00:09
Briefly
Imagine a large hospital somewhere in Europe. AI is everywhere. An AI system helps radiologists read scans. Another routes emergency calls to the right responders. A chatbot answers patient questions about parking and navigating the hospital. Software in the HR department screens job applicants for open nursing roles. And recently, management is considering installing a new camera system that would monitor nurses facial expressions to measure how engaged they seem during their shifts under the EU AI Act. These all involve different levels of legal, prohibited, high risk, limited risk and minimal risk. Rather than treating every AI system the same, the act takes a risk based approach. The more risk a system poses to people's health, safety or fundamental rights, the more regulation it faces. It's a continuum. On one side of the scale, low risk tools are left largely alone by the law.

01:15
Briefly
On the other side, the riskiest are banned outright. The act sorts AI systems into four tiers. First is prohibited AI. These are systems the EU has decided are simply incompatible with European values. They cannot be deployed in the EU at all. For example, AI that uses subliminal or manipulative techniques to distort someone's behavior in a way that causes significant harm. Untargeted scraping of facial images to build massive recognition databases. AI that infers emotions in the workplace or in schools outside of narrow medical uses and biometric categorization that infers sensitive traits like race, political views or union membership. That proposed camera system falls squarely into this tier. Inferring emotions in the workplace is off limits. Next sits the largest and most consequential tier, High risk AI. These systems are allowed but carry substantial legal obligations like risk management, human oversight and data quality standards.

02:27
Briefly
High risk AI comes in two buckets. The first covers AI built into products already regulated under EU product safety law. Medical devices, vehicles, industrial machinery. If a product is already regulated for safety, the AI it uses inherits its high risk status. Our hospital's AI assisted MRI reader is a good example. It's embedded in a medical device which is already regulated, so it falls into the high risk category. The second sub bucket is defined by use case. The the act lists eight areas where AI is treated as high risk because of what it's being used.

03:09
Briefly
Biometric identification and categorization critical infrastructure like energy grids and water supply education and vocational training employment decisions including hiring, promotion and termination access to essential private and public services such as health insurance and emergency dispatch law enforcement, migration, asylum and border control and the administration of justice and democratic processes including elections. Our hospital lights up several of these at once. The emergency call routing system sits in access to essential Public services. The HR tool, screening nursing applicants sits in employment. If the hospital insurer uses AI to make coverage decisions, it's an essential private service. To recap, high risk AI comes in two buckets, one for products already regulated and one for a set of specific use cases. Next is what's commonly called limited risk AI.

04:14
Briefly
The ACT doesn't use that label itself, but it imposes specific transparency obligations on systems where the main concern is that people might not realize they're dealing with AI or AI generated content. Think chatbots, image generators, and other content generating tools. Our hospital's parking chatbot sits in this category. Limited risk rules are mostly about disclosure. Users have to be told when they are interacting with AI, and AI generated content has to be labeled. And then there's everything else. Minimal risk AI, spam filters, inventory optimization, video game bots, things like that. In our hospital, this could be an operating room scheduler or a surgical supply reorder tool. The ACT largely leaves these alone. So back to our hospital. AI can sit anywhere on this continuum, depending on what it's doing and who it's affecting.

05:14
Briefly
The radiology scanner, the break room camera, and the parking lot chatbot are all AI. One is allowed with strict obligations, another with disclosure. The other isn't allowed at all. The EU AI Act's central idea is that the law should meet the level of risk. Understand the risk tier and you understand which set of rules applies.

<div style="padding:56.25% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/1200787807?badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479" frameborder="0" allow="autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share" referrerpolicy="strict-origin-when-cross-origin" style="position:absolute;top:0;left:0;width:100%;height:100%;" title="ai_risk_categories_v1 (1080p)"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>