# EU AI Act Classification Memo

_One memo per workforce AI system_

> This memo records the EU AI Act classification position for a single workforce AI system: whether it falls under the Article 50 transparency obligations (applying from 2 August 2026), whether its use places it in Annex III point 4 (the high-risk regime for employment, applying to standalone systems from 2 December 2027), whether the Article 6 derogation is claimed, and what would change the answer. Keep the completed memo with your AI governance records and revisit it when the Commission's final classification guidelines land.

> This document is a structured record of reasoning, not legal advice. Take this reasoning to your counsel.

## 1. System identification

**System name and vendor**

_[fill in]_

**Your role under the Act**

_Provider, deployer, or both. Providers build or substantially modify the system; deployers use it under their own authority. Embedding a vendor's system transfers the provider obligations to the vendor — the deployer obligations stay with you regardless of what you buy._

_[fill in]_

**Intended purpose as documented**

_Quote the vendor's stated intended purpose or instructions for use. Classification runs on use, not on product category, so what the paperwork says the system is for matters._

_[fill in]_

**Deployment contexts in scope of this memo**

_List every live or planned use. Each context is classified separately in sections 3–4: the same system can be out of scope in one deployment and high-risk in another._

_[fill in]_

**Memo owner and date**

_[fill in]_

## 2. Article 50 — transparency (applies from 2 August 2026)

> Article 50 applies to all AI systems that interact directly with natural persons, not only high-risk ones. The person must be told they are dealing with an AI, before or at the first interaction, in a clear and distinguishable form. Disclosure buried in terms and conditions does not qualify, and the "obvious from context" exception is judged from the perspective of the average person actually exposed — a natural-sounding voice agent is the opposite of obvious.

**Does the system interact directly with natural persons?**

_Yes/no, with the basis. Chatbots, voice agents, and conversational survey tools are in; batch scoring engines with no human-facing interaction are not._

_[fill in]_

**How is disclosure delivered?**

_Describe the mechanism and its timing relative to the first interaction._

_[fill in]_

**Can you evidence disclosure per interaction?**

_For a named person on a named date: can you produce a timestamped record showing they were told, and in what language? A configured setting is a behaviour; the obligation is satisfied by a record._

_[fill in]_

**Article 50 position**

_In scope and evidenced / in scope with a gap (state the remediation and date) / out of scope (state why)._

_[fill in]_

## 3. Annex III point 4 — high-risk screen (applies from 2 December 2027)

> The Act treats AI used for recruitment or selection, decisions on promotion or termination, task allocation based on individual behaviour or traits, and monitoring or evaluation of performance and behaviour as high-risk. Answer each limb for every deployment context listed in section 1. The system does not decide its own classification — its deployment does.

**Recruitment or selection: does output inform advertising, screening, filtering, or evaluation of candidates?**

_[fill in]_

**Promotion or termination: does output inform decisions on work-related relationships?**

_[fill in]_

**Task allocation: does output inform allocation of work based on individual behaviour or traits?**

_[fill in]_

**Monitoring and evaluation: does output inform monitoring or evaluation of an individual's performance or behaviour?**

_[fill in]_

**Do outputs concern named individuals or aggregates only?**

_Genuinely descriptive, aggregate-only output that never informs an individual outcome points away from Annex III. The moment output informs who is promoted, who is managed out, or how work is distributed, the deployment is in scope._

_[fill in]_

**Annex III position**

_High-risk / not high-risk / conditional on the deployment controls recorded in section 5._

_[fill in]_

## 4. Article 6 derogation — only if claiming exemption

> Article 6 provides a derogation for systems that do not pose a significant risk of harm: a narrow procedural task, improving the result of a previously completed human activity, detecting decision patterns without replacing or influencing human assessment, or a preparatory task to an assessment. It is not available where the system profiles natural persons.

> Claiming it has a cost. The final Digital Omnibus text reinstated the provider's obligation to document the assessment and register the system in the EU database even where the provider considers it exempt. Self-classification is a documented, reviewable claim, not a private opinion.

**Derogation limb relied on, and why**

_Name the limb and set out why the system's actual role in the decision fits it. Optimistic self-classification is the first trap regulators are briefed to look for._

_[fill in]_

**Profiling check**

_Confirm the system does not profile natural persons; profiling defeats the derogation entirely._

_[fill in]_

**Registration and documentation acknowledgment**

_Record where the assessment is filed and when the EU database registration will be made._

_[fill in]_

**Derogation position**

_Claimed / not claimed / not needed (not in Annex III)._

_[fill in]_

## 5. Use-drift triggers

> A listening tool deployed for communication in January has a way of feeding a performance dashboard by June, and the classification follows the drift whether or not anyone re-reads the paperwork. Name the specific changes that would flip the answers in sections 2–4, and who is watching for them.

**Changes that would change this classification**

_Examples: outputs routed into performance reviews; per-individual filtering added to dashboards; integration into task allocation; export of individual-level results to line managers; a new deployment context not listed in section 1._

_[fill in]_

**Drift controls and review cadence**

_The controls that prevent the drift, the owner who reviews this memo, and how often._

_[fill in]_

## 6. Conclusion

**Classification**

_High-risk (Annex III point 4) / high-risk obligations avoided via a registered Article 6 derogation / transparency obligations only (Article 50) / out of scope._

_[fill in]_

**Obligations that follow, with dates**

_Article 50 disclosure and evidence from 2 August 2026. If high-risk: risk management, data governance, technical documentation, logging, transparency to deployers, human oversight, accuracy and robustness (Articles 9–15), plus conformity assessment and EU database registration, from 2 December 2027 for standalone employment systems. If the derogation is claimed: documented assessment and registration._

_[fill in]_

**Registration position**

_[fill in]_

**Next review date**

_Re-run this memo when the Commission's final classification guidelines land (expected end of 2026), and at least quarterly._

_[fill in]_

## 7. Sign-off

**Prepared by**

_[fill in]_

**Reviewed by (counsel)**

_[fill in]_

**Date**

_[fill in]_

---

Template v1.0 — checked against the European Commission's draft classification guidelines of 19 May 2026. The maintained version, with an annotated walkthrough of every section, lives at https://tadeus.net/trust/classification-framework — you can subscribe there to be notified when it is updated against the final guidelines.

This document is a structured record of reasoning, not legal advice. Take this reasoning to your counsel.
