v2.4.0 | Report Errata
docs governance docs governance

Phase 1 determines whether the system falls within the AI Act’s scope, classifies its risk tier, and produces the Classification Decision Record. The AI System Assessor examines the system against the Article 3(1) definition of an AI system. If the system meets the definition, the Assessor classifies it against the four risk tiers: prohibited under Article 5, high-risk under Articles 6–7 and Annex III, limited risk under Article 50, or minimal risk.

For systems falling within Annex III categories, the Assessor evaluates the Article 6(3) exception by testing the functional criterion and the risk criterion separately. The Classification Reviewer independently reviews the determination. Disagreements are escalated to the AI Governance Lead for binding resolution.

Phase 1 produces the CDR (with classification determination, rationale, Article 6(3) assessment if applicable, and supporting evidence), an initial risk profile identifying triggered regulatory obligations, and the evidence pack informing the classification. The AI Governance Lead approves the CDR before Phase 2 begins. This gate prevents wasted effort: if the system is not high-risk, the subsequent phases follow a lighter pathway.

Key outputs

  • Classification Decision Record approved by AI Governance Lead
  • Initial risk profile and triggered obligations
  • Evidence pack supporting classification
  • Gate: CDR approval before Phase 2
On This Page