EU AI Act

What the EU AI Act actually means for your business.

Four risk categories. Deadlines already running. Here's what you need to know.

I care about this because “using AI right” isn't a marketing line for me — it's why I build the way I do. Governance, data protection, transparency. Not because someone made me. Because I think that's the minimum if you're going to put AI in front of real people.

The four risk categories.

Unacceptable Risk

Social scoring, real-time biometric surveillance, manipulation

Banned. Art. 5.

High Risk

HR screening, credit scoring, law enforcement, education

10 mandatory obligations. Art. 6, Annex III.

Limited Risk

Chatbots, content generation, deepfakes

Transparency obligations. Art. 50.

Minimal Risk

Spam filters, AI in games, inventory optimization

No specific obligations. Voluntary codes of conduct.

Social scoring — closer than you think.

Most people think China. Point system, surveillance, dystopian nightmare. Under the EU AI Act: banned. Category "unacceptable risk."

But the definition is broader than most realize.

A system that evaluates people based on their behavior and derives consequences from it — that's social scoring under the AI Act. No government needed. No point system needed. It's enough if an algorithm decides which customer gets priority based on behavioral data. Or if software pre-sorts job applicants — by "cultural fit" derived from social media activity or gaps in their CV.

What to look for

Does the system evaluate individuals based on their behavior? Does it derive consequences for access, treatment, or ranking? Then you're in high-risk territory — or beyond. This applies to HR tools, customer scoring systems, support prioritization, credit scoring. Anything where behavior → evaluation → consequence comes together.

Four risk categories. The boundaries are more fluid than most companies realize.

Your chatbot and Art. 50.

Probably more than you think. And it's not a high-risk issue — it's much more mundane.

Art. 50 of the EU AI Act: transparency obligation for limited-risk systems. In plain terms: if a user interacts with AI, they need to know. Not in the fine print. Not in the terms of service. Directly. Visibly. Before the interaction.

This applies to every chatbot, every AI-powered customer service, every automated communication. Regardless of company size. Regardless of B2B or B2C.

What that means in practice

A clear notice — "You are communicating with an AI assistant" — before the conversation starts. No hidden toggle in settings. No footer link. Visible, understandable, timely. Additionally: AI-generated content (images, audio, video) must be labeled as such. Machine-readable. Deepfakes featuring recognizable real people: clearly labeled.

Sounds simple. It is. Almost nobody gets it right anyway.

Not sure where your systems land? Let's look at it together.

hi@lexi-energy.com →