The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation. It uses a risk-based approach to classify AI systems into four tiers, each with different obligations. This framework is increasingly tested in EPSO competitions.
The Four Risk Levels
Unacceptable Risk (Banned)
AI systems that pose a clear threat to fundamental rights are prohibited entirely:
- Social scoring by governments (China-style citizen scoring)
- Real-time remote biometric identification in public spaces (with narrow exceptions for law enforcement)
- Manipulative AI that exploits vulnerabilities of specific groups (children, elderly)
- Emotion recognition in workplaces and educational institutions
High Risk
AI systems used in critical areas must meet strict requirements before deployment:
- Areas: recruitment/HR, credit scoring, law enforcement, migration, education, critical infrastructure
- Requirements: risk management systems, data governance, technical documentation, transparency, human oversight, accuracy/robustness/cybersecurity
- Must be registered in the EU database of high-risk AI systems
- Subject to conformity assessments (self-assessment or third-party audit)
Limited Risk (Transparency)
AI systems that interact with people must disclose their AI nature:
- Chatbots must inform users they're interacting with AI
- Deep fakes must be labelled as artificially generated
- AI-generated content must be marked when used in media
Minimal Risk
The vast majority of AI systems (spam filters, AI in games, inventory management). No specific obligations beyond existing legislation. Voluntary codes of conduct are encouraged.
General-Purpose AI Models (GPAI)
The Act also regulates foundation models and general-purpose AI. GPAI with systemic risk (trained with more than 10^25 FLOPs) face additional obligations including adversarial testing, incident reporting, and model evaluation.
Exam Focus Areas
- Know the four tiers and be able to classify example scenarios
- Understand that high-risk doesn't mean banned — it means heavily regulated
- Know the specific categories of banned AI (social scoring is the most-asked)
- The transparency tier is often confused with high-risk — chatbot disclosure is limited risk, not high risk