The risk-based approach of the EU AI Act
The AI Act links its requirements to the purpose, context and risk potential of a system. Certain practices, including specific forms of manipulation and social scoring, are prohibited. High-risk AI is subject to particularly demanding controls. Depending on the use case, this may include systems used in recruitment, creditworthiness assessments or critical infrastructure. Relevant duties may cover risk management, technical documentation, data governance, human oversight, logging and post-deployment monitoring.
Other systems are primarily subject to transparency obligations. Users may need to be told that they are interacting with AI or that content has been artificially generated or altered. Many low-risk applications remain largely free from product-specific duties under the AI Act. That does not make their use legally unrestricted: data protection, employment law, copyright, trade secret protection and general liability rules continue to apply.
The relevant question is therefore not the tool's marketing label but the concrete use case. The same system may be relatively unproblematic when drafting marketing copy but much more heavily regulated when used for recruitment or a safety-related decision.