The easiest way to understand the EU AI Act is not through definitions.
It's through examples.
Most companies don't struggle with the theory. They struggle with applying it to their own product, workflows, or use of AI.
Below are a few common scenarios that show how the regulation plays out in practice.
If you want to check your own situation directly:
Example 1: Using AI internally
Let's start with something simple.
Your team uses AI for:
- writing
- summarizing documents
- brainstorming
- internal research
In most cases, this is low risk.
Why? Because it doesn't directly affect other people. It helps your team work faster, but it doesn't make decisions about users, customers, or candidates.
That said, it's still worth having basic awareness around how these tools are used.
Example 2: AI in hiring
Now compare that to hiring.
If you use AI to:
- screen CVs
- rank candidates
- filter applicants
This is often considered high risk.
The reason is straightforward:
It directly affects who gets access to a job.
Even if the AI is "just assisting", it can still influence outcomes in a meaningful way.
This is one of the clearest examples of where the regulation becomes more strict.
Example 3: AI inside a SaaS product
This is where things get more nuanced.
Let's say you run a SaaS product and add AI features.
Case A: AI summarizes user data → usually low risk
Case B: AI ranks users or profiles → potentially high risk
Case C: AI filters or approves users → often high risk
Same product, different outcomes.
That's why it's not enough to say "we use AI". You need to look at what each feature actually does.
If you're building software, this is especially relevant:
Example 4: Customer decisions and automation
Another common scenario is automation.
If AI is used to:
- approve or reject applications
- prioritize customers
- decide access to services
…the risk level increases.
The more your system affects real outcomes, the more attention it requires.
Example 5: ChatGPT and generative AI
Many teams use tools like ChatGPT.
If it's used internally — drafting, research, support → usually low risk.
If it's used externally — in customer interactions, automated workflows, or decision-making → it becomes more complex.
The key is not the tool itself, but how it's used.
If you want a deeper breakdown:
Is ChatGPT affected by the AI Act?
Why examples matter more than definitions
The EU AI Act is not really about tools.
It's about impact.
Two companies can use the same technology and face completely different requirements, simply because of how that technology is applied.
That's why examples are often more useful than abstract definitions.
If you want a structured way to map your own use cases:
How to apply this to your business
A simple way to think about your own situation:
- Where do we use AI today?
- Does it affect people or decisions?
- How big is the impact?
- Is it internal or customer-facing?
These four questions will usually get you 80% of the way.
Want to understand the full framework?
If you want to go deeper into how risk levels are defined:
And if you want the full overview of the regulation:
Next step: check your own use case
Reading examples is useful.
But at some point, you need to map your own situation.
The fastest way to do that is to run a structured check based on your actual use of AI.