Pricing
    About UsCareersContactPartnersPressStatus
    Start FreeLog in
    Classification & Risk Assessment
    8 min readUpdated 2025-01-28

    The Classification Engine Explained

    Deep dive into how Klarvo's classification engine determines risk levels and applicable obligations.

    The Classification Engine

    Klarvo's Classification Engine is the core logic that determines your AI system's risk level and applicable EU AI Act obligations.

    How Classification Works

    The engine processes your wizard answers through four sequential stages:

    Stage 1: AI System Definition → Is this even an AI system?

    

    Stage 2: Prohibited Screening → Any red flags under Article 5?
    

    

    Stage 3: High-Risk Screening → Annex III category match?
    

    

    Stage 4: Transparency Check → Article 50 obligations?
    

    

    Final Classification + Obligation Mapping

    Stage 1: AI System Definition

    First, we determine if your system meets the EU AI Act definition of an "AI system":

    Key criteria:

  1. Infers outputs from inputs to achieve objectives
  2. Produces predictions, recommendations, decisions, or content
  3. Operates with some degree of autonomy
  4. Uses ML, statistical, or logic-based approaches

    5. Possible outcomes:

  5. ✅ Likely AI System → Continue to Stage 2
  6. ❌ Likely Not AI System → Out of scope (still tracked)
  7. ⚠️ Needs Review → Flag for legal/compliance review

    8. Stage 2: Prohibited Practices (Article 5)

    Critical safety check against eight prohibited AI practices:

  8. Harmful manipulation/deception
  9. Exploitation of vulnerabilities
  10. Social scoring for unrelated decisions
  11. Criminal risk prediction via profiling alone
  12. Untargeted facial recognition database scraping
  13. Workplace/education emotion inference
  14. Biometric categorisation revealing protected characteristics
  15. Real-time remote biometric ID in public spaces (law enforcement)

    16. Possible outcomes:

  16. ✅ No indicators → Continue to Stage 3
  17. ⚠️ Potential prohibited → STOP - Legal review required
  18. ❓ Unsure on any → Flag for compliance review
    19. If any prohibited indicator is flagged, the system is classified as "Blocked" until cleared by legal review.

    Stage 3: High-Risk Screening (Annex III)

    Check against nine high-risk use case categories:

    CategoryExamples
    BiometricsFacial recognition, fingerprint matching
    Critical InfrastructureEnergy grid control, water systems
    EducationExam proctoring, admissions scoring
    EmploymentCV screening, performance evaluation
    Essential ServicesCredit scoring, insurance underwriting
    Law EnforcementEvidence analysis, risk assessment
    MigrationVisa processing, asylum decisions
    JusticeSentencing recommendations, case triage
    Safety ComponentsMedical device AI, vehicle ADAS

    Possible outcomes:

  19. ✅ No matches → Continue to Stage 4
  20. ⚠️ High-Risk Candidate → Deployer obligations apply
  21. 🏭 Safety Component → Provider obligations may apply

    22. Stage 4: Transparency Check (Article 50)

    Evaluate transparency disclosure requirements:

  22. Direct AI interaction → Must inform unless obvious
  23. Synthetic content generation → Machine-readable marking
  24. Emotion recognition → Must inform affected persons
  25. Deepfake generation → Must disclose artificial nature
  26. Public-interest text → Disclosure unless editorial control

    27. Final Classification Output

    Based on all stages, systems are classified:

    LevelMeaningObligations
    Minimal RiskNo specific EU AI Act requirementsBest practices only
    Limited RiskTransparency obligations applyArticle 50 disclosures
    High-Risk CandidateFull deployer dutiesArticle 26 + controls
    BlockedPotential prohibited practiceLegal review + escalation

    Classification Confidence

    Each classification includes a confidence level:

  27. High Confidence: Clear answers, unambiguous category
  28. Medium Confidence: Some uncertainty, recommend review
  29. Low Confidence: Multiple unsure answers, requires expert input

    30. Audit Trail

    Every classification decision is logged with:

  30. All questions asked and answers given
  31. Decision path taken
  32. Classification rationale
  33. Reviewer (if any) and approval date
  34. Version history for re-classifications