User Handbook

Risk Classification

Classify agents per EU AI Act Art. 6 / Annex III

When is Classification Done?

Risk classification occurs in Step 3 of the agent wizard. It can be changed later in the agent drawer (triggers re-evaluation of all compliance requirements).

The Three Risk Levels

Level	Criterion	Additional Obligations
Minimal	No Annex III use case	Basic governance sufficient
Limited	Transparency obligations (Art. 50)	Users must know they're interacting with AI
High	Annex III domain (Biometrics, Critical Infrastructure, Education, Employment, Public Services, Law Enforcement, Migration, Justice)	Full documentation, FRIA, mandatory responsibility chain, attestation always on-chain

Impact of Risk Level

High-Risk means:

Responsibility chain becomes mandatory (all 3 roles)
FRIA must be completed before the agent can be activated
Blockchain attestation is always on-chain (not configurable)
Evidence packages contain additional documentation (Art. 9-15 controls matrix)
Incident reporting obligation to supervisory authority (Art. 62)

Minimal/Limited means:

Responsibility chain recommended but optional
FRIA not required
Blockchain attestation configurable
Standard compliance sufficient

Compliance Gap Advisor

Automatic analysis of policy configuration for regulatory gaps

Controls Matrix

EU AI Act Articles 9-15 — fulfillment level and mapped policies

On this page

When is Classification Done?The Three Risk Levels Impact of Risk Level High-Risk means:Minimal/Limited means: