Skip to main content
Back to Blog

AI System Classification Drift: Managing Dynamic Risk Under the EU AI Act

Your internal analytics platform started as a reporting tool. Product managers used it to track feature adoption. Six months ago, the people operations team asked whether it could help with performance reviews. Engineering added a scoring module. The tool now produces numerical performance scores for individual employees that managers use to make promotion and termination decisions. Nobody formally reassessed the system's EU AI Act classification. As of August 2, 2026, it is operating as an unregistered high-risk AI system in the employment category under Annex III — without a risk management system, without technical documentation, without conformity assessment, and without human oversight controls. The penalties for non-compliance reach €15 million or 3% of global annual turnover.

Secure Privacy Logo

Secure Privacy Team

Privacy Experts

·18 min read
Share: