EU AI Act Explained: Obligations, Risk Tiers, and What to Do Next

The EU AI Act introduces a tiered regulatory framework for artificial intelligence. Understanding which tier your business falls into is the starting point for knowing what you need to do.

Certain uses of AI are prohibited entirely under the Act:

• AI systems that manipulate people through subliminal techniques.
• Social scoring systems that evaluate individuals based on behaviour.
• Real-time biometric identification in publicly accessible spaces.
• AI that exploits vulnerabilities of specific groups.

These bans have been in force since February 2025.

High-risk AI systems are listed in Annex III of the Act. They include AI used in:

• Recruitment and CV screening.
• Credit scoring and insurance risk assessment.
• Healthcare diagnosis and treatment.
• Educational assessment.
• Law enforcement and border control.
• Access to essential public services.

If your business uses AI in any of these areas, your obligations include a Fundamental Rights Impact Assessment, Risk Management Plan, Conformity Self-Assessment, Human Oversight procedures, and technical documentation.

Businesses using AI chatbots or generating AI content must disclose that AI is involved:

• Tell users when they are talking to an AI.
• Label AI-generated content.
• Disclose when AI has been used to generate synthetic media.

Most AI applications fall here — spam filters, AI-powered recommendations, basic automation. An AI Acceptable Use Policy is still recommended as evidence of governance.

Even if you don’t operate high-risk AI, Article 4 of the Act requires all businesses deploying AI to ensure their staff have sufficient AI literacy. In practice this means:

• An AI Acceptable Use Policy.
• AI Literacy training records.
• Transparency disclosures where AI interacts with customers.
• A record of the AI systems your business uses and why.

Recruitment AI is explicitly listed as high-risk under Annex III. If you use any AI tool to screen CVs, rank candidates, or assist in hiring decisions, you are operating a high-risk AI system regardless of your business size. You need the full High-Risk Ready pack as a minimum.

Use our free compliance risk check to identify your tier and your specific obligations in under two minutes at clausely.co.uk/compliance-checker.

If you already know your tier, go straight to the relevant pack — Essentials Pack at £399 (clausely.co.uk/packs/essentials), Professional Pack at £899 (clausely.co.uk/packs/professional), or High-Risk Ready Pack at £2,499 (clausely.co.uk/packs/high-risk).