{"id":7055,"date":"2026-05-06T01:40:38","date_gmt":"2026-05-06T01:40:38","guid":{"rendered":"https:\/\/www.imt-soft.com\/?p=7055"},"modified":"2026-05-06T04:04:41","modified_gmt":"2026-05-06T04:04:41","slug":"eu-ai-act-compliance-risk-classification-guide","status":"publish","type":"post","link":"https:\/\/m.imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/","title":{"rendered":"EU AI Act Compliance: Risk Classification Guide"},"content":{"rendered":"\n<header class=\"Hero c-default tc-white bc-alto bc2-white pt-default pb-default mt-none mb-none bi bp-cc bpm-cc\" style=\"background-image: url('\/wp-content\/uploads\/2026\/05\/Global-AI-regulation-landscape-2026.png'); position: relative; background-size: cover; background-position: center; z-index: 100;\" alt=\"Global AI regulation landscape 2026\">\n    <div class=\"overlay\" style=\"position: absolute; top: 0; left: 0; width: 100%; height: 100%; background-color: rgba(51, 51, 51, 0.5); z-index: 50;\"><\/div>\n    <div class=\"container\" style=\"position: relative; z-index: 200;\">\n        <div class=\"Hero__inner\">\n            <div class=\"row\">\n                <div class=\"col-lg-8\">\n                    <div class=\"Heading\">\n                        <h1 class=\"Heading__title fs-default\" style=\"text-shadow: 2px 2px 6px rgba(0,0,0,0.7);\">EU &amp; Global AI Regulations for Enterprises: Risk Classification &amp; What to Do Next\n\n<\/h1>\n                    <\/div>\n<div class=\"Heading__description fs-s30\">\n                             \n                     \n<\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/header>\n\n\n\n<div class=\"wp-block-columns container mt-5 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<p>Most enterprises are still having some version of this conversation internally: &#8220;We&#8217;ll deal with AI regulation when it&#8217;s actually enforced.&#8221; That conversation is over.<\/p>\n\n\n\n<p>The EU AI Act is not a regulation on the horizon. Prohibited AI practices have been banned since February 2025. Rules for general-purpose AI models took effect in August 2025. And on August 2, 2026, the full weight of high-risk AI requirements comes into force. The fines are not theoretical: up to \u20ac35 million or 7% of global annual turnover &#8211; a ceiling that exceeds even GDPR.<\/p>\n\n\n\n<p>But the more important point isn&#8217;t the fine structure. The Act is a classification system, not a blanket ban. It sorts AI applications into risk levels and makes compliance proportionate to potential harm. The challenge &#8211; where most enterprises are currently failing &#8211; is knowing which systems sit in the high-risk category and building the right governance around them.<\/p>\n\n\n\n<p>This article maps what matters: the four risk tiers, what each one requires, a practical compliance roadmap, and how global regulations compare. If you&#8217;ve already read our piece on&nbsp;<a href=\"https:\/\/www.imt-soft.com\/en\/2026\/04\/29\/why-enterprise-ai-fails-in-production-security-data-governance-gaps\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\">Why Enterprise AI Fails in Production<\/a>, you&#8217;ll know that governance gaps are where the problems start. This is the framework that closes them.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\"><div class=\"wp-block-image d-flex  justify-content-center m-3\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"\/wp-content\/themes\/restly-child\/assets\/images\/eu-ai-act-compliance\/EU-AI-Act-compliance-framework-for-enterprises-2026.png\" alt=\"EU AI Act compliance framework for enterprises 2026\n\" style=\"width:500px;height:338px\"\/><\/figure>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column has-background is-layout-flow wp-block-column-is-layout-flow\" style=\"background-color:#f7f7f7\">\n<div class=\"wp-block-columns container pb-5 pt-5 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column pt-2 is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading mb-4\">1. Who Does the EU AI Act Actually Apply To?<\/h2>\n\n\n\n<p>The <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32024R1689\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\"><u>EU AI Act (Regulation 2024\/1689)<\/u><\/a> applies to any organisation that develops, deploys, imports, or distributes AI systems whose outputs affect people in the European Union &#8211; regardless of where that organisation is headquartered.<\/p>\n\n\n\n<p>A US fintech whose AI-powered credit tool is used by German customers is in scope. A Swiss bank using AI for loan decisions is in scope. A Vietnamese software firm building AI components for a French enterprise client is in scope. The Act follows the output, not the headquarters.