https://ia-act.wariss-paraiso.com · AI Act Express

AI system classification sheet
AI Act - Regulation (EU) 2024/1689 · one sheet per system · to be reviewed after each substantial modification

1. Identification

System name
Identifier in the AI system register
Version assessed / planned putting-into-service date
Date of this sheet
Author
Contributors (business, legal, technical)

2. Description of the system and its use

Business purpose (what is it for?)
Users (who uses it?)
Persons affected by the outputs
Input data (personal? sensitive?)
Outputs produced (prediction, content, recommendation, decision)
Underlying provider / product / model (GPAI?)

3. Qualification as an "AI system" (Art. 3(1))

T1 - Inference: are the outputs inferred from a learned model (and not from fixed human-written rules)?YesNo Evidence:
T2 - Outputs: predictions, content, recommendations or decisions?YesNo Evidence:
T3 - Autonomy: outputs produced without prior human validation?YesNo Evidence:
Conclusion: AI system within the meaning of the Regulation?Yes (T1 and T2 = yes)No → sheet closed, archive the evidence

4. Scope (Art. 2) and legacy status (Art. 111)

Exclusively military / defence / national security use?Yes → out of scope (Art. 2(3))No
Scientific R&D before placing on the market (no external users in real-world conditions)?Yes → out of scope (Art. 2(6)-(8))No
Strictly personal, non-professional use?Yes → out of scope (Art. 2(10))No
Open-source release (outside prohibited / high-risk / Art. 50 / systemic GPAI)?Yes → partial exemption (Art. 2(12))No
Date of first placing on the market / putting into service (evidence)
High-risk system already on the market before the application date of its regime?Yes → deferred until a significant change in design (Art. 111(2))No
Significant change in design since then?Yes - date:No → monitor
Post-omnibus deadlines (June 2026): Annex III → 2 December 2027; Annex I → 2 August 2028; Art. 50 → 2 August 2026 unchanged; public authorities (Art. 111(2)) → 2 August 2030; GPAI placed on the market before 02/08/2025 → 02/08/2027.

5. Role of the organisation (Art. 3 and 25)

Role retainedProviderDeployerImporterDistributor
Switch: is your name or trademark affixed to the system?YesNo
Switch: has a substantial modification been made?YesNo Which one:
Switch: has the intended purpose been changed towards a high-risk use?YesNo
A "yes" to any of the three switch questions = the organisation becomes the provider of the system (Art. 25).

6. Prohibited practices (Art. 5) - 9 closed questions

A1 - Subliminal or deceptive manipulation causing significant harm?YesNo
A2 - Exploitation of vulnerabilities (age, disability, social/economic situation)?YesNo
A3 - Social scoring with unjustified unfavourable treatment?YesNo
A4 - Individual crime prediction through profiling alone?YesNo
A5 - Untargeted scraping of facial images?YesNo
A6 - Emotion recognition in the workplace / in education (outside medical or safety)?YesNo
A7 - Biometric categorisation of sensitive attributes?YesNo
A8 - Real-time remote biometric identification, publicly accessible spaces, law enforcement purposes?YesNo
A9 - Generation or dissemination of non-consensual intimate imagery or child sexual abuse material (omnibus, applicable on 02/12/2026)?YesNo

If a single "yes": prohibited use (applicable since 2 February 2025). Dated stop decision, evidence retained, sheet closed.

7. High risk

7a. Annex I: product / safety component covered by harmonisation legislation with third-party assessment?YesNo Applicable text:
7b. Annex III: area concerned?1 Biometrics2 Critical infrastructure3 Education4 Employment/HR5 Essential services6 Law enforcement7 Migration8 Justice/democracyNone
Precise point of Annex III (quotation)
7c. Art. 6(3) exemption invoked?D1 narrow procedural taskD2 improves a human resultD3 detects patterns without replacing the humanD4 preparatory taskNot invoked
Safeguard: does the system perform profiling of natural persons?Yes → exemption impossible, high riskNo
Exemption analysis (summary + reference of the dated document)
EU registration (Art. 49(2)) if the exemption is retainedDone on:To be done before putting into service

8. Transparency (Art. 50)

E1 - Direct interaction of people with the system?YesNo Planned information measure:
E2 - Generation of synthetic content?YesNo Planned marking:
E3 - Emotion recognition / lawful biometric categorisation?YesNo
E4 - Deepfake or text informing the public without human review?YesNo

9. Conclusion

Category retainedProhibitedHigh risk (Annex I)High risk (Annex III)TransparencyMinimal riskOutside the AI Act
Additional transparency obligations (Art. 50)?YesNo
Obligations triggered (list)
FRIA (Art. 27) required?Yes - deadline:No
DPIA (GDPR) required?Yes - deadline:No
Applicable regulatory deadline

10. Validation and review

AI Act lead (name, date, signature)
Legal / DPO (name, date, signature)
AI committee decision (if borderline case - reference)
Next review (≤ 12 months or upon substantial modification)