Key legal considerations when developing an AI system: Know your risk classification

Home | News | Technology | AI | Key legal considerations when developing an AI system: Know your risk classification

Spencer West Partner Dr. Peter Schneidereit
Dr. Peter Schneidereit
17 April 2025

As technology advances and the regulatory spotlight intensifies on artificial intelligence, developers and users of AI systems must navigate a fast-evolving legal landscape. From the EU’s AI Act to existing frameworks like the GDPR, regulatory compliance is a fundamental part of building responsible, trustworthy AI.

Whether you’re a provider, deployer, or other kind of operator, this series of three articles analyses the most important legal considerations to keep in mind when developing an AI system.

First, know your risk classification – and plan accordingly.

 

Know your risk classification

The EU AI Act introduces a tiered approach to AI regulation. At the top of the list are prohibited practices, which details AI systems that simply shall not be developed or deployed due to their inherent risks to individual rights. These include:

  • Social scoring based on personal behaviour
  • Crime prediction through profiling
  • Untargeted facial recognition scraping

Next are high-risk AI systems, which are subject to strict regulatory controls. These often take the form of systems which involve safety or are sensitive as to rights, such as:

  • Biometric identification
  • Recruitment and employment decisions
  • Regulated products like medical devices or protective equipment

If your system qualifies as high-risk, you’ll need to meet a wide range of strict compliance obligations, including:

  • A comprehensive risk management system
  • Data quality assurance
  • Technical documentation and record keeping
  • Transparency and human oversight

Utilisation of so-called General-Purpose AI, which may not be classified under the risk category regime due to its wide range of use cases, also triggers certain obligations – particularly in order to ensure transparency, where users must be clearly informed when they’re interacting with AI.

What should you do?

  • Diligent scoping assessment: Can you avoid a high-risk classification by smart product design?
  • If not, conduct a gap analysis concerning your current compliance landscape against the specific (additional) AI Act’s requirements
  • Close the gaps by implementing a clear, prioritised action plan

Conclusion

From compliance to content ownership and liability, legal issues around AI development are evