AT ActTier

Example packet for builders

EU AI Act risk-classification prompt-chain example

A narrow packet for teams building a chain that emits risk_level, reasoning, relevant_articles[], compliance_obligations[], and documentation_required[].

Request packet review Jump to output shape
Laptop displaying AI documentation cards beside a security questionnaire
ActTier turns classification prompts into reviewable evidence rows, not pass/fail compliance claims.
Narrow verdict

DataForSEO found no expansion for the exact documentation_required[] phrase and only one broader survivor, eu ai act risk classification, at 20 estimated monthly searches. The live SERP/GitHub evidence supports one focused example page, not a broad generic AI Act hub.

Prompt chain

A safer chain separates classification, role split, and evidence.

  1. Fact extractionCollect intended purpose, affected users, decision influence, EU exposure, provider/deployer role, data control, and whether the system touches employment, education, credit, biometrics, migration, law enforcement, critical infrastructure, or justice.
  2. Article 6 screenCheck product safety-component status, Annex III fit, Article 6(3) exceptions, profiling, confidence, and missing facts that would change the tier.
  3. Role splitSeparate provider evidence from deployer evidence, and flag dual-role SaaS cases where a vendor builds the product and also uses AI internally.
  4. Obligation mapperMap likely high-risk systems to Article 9-15 requirements, Article 16-20 provider duties, Article 26 deployer duties, and Annex IV technical documentation fields.
  5. GuardrailReturn draft classification, rationale, evidence needed, and legal-review handoff. Do not output compliant: true.

documentation_required[]

Example output row

{
  "document": "human oversight note",
  "owner_role": "deployer",
  "why_required": "Article 26 deployer oversight duty if the system is high-risk",
  "source_articles": ["Article 26", "Article 14"],
  "minimum_fields": [
    "oversight owner",
    "training and authority",
    "escalation path",
    "monitoring cadence"
  ],
  "status": "draft_needed",
  "confidence": "medium"
}

Example packet

Fields ActTier would include before review

FieldWhy it existsSource hook
Intended purposeClassification starts from intended use, not model family.Article 6; Annex III
Risk tier rationaleRecords why Annex III does or does not apply.Article 6(2)-(4)
Article 6(3) exceptionKeeps narrow procedural or preparatory tasks from being over-classified.Article 6(3)
Provider/deployer splitPrevents a single checklist from mixing builder and user duties.Chapter III obligations
Annex IV evidenceTurns technical-documentation topics into owner-ready rows.Article 11; Annex IV
Legal-review handoffKeeps the packet as a draft aid rather than a compliance decision.ActTier boundary

Official-source dates checked June 3, 2026

Timeline claims to keep out of the prompt

The European Commission says the AI Act entered into force on August 1, 2024, prohibitions and AI-literacy duties applied from February 2, 2025, and GPAI obligations applied from August 2, 2025. Its current AI Act policy page says a May 7, 2026 political agreement on the AI Omnibus sets high-risk areas including employment, education, biometrics, migration, and critical infrastructure for December 2, 2027, with product-embedded high-risk systems at August 2, 2028.

The AI Act Service Desk timeline still lists August 2, 2026 for the majority of rules and Annex III high-risk systems, but also flags the Digital Omnibus proposal. Treat dates as configuration, not prompt logic.

Official sources

Source hooks used in this packet