<\/p>\n\n\n\n<p>The Act distinguishes two primary roles with different obligations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Providers &#8211; organisations that develop or place an AI system on the EU market. They carry the heaviest obligations: conformity assessments, technical documentation, post-market monitoring, incident reporting.<\/li>\n\n\n\n<li>Deployers &#8211; organisations using AI under their own authority, including enterprises using third-party AI tools. Lighter but non-trivial obligations: human oversight, staff training, and in some cases a Fundamental Rights Impact Assessment.<\/li>\n<\/ul>\n\n\n\n<p>One nuance worth flagging: if you significantly fine-tune an off-the-shelf model &#8211; retrain it on your data, change its intended purpose &#8211; you may become a provider under the Act, inheriting full provider obligations. Many enterprises building internal tools on foundation models are in this position without realising it.<\/p>\n\n\n\n<div class=\"info-box\">\n  <h3>Switzerland &amp; the EU AI Act\n<\/h3>\n  <p>\nSwitzerland is not an EU member, but Swiss enterprises serving EU markets are effectively within scope for their EU-facing AI deployments. KPMG Switzerland confirms the Act applies &#8220;to organisations based in Switzerland as far they use data of persons domiciled in the EU.&#8221; <a href=\"https:\/\/www.imt-soft.com\/en\/2026\/04\/14\/eu-us-banking-compliance-in-2026-a-bfsi-guide\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\">FINMA <\/a> has already begun requesting AI governance disclosures aligned with EU standards, and the Swiss Federal Council is developing national AI regulation closely mirroring the EU framework.\n\n  <\/p>\n<\/div>\n<style>\n.info-box {\n\n border-left: 6px solid #2d4f8b !important; \n  background-color: #eef3fb;\n  padding: 15px;\n  font-family: \"Times New Roman\", serif;\n}\n\n.info-box h3 {\n  color: #2d4f8b;\n  font-size: 18px;\n  margin: 0 0 10px 0;\n}\n\n.info-box p {\n  color: #333;\n  font-size: 15px;\n  margin: 0;\n  line-height: 1.5;\n}\n<\/style>\n\n\n\n<h2 class=\"wp-block-heading pb-3 pt-5\">2. The Four Risk Tiers &#8211; How the EU AI Act Classifies AI<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<p>The EU AI Act uses a&nbsp;<strong>risk-based approach to classify AI systems<\/strong>&nbsp;into four categories:<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">Unacceptable risk<\/h3>\n\n\n\n<p>AI systems that threaten fundamental rights, such as government-run social scoring systems, are banned outright.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">High risk<\/h3>\n\n\n\n<p>These include systems used in law enforcement, critical infrastructure, or those handling personal data. Developers must follow strict regulations. This includes implementing a risk management system, conducting risk assessments, and ensuring data governance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">Limited risk<\/h3>\n\n\n\n<p>Systems in this category must meet transparency requirements. For example, users must be notified when interacting with AI-generated content, such as chatbots or generative AI models.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">Minimal or low risk<\/h3>\n\n\n\n<p>These systems have minimal compliance obligations. However, they must follow basic principles of data governance and ethical AI.<\/p>\n\n\n\n<p>This risk-based framework emphasizes AI accountability measures. It encourages businesses to proactively address risks and comply with the requirements set by the Act.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\"><div class=\"wp-block-image d-flex  justify-content-center m-3\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"\/wp-content\/themes\/restly-child\/assets\/images\/eu-ai-act-compliance\/EU-AI-Act-Risk-tier-pyramid.png\" alt=\"EU AI Act Risk tier pyramid\n\" style=\"width:500px;height:338px\"\/><\/figure>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\"info-box atr-container\">\n  <h3>Note:<\/h3>\n  <p>\nGeneral Purpose AI (GPAI) models &#8211; large language models and foundation models &#8211; have their own separate obligations: training data transparency, cybersecurity standards, and for the most powerful models, systemic risk assessments. When a GPAI model is integrated into a high-risk application, the integrating organisation inherits the high-risk classification. Wrapping a public LLM in a credit decision tool does not lower its regulatory category.\n  <\/p>\n<\/div>\n<style>\n.info-box {\n  border: 2px solid #6b86b3;\n  background-color: #eef3fb;\n  padding: 15px;\n  font-family: \"Times New Roman\", serif;\n}\n\n.info-box h3 {\n  color: #2d4f8b;\n  font-size: 18px;\n  margin: 0 0 10px 0;\n}\n\n.info-box p {\n  color: #333;\n  font-size: 15px;\n  margin: 0;\n  line-height: 1.5;\n}\n<\/style>\n\n\n\n<p><\/p>\n\n\n\n<style>\n.atr-container{\nmargin-top:-10px;\nmargin-bottom:-30px;\n}\n\n.a-container{\nmargin-bottom:10px;\n}\n\n<\/style>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading container mt-5 mb-3\">3. Prohibited AI &#8211; What&#8217;s Banned Right Now<\/h2>\n\n\n\n<p class=\"container\">As of February 2, 2025, the following AI systems are banned from deployment in the EU &#8211; with no compliance pathway and fines up to \u20ac35M or 7% of global annual turnover:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column container is-layout-flow wp-block-column-is-layout-flow\">\n<ul class=\"wp-block-list\">\n<li class=\"container\">Real-time biometric identification in publicly accessible spaces (narrow law enforcement exceptions apply)<\/li>\n\n\n\n<li class=\"container\">AI that exploits psychological vulnerabilities &#8211; age, disability, financial distress &#8211; to manipulate behaviour<\/li>\n\n\n\n<li class=\"container\">Social scoring systems ranking individuals based on behaviour or personal characteristics<\/li>\n\n\n\n<li class=\"container\">Biometric categorisation based on political views, religion, or sexual orientation<\/li>\n\n\n\n<li class=\"container\">Predictive policing based purely on profiling, without individual behavioural data<\/li>\n\n\n\n<li class=\"container\">Emotion recognition in workplaces and educational institutions (non-safety purposes)<\/li>\n\n\n\n<li class=\"container\">Untargeted facial image scraping from the internet or CCTV to build recognition databases<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns px-3 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"info-box container\">\n  <h3>Action Required\n<\/h3>\n  <p>\nBefore procuring any AI vendor&#8217;s product &#8211; especially in security, HR, or customer analytics &#8211; legal review must happen before technical development or deployment begins. Deploying and then unwinding a prohibited system costs far more than the prior assessment.\n\n\n  <\/p>\n<\/div>\n<style>\n.info-box {\n  border: 2px solid #6b86b3;\n  background-color: #eef3fb;\n  padding: 15px;\n  font-family: \"Times New Roman\", serif;\n}\n\n.info-box h3 {\n  color: #2d4f8b;\n  font-size: 18px;\n  margin: 0 0 10px 0;\n}\n\n.info-box p {\n  color: #333;\n  font-size: 15px;\n  margin: 0;\n  line-height: 1.5;\n}\n<\/style>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-columns pt-3 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading container mb-3\">4. High-Risk AI &#8211; What Compliance Actually Requires<\/h2>\n\n\n\n<p class=\"container\">This is where most enterprises get caught off guard. High-risk AI is not limited to facial recognition or autonomous weapons. It covers most AI investment in financial services, HR technology, and healthcare &#8211; including systems many organisations are already running.<\/p>\n\n\n\n<p class=\"container\">For each high-risk system, compliance requires &#8211; before deployment:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"container\">Risk management system: Maintained throughout the entire AI lifecycle &#8211; not a one-time assessment<\/li>\n\n\n\n<li class=\"container\">Data governance: Training data must be representative, documented, and audited for bias<\/li>\n\n\n\n<li class=\"container\">Technical documentation: System architecture, training approach, evaluation results &#8211; kept current<\/li>\n\n\n\n<li class=\"container\">Automatic logging: Every decision, data input, and model version in production must be traceable<\/li>\n\n\n\n<li class=\"container\">Human oversight: A person must be able to override or halt the AI &#8211; built into architecture, not retrofitted<\/li>\n\n\n\n<li class=\"container\">Conformity assessment&nbsp;+ EU database registration: Before the system goes live<\/li>\n\n\n\n<li class=\"container\">AI literacy: All staff operating AI systems must have documented adequate training<\/li>\n<\/ul>\n\n\n\n<p class=\"container\">Non-compliance with high-risk obligations carries fines up to \u20ac15M or 3% of global annual turnover &#8211; separate from, and stackable with, GDPR penalties. GDPR compliance does not satisfy the EU AI Act: GDPR governs data processing; the AI Act governs how AI systems behave and are overseen. For high-risk AI that also processes personal data, both frameworks apply simultaneously.<\/p>\n\n\n\n<h2 class=\"wp-block-heading pt-4 container pb-3\">5. Mapping Common AI Use Cases to Risk Levels<\/h2>\n\n\n\n<p class=\"container\">Before you build a compliance program, you need to know where your AI systems actually sit. <a style=\"color:#0d6efd;\" href=\"https:\/\/secureprivacy.ai\/blog\/eu-ai-act-implementation-guide\" target=\"_blank\" rel=\"noopener\"><u>A study<\/u><\/a> of 106 enterprise AI systems found that 40% had unclear risk classifications. That ambiguity is not a defensible position with regulators.<\/p>\n\n\n\n<div class=\"container mt-5 mb-5\">\n<table class=\"custom-table\">\n  <thead>\n    <tr>\n      <th>Use Case<\/th>\n      <th>Risk Tier<\/th>\n      <th>Key Trigger<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr class=\"risk-high\">\n      <td>CV screening \/ hiring AI<\/td>\n      <td>High Risk<\/td>\n      <td>Employment decisions<\/td>\n    <\/tr>\n    <tr class=\"risk-high\">\n      <td>Credit scoring \/ loan decisions<\/td>\n      <td>High Risk<\/td>\n      <td>Financial access decisions<\/td>\n    <\/tr>\n    <tr class=\"risk-high\">\n      <td>AI medical diagnosis support<\/td>\n      <td>High Risk<\/td>\n      <td>Health &amp; safety impact<\/td>\n    <\/tr>\n    <tr>\n      <td>Fraud detection (flagging only, human review)<\/td>\n      <td>Likely Minimal<\/td>\n      <td>No direct rights impact if human reviews every flag<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n<\/div>\n<style>\n.custom-table {\n  width: 100%;\n  border-collapse: collapse;\n  font-size: 15px;\n}\n.risk-limited {\n  background-color: #dbeafe !important; \/* Xanh d\u01b0\u01a1ng nh\u1ea1t *\/\n}\n\n.risk-high {\n  background-color: #ffedd5 !important; \/* Cam\/V\u00e0ng nh\u1ea1t *\/\n}\n\n.risk-minimal {\n  background-color: #dcfce7 !important; \/* Xanh l\u00e1 nh\u1ea1t *\/\n}\n.custom-table thead {\n  background-color: #2d4f8b;\n  color: #fff;\n}\n\n.custom-table th {\n  text-align: left;\n  padding: 10px;\n  font-weight: bold;\n}\n\n.custom-table td {\n  padding: 10px;\n  border-bottom: 1px solid #ddd;\n}\n\n.custom-table tr:nth-child(even) {\n  background-color: #f5f7fb;\n}\n\n.custom-table tr:hover {\n  background-color: #eef3fb;\n}\n<\/style>\n\n\n\n<div class=\"container mt-5 mb-5\">\n<table class=\"custom-table\">\n  <thead>\n    <tr>\n      <th>Use Case<\/th>\n      <th>Risk Tier<\/th>\n      <th>Key Trigger<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr class=\"risk-limited\">\n      <td>Customer service chatbot\n<\/td>\n      <td>Limited Risk\n\n<\/td>\n      <td>Transparency obligation &#8211; must disclose AI interaction\n\n<\/td>\n    <\/tr>\n    <tr class=\"risk-high\">\n      <td>LLM integrated into credit decision workflow\n<\/td>\n      <td>High Risk<\/td>\n      <td>Use case inherits high-risk tier regardless of model\n<\/td>\n    <\/tr>\n    <tr class=\"risk-minimal\">\n      <td>Internal document summarisation\n<\/td>\n      <td>Minimal Risk\n<\/td>\n      <td>No decisions about people; no sensitive data\n<\/td>\n    <\/tr>\n    <tr class=\"risk-high\">\n      <td>Employee performance monitoring AI\n<\/td>\n      <td>High Risk\n<\/td>\n      <td>Employment evaluation decisions\n<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n<\/div>\n\n\n\n<p class=\"container\">The pattern to watch: LLMs and GenAI tools are not inherently high-risk. But when integrated into high-risk workflows &#8211; credit decisions, hiring, medical triage &#8211; the integrating organisation inherits the high-risk classification. <a href=\"https:\/\/www.imt-soft.com\/en\/2026\/04\/14\/eu-us-banking-compliance-in-2026-a-bfsi-guide\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\"><u>Our case studies<\/u><\/a> show how this plays out in BFSI and healthcare environments specifically.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column mb-5 has-background is-layout-flow wp-block-column-is-layout-flow\" style=\"background-color:#f7f7f7\">\n<div class=\"wp-block-columns container pb-5 pt-5 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column at-container pt-2 is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading mb-3\">6. Global AI Regulations &#8211; Where Other Markets Stand<\/h2>\n\n\n\n<p>The EU AI Act is the most comprehensive AI regulation in force &#8211; but not the only one. For organisations with multi-jurisdictional deployments, EU compliance is the highest common denominator worth building around.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<h3 class=\"wp-block-heading pt-3 pb-3\"><strong>United States<\/strong><\/h3>\n\n\n\n<p>No federal AI law equivalent to the EU AI Act as of 2026. The Biden Executive Order on AI was substantially rolled back in early 2025. What remains: FDA guidance on AI in medical devices, CFPB rules on AI credit decisions, EEOC guidance on AI hiring, and active state-level legislation in California, Colorado, Illinois, and Texas. Meeting EU AI Act standards largely satisfies existing US sector-specific requirements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\"><strong>United Kingdom<\/strong><\/h3>\n\n\n\n<p>Deliberately pro-innovation. The UK relies on existing regulators (FCA, CMA, ICO) applying AI principles sector by sector rather than a cross-sector law. UK firms selling AI to EU customers must still comply with the EU AI Act regardless.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\"><div class=\"wp-block-image d-flex  justify-content-center m-3\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"\/wp-content\/themes\/restly-child\/assets\/images\/eu-ai-act-compliance\/Global-AI-regulation-landscape-2026.png\" alt=\"Global AI regulation landscape 2026\n\" style=\"width:500px;height:338px\"\/><\/figure>\n<\/div><\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\"><strong>China<\/strong><\/h3>\n\n\n\n<p>China has moved fastest outside the EU. Generative AI Regulation (effective August 2023), algorithm transparency requirements, and mandatory government registration for certain systems are already in force. China requires a separate compliance track &#8211; EU and Chinese obligations do not transfer between frameworks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\"><strong>India &amp; Vietnam<\/strong><\/h3>\n\n\n\n<p class=\"pb-3\">India&#8217;s Digital Personal Data Protection Act and 2024 AI governance framework take a principles-based approach directionally consistent with EU standards. Vietnam&#8217;s AI strategy through 2030 explicitly references international standards including EU frameworks &#8211; and for Vietnamese software companies supplying AI components to EU or US clients, alignment with international governance standards is increasingly a market access condition.<\/p>\n\n\n\n<div class=\"info-box mt-3\">\n  <h3>The Bottom Line on Global AI Regulation\n<\/h3>\n  <p>\nIf your enterprise operates across borders &#8211; or if you use AI vendors headquartered outside your jurisdiction &#8211; you&#8217;re almost certainly subject to multiple overlapping regulatory frameworks. Building compliance around the EU AI Act gives you a strong foundation that transfers well to other regimes. It&#8217;s the highest common denominator worth planning for.\n\n  <\/p>\n<\/div>\n<style>\n.info-box {\n  border: 2px solid #6b86b3;\n  background-color: #eef3fb;\n  padding: 15px;\n  font-family: \"Times New Roman\", serif;\n}\n\n.info-box h3 {\n  color: #2d4f8b;\n  font-size: 18px;\n  margin: 0 0 10px 0;\n}\n\n.info-box p {\n  color: #333;\n  font-size: 15px;\n  margin: 0;\n  line-height: 1.5;\n}\n<\/style>\n\n\n\n<h2 class=\"wp-block-heading pt-5 pb-3\">7. Enterprise AI Compliance Roadmap<\/h2>\n\n\n\n<p>EU AI Act compliance is an engineering project with legal requirements &#8211; not a legal project with technical footnotes. It requires your CTO, legal counsel, data teams, and business leads working from the same classification framework.<\/p>\n\n\n\n<div class=\"wp-block-columns pb-1 is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<p><strong>Step 1:<\/strong> Inventory all AI systems &#8211; including third-party tools and <a href=\"https:\/\/www.imt-soft.com\/en\/company\/blogs\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\"><u>shadow AI<\/u><\/a> (GenAI tools in use without IT approval). You cannot classify what you haven&#8217;t found.<\/p>\n\n\n\n<p><strong>Step 2:<\/strong> Classify each system by risk tier &#8211; apply the EU AI Act framework to every system. For borderline cases, lean conservative. Misclassifying a high-risk system costs far more than a few extra compliance steps.<\/p>\n\n\n\n<p><strong>Step 3:<\/strong> Run conformity assessments for high-risk AI &#8211; technical documentation, bias testing, data governance review. Document everything. This needs to be maintained, not filed away.<\/p>\n\n\n\n<p><strong>Step 4:<\/strong> Build human oversight into architecture &#8211; high-risk AI decisions must have an override mechanism. This cannot be retrofitted; it needs to be in the design.<\/p>\n\n\n\n<p><strong>Step 5:<\/strong> Establish audit logging &#8211; every decision, every data input, every model version in production must be traceable. If you can&#8217;t reconstruct why the AI made a specific decision, your audit trail isn&#8217;t good enough.<\/p>\n\n\n\n<p><strong>Step 6:<\/strong> Issue and enforce a GenAI usage policy &#8211; document which AI tools employees are authorised to use, for what purposes, and with what data. Access controls, not just guidelines.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\"><div class=\"wp-block-image d-flex  justify-content-center m-3\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"\/wp-content\/themes\/restly-child\/assets\/images\/eu-ai-act-compliance\/enterprise-eu-ai-act-compliance-roadmap-2026.png\" alt=\"Enterprise EU AI Act compliance roadmap 2026\" style=\"width:500px\"\/><\/figure>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\"info-box\">\n  <p>\nIf you&#8217;re in financial services, insurance, or healthcare and want to understand what full compliance looks like in your specific sector, <a href=\"https:\/\/www.imt-soft.com\/en\/contact\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\">talk to our team<\/a>. This is exactly the kind of multi-framework challenge we work through with clients.\n\n  <\/p>\n<\/div>\n<style>\n.info-box {\n  border: 2px solid #6b86b3;\n  background-color: #eef3fb;\n  padding: 15px;\n  font-family: \"Times New Roman\", serif;\n}\n\n.info-box h3 {\n  color: #2d4f8b;\n  font-size: 18px;\n  margin: 0 0 10px 0;\n}\n\n.info-box p {\n  color: #333;\n  font-size: 15px;\n  margin: 0;\n  line-height: 1.5;\n}\n<\/style>\n<\/div>\n<\/div>\n\n\n\n<style>\n.at-container{\nmargin-top:-10px;\n}\n\n.a-container{\nmargin-bottom:10px;\n}\n.atd-container{\nmargin-top:-20px;\n}\n<\/style>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns container is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center atd-container is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading pb-3 atd-container\">8. Conclusion<\/h2>\n\n\n\n<p>The EU AI Act is not coming &#8211; it&#8217;s here. The prohibited AI provisions are already enforced. The high-risk deadline is running. And if your enterprise operates across borders, you&#8217;re navigating multiple overlapping regulatory frameworks at once.<\/p>\n\n\n\n<p>The organisations that get this right won&#8217;t just avoid fines. They&#8217;ll build AI systems that are more reliable, more auditable, and more trusted &#8211; by regulators, clients, and the markets they operate in. The window to build compliance in rather than retrofit it afterward is narrowing fast.<\/p>\n\n\n\n<p>Navigating the complexities of the&nbsp;<strong>EU AI Act&nbsp;<\/strong>can be challenging, but you don\u2019t have to do it alone. IMT Solutions\u2019s expertise in AI regulatory compliance, governance, and certification ensures your AI systems meet the highest standards of safety and ethics.<\/p>\n\n\n\n<p>If you want to take a step further and advance your organization\u2019s AI maturity and compliance readiness, check out our&nbsp;<a href=\"https:\/\/www.imt-soft.com\/en\/company\/case-studies\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\"><u>case studies<\/u><\/a>&nbsp;to prepare for emerging AI regulations.&nbsp;Partner with IMT Solutions to ensure your AI systems are compliant, trustworthy, and future-proof. <a href=\"https:\/\/www.imt-soft.com\/en\/contact\/\" target=\"_blank\" rel=\"noopener\" style=\"color:#0d6efd;\"><u>Contact us<\/u><\/a> today to learn how we can support your AI journey.<\/p>\n\n\n\n<h2 class=\"wp-block-heading pt-4\">9. FAQ: EU AI Act Compliance for Enterprises<\/h2>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">What is the EU AI Act and who does it apply to?<\/h3>\n\n\n\n<p>The EU AI Act (Regulation 2024\/1689) is the world&#8217;s first comprehensive legal framework for artificial intelligence, entered into force August 1, 2024, with phased enforcement through 2027. It applies to any organisation &#8211; regardless of headquarters location &#8211; that develops, deploys, imports, or distributes AI systems whose outputs affect people in the EU. This includes US companies with EU customers, Swiss banks using AI for credit decisions, and Asian software vendors supplying AI components to European clients.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">What AI systems are prohibited under the EU AI Act?<\/h3>\n\n\n\n<p>Since February 2, 2025, the EU AI Act bans: real-time biometric identification in public spaces; social scoring systems; AI exploiting psychological vulnerabilities to manipulate behaviour; biometric categorisation based on political views, religion, or sexual orientation; predictive policing based purely on profiling; emotion recognition in workplaces and educational institutions for non-safety purposes; and untargeted facial image scraping to build recognition databases. Violations carry fines up to \u20ac35 million or 7% of global annual turnover.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">What makes an AI system &#8216;high risk&#8217; under the EU AI Act?<\/h3>\n\n\n\n<p>An AI system is high risk when used in a domain where errors, bias, or opacity could cause significant harm to health, safety, or fundamental rights. High-risk include credit scoring, loan decisions, employment screening, medical diagnosis support, critical infrastructure management, law enforcement tools, border control, and educational access decisions. Classification is based on use case, not technology &#8211; the same model can be minimal risk in one deployment and high risk in another.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">How does Switzerland fit into EU AI Act compliance?<\/h3>\n\n\n\n<p>Switzerland is not an EU member state, but Swiss enterprises are effectively within scope of the EU AI Act if they deploy AI systems affecting people in the EU &#8211; which covers most Swiss banks, insurers, and software companies serving European markets. KPMG Switzerland confirms the Act applies &#8220;to organisations based in Switzerland as far they use data of persons domiciled in the EU.&#8221; FINMA has already begun requesting AI governance disclosures aligned with EU standards.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">Does GDPR compliance satisfy the EU AI Act?<\/h3>\n\n\n\n<p>No. GDPR governs how personal data is collected, stored, and processed. The EU AI Act governs how AI systems are designed, make decisions, and are overseen. For high-risk AI systems that also process personal data, both frameworks apply simultaneously. Fines under each are independent and can stack.<\/p>\n\n\n\n<h3 class=\"wp-block-heading pt-3 pb-3\">How does the EU AI Act affect small businesses and startups?<\/h3>\n\n\n\n<p>Recognizing the diverse capacities of organizations, the EU AI Act incorporates proportional requirements to minimize the regulatory burden on small businesses and startups. This approach ensures that while compliance is mandatory, the obligations are scaled according to the size and resources of the organization, thereby supporting innovation and competitiveness among smaller entities (PWC, 2024).&nbsp;<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>EU &amp; Global AI Regulations for Enterprises: Risk Classification &amp; What to Do Next Most enterprises are still having some version of this conversation internally: &#8220;We&#8217;ll deal with AI regulation when it&#8217;s actually enforced.&#8221; That conversation is over. The EU AI Act is not a regulation on the horizon. Prohibited AI practices have been banned [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":7056,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[331,9],"tags":[349,343,345,351,350,342,348,352,347,346,353,344],"class_list":["post-7055","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai","category-latest","tag-ai-governance-framework","tag-ai-regulation-compliance-roadmap","tag-ai-risk-level-mapping-enterprise","tag-ai-risk-tiers","tag-algorithmic-accountability","tag-eu-ai-act-high-risk-classification","tag-finma-ai-guidance","tag-foundation-models","tag-gdpr-ai","tag-global-ai-regulations-comparision","tag-gpai","tag-prohibited-ai-systems-eu"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>EU AI Act Compliance: Risk Classification Guide - IMT Solutions<\/title>\n<meta name=\"description\" content=\"EU AI Act compliance is not optional. here&#039;s how the EU AI Act classifies risk, what global regulations say, and how enterprises should act now.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"EU AI Act Compliance: Risk Classification Guide - IMT Solutions\" \/>\n<meta property=\"og:description\" content=\"EU AI Act compliance is not optional. here&#039;s how the EU AI Act classifies risk, what global regulations say, and how enterprises should act now.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"IMT Solutions\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/IMTSolutions\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-06T01:40:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-06T04:04:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/imt-soft.com\/wp-content\/uploads\/2026\/05\/eu-ai-act-compliance.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Same\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@imtsolutions\" \/>\n<meta name=\"twitter:site\" content=\"@imtsolutions\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Same\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/\",\"url\":\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/\",\"name\":\"EU AI Act Compliance: Risk Classification Guide - IMT Solutions\",\"isPartOf\":{\"@id\":\"https:\/\/m.imt-soft.com\/en\/#website\"},\"datePublished\":\"2026-05-06T01:40:38+00:00\",\"dateModified\":\"2026-05-06T04:04:41+00:00\",\"author\":{\"@id\":\"https:\/\/m.imt-soft.com\/en\/#\/schema\/person\/b8fb7884be67bc626337d244534ff356\"},\"description\":\"EU AI Act compliance is not optional. here's how the EU AI Act classifies risk, what global regulations say, and how enterprises should act now.\",\"breadcrumb\":{\"@id\":\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/m.imt-soft.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"EU AI Act Compliance: Risk Classification Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/m.imt-soft.com\/en\/#website\",\"url\":\"https:\/\/m.imt-soft.com\/en\/\",\"name\":\"IMT Solutions\",\"description\":\"Trusted IT Outsourcing Provider\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/m.imt-soft.com\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/m.imt-soft.com\/en\/#\/schema\/person\/b8fb7884be67bc626337d244534ff356\",\"name\":\"Same\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/m.imt-soft.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8aa8588132dea02c1c1a16daa2e90d82743e63ea1164ddc2b6394305843cf5fc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8aa8588132dea02c1c1a16daa2e90d82743e63ea1164ddc2b6394305843cf5fc?s=96&d=mm&r=g\",\"caption\":\"Same\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"EU AI Act Compliance: Risk Classification Guide - IMT Solutions","description":"EU AI Act compliance is not optional. here's how the EU AI Act classifies risk, what global regulations say, and how enterprises should act now.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/","og_locale":"en_US","og_type":"article","og_title":"EU AI Act Compliance: Risk Classification Guide - IMT Solutions","og_description":"EU AI Act compliance is not optional. here's how the EU AI Act classifies risk, what global regulations say, and how enterprises should act now.","og_url":"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/","og_site_name":"IMT Solutions","article_publisher":"https:\/\/www.facebook.com\/IMTSolutions\/","article_published_time":"2026-05-06T01:40:38+00:00","article_modified_time":"2026-05-06T04:04:41+00:00","og_image":[{"width":800,"height":600,"url":"https:\/\/imt-soft.com\/wp-content\/uploads\/2026\/05\/eu-ai-act-compliance.png","type":"image\/png"}],"author":"Same","twitter_card":"summary_large_image","twitter_creator":"@imtsolutions","twitter_site":"@imtsolutions","twitter_misc":{"Written by":"Same","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/","url":"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/","name":"EU AI Act Compliance: Risk Classification Guide - IMT Solutions","isPartOf":{"@id":"https:\/\/m.imt-soft.com\/en\/#website"},"datePublished":"2026-05-06T01:40:38+00:00","dateModified":"2026-05-06T04:04:41+00:00","author":{"@id":"https:\/\/m.imt-soft.com\/en\/#\/schema\/person\/b8fb7884be67bc626337d244534ff356"},"description":"EU AI Act compliance is not optional. here's how the EU AI Act classifies risk, what global regulations say, and how enterprises should act now.","breadcrumb":{"@id":"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/imt-soft.com\/en\/2026\/05\/06\/eu-ai-act-compliance-risk-classification-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/m.imt-soft.com\/en\/"},{"@type":"ListItem","position":2,"name":"EU AI Act Compliance: Risk Classification Guide"}]},{"@type":"WebSite","@id":"https:\/\/m.imt-soft.com\/en\/#website","url":"https:\/\/m.imt-soft.com\/en\/","name":"IMT Solutions","description":"Trusted IT Outsourcing Provider","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/m.imt-soft.com\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/m.imt-soft.com\/en\/#\/schema\/person\/b8fb7884be67bc626337d244534ff356","name":"Same","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/m.imt-soft.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8aa8588132dea02c1c1a16daa2e90d82743e63ea1164ddc2b6394305843cf5fc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8aa8588132dea02c1c1a16daa2e90d82743e63ea1164ddc2b6394305843cf5fc?s=96&d=mm&r=g","caption":"Same"}}]}},"_links":{"self":[{"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/posts\/7055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/comments?post=7055"}],"version-history":[{"count":4,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/posts\/7055\/revisions"}],"predecessor-version":[{"id":7061,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/posts\/7055\/revisions\/7061"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/media\/7056"}],"wp:attachment":[{"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/media?parent=7055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/categories?post=7055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m.imt-soft.com\/en\/wp-json\/wp\/v2\/tags?post=7055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}