How Agentic AI Systems Are Classified Under the EU AI Act

 ·  Grace Blackwell

The EU AI Act was drafted with traditional ML systems in mind: classifiers, recommenders, decision-support tools. Agentic AI systems (multi-step autonomous workflows that use tools, make decisions, and chain actions) fall within its scope. Article 3(1) defines an AI system as "a machine-based system that is designed to operate with varying levels of autonomy." Agents qualify.

The Classification Flow

  1. Prohibited practice check (Article 5): social scoring, exploitative techniques, emotion inference in workplaces/education, untargeted facial recognition. Banned outright.
  2. High-risk via Annex I (Article 6(1)): AI as a safety component of products covered by EU harmonised legislation.
  3. High-risk via Annex III (Article 6(2)): AI operating in listed domains. This is where most agents land.
  4. Limited risk (Article 50): systems interacting with humans, generating synthetic content, or performing emotion recognition.
  5. Minimal risk: everything else.

Why Agents Frequently Trigger High-Risk

Agents are deployed where autonomous decisions add value, which correlates with Annex III high-risk domains:

  • Employment (Annex III, 4): recruitment screening, task allocation, performance monitoring
  • Essential services (Annex III, 5): creditworthiness, insurance pricing, benefits eligibility
  • Law enforcement (Annex III, 6): fraud detection, risk assessment
  • Critical infrastructure (Annex III, 2): energy optimisation, transport management

The determinant is the domain and nature of decisions the system influences, regardless of which orchestration framework is used.

Architecture-Specific Risk Signals

  • Missing stop mechanisms: Article 14(4)(e) requires the ability to interrupt. Agents that can't be halted mid-execution violate this.
  • Dynamic tool use: agents discovering and invoking tools at runtime makes demonstrating "intended purpose" (Article 9) harder.
  • Decision chaining without checkpoints: sequential agent decisions leading to action with no human review challenges Article 14.
  • Insufficient logging: Article 12 requires event recording. Many agent frameworks don't log at the granularity needed to reconstruct decision paths.

Practical Classification Steps

  1. Map the decision domain against Annex III use cases
  2. Identify human checkpoints: where can a human intervene, override, or halt?
  3. Check for profiling: assessing natural persons to predict behaviour is an automatic high-risk trigger (Article 6(2))
  4. Determine your role: provider (built it), deployer (using it), or both

Article 6(3) provides a narrow derogation for systems that don't pose significant risk to health, safety, or fundamental rights. This derogation doesn't apply if the system performs profiling.

Part of our guide: EU AI Act compliance for UK organisations.

Classify your agentic systems

HEX 165 classifies AI systems against Annex III, detects agentic architecture risk flags, and maps the full 348-criteria obligation set based on your role and classification. Book a demo to see it on your systems.