, and GPAI/transparency rules by role.
How this skill is triggered — by the user, by Claude, or both
Slash command
/lawvable-awesome-legal-skills:eu-ai-act-classification-werner-plutatThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Classify AI systems under Regulation (EU) 2024/1689 and determine obligations by role.
Classify AI systems under Regulation (EU) 2024/1689 and determine obligations by role.
Important: This skill provides compliance workflow support, not legal advice. Always cite specific EU AI Act articles. Where facts are incomplete, state assumptions explicitly and ask targeted follow-up questions.
Follow this decision tree strictly in order. Stop at the first match.
Confirm the AI system falls within scope:
If out of scope, document why and stop.
Check every Article 5 category. If any match → PROHIBITED. Stop unless a narrow law enforcement exception applies.
Categories (check all eight):
→ For the complete checklist with examples and edge cases, read references/prohibited-practices.md.
Annex I path: Is the AI a product or safety component under EU harmonisation legislation (e.g., MDR, Machinery Regulation) subject to third-party conformity assessment? → HIGH-RISK
Annex III path: Does the intended purpose fall within one of the eight high-risk use-case categories?
| # | Category | Quick examples |
|---|---|---|
| 1 | Biometrics | Remote identification, verification, categorisation |
| 2 | Critical infrastructure | Energy grid control, water systems, traffic management |
| 3 | Education | Admissions, grading, learning access decisions |
| 4 | Employment | CV screening, promotion, termination, task allocation |
| 5 | Essential services | Credit scoring, insurance pricing, housing, welfare |
| 6 | Law enforcement | Risk assessment, evidence evaluation, profiling |
| 7 | Migration & border | Border risk assessment, document verification |
| 8 | Justice & democracy | Judicial assistance, electoral process systems |
→ For all categories with examples and edge cases, read references/high-risk-annex-iii.md.
Article 6(3) exception: Even if an Annex III use case matches, a system is NOT high-risk if it:
AND the system does not pose a significant risk of harm to health, safety, or fundamental rights.
If claiming this exception, document the reasoning thoroughly.
Independent of system-level risk. A minimal-risk app can use a GPAI model with its own obligations. Downstream providers/deployers must still verify vendor evidence and ensure documentation is sufficient for their specific use case and risk profile.
Check:
→ For GPAI obligations and systemic risk details, read references/gpai-obligations.md.
If not prohibited or high-risk, check Article 50 transparency duties:
No AI Act-specific obligations. Recommend:
Use these questions at the start (and whenever facts are missing) to gather the information needed for classification. For borderline cases or uncertainty, escalate early to qualified legal counsel and document assumptions.
System & Purpose
Impact & Context 3. Does it make or materially influence decisions about individuals in education, employment, essential services, law enforcement, migration, or justice? 4. Who is affected — customers, employees, citizens, patients? 5. Is it customer-facing? Is there meaningful human oversight in practice?
Technical 6. Does it use biometrics, emotion recognition, or infer sensitive attributes? 7. What data categories are processed, including special category data? 8. Is a GPAI model used? Which provider? What compliance evidence is available?
Organisational 9. Who is the provider vs. deployer? Where is it deployed? 10. Is it a product or safety component under EU harmonisation legislation?
If answers are incomplete, state assumptions explicitly and flag gaps.
Load these as needed based on the classification result:
| File | When to read |
|---|---|
| references/prohibited-practices.md | Evaluating Article 5 — complete checklist with examples and edge cases |
| references/high-risk-annex-iii.md | Evaluating Annex III — all 8 categories with examples, edge cases, and the Article 6(3) exception |
| references/gpai-obligations.md | System uses a GPAI model — Articles 51–56, systemic risk thresholds, downstream duties |
| references/obligations-matrix.md | After classification — provider/deployer/importer/distributor responsibilities by risk level |
| references/timeline.md | Building a compliance roadmap — all deadlines with practical planning guidance |
| references/dach-specific.md | Deployer is in Germany/Austria/Switzerland — works council, BaFin, BSI, BNetzA, sector-specific overlaps |
| references/templates.md | Producing deliverables — classification memo, risk register entry, executive summary templates |
Every classification produces three deliverables:
Classification Memo — Formal assessment documenting the decision tree walkthrough, classification result, cited articles, and key assumptions. This is the primary legal record.
Risk Register Entry — Structured entry for the organisation's AI risk register with system name, classification, key obligations, deadlines, and responsible parties.
Executive Summary — One-page summary for leadership with classification result, key obligations, timeline, and recommended next steps.
Always consider horizontal obligations such as AI literacy/training (Article 4) as part of the compliance roadmap, even for minimal-risk systems.
→ For complete templates, read references/templates.md.
Flag these in every assessment to ensure appropriate escalation:
| Violation | Maximum fine |
|---|---|
| Prohibited practices | €35M or 7% global annual turnover |
| High-risk system obligations | €15M or 3% global annual turnover |
| Incorrect/misleading information | €7.5M or 1% global annual turnover |
For SMEs and startups, the lower of the two amounts applies.
This skill provides structured compliance workflow support based on Regulation (EU) 2024/1689. It does not constitute legal advice. Classification outcomes should be reviewed by qualified legal counsel before being relied upon for compliance decisions. The EU AI Act is subject to delegated acts, implementing acts, and guidance from the EU AI Office that may affect interpretation.
npx claudepluginhub lawve-ai/awesome-legal-skillsGuides classification of AI systems under the EU AI Act — determines AI system status per Art. 3(1) and risk tier (prohibited, high-risk, GPAI, limited, minimal). Useful for compliance assessments.
Classifies AI systems under EU AI Act risk levels (prohibited, high, limited, minimal) using structured signals and MCP tools. Useful when users ask about AI Act scope, Annex III, Article 5/50, or risk classification.
Classifies AI systems under EU AI Act Annex III and US-state high-risk laws. Helps identify provider vs deployer obligations and prohibited practices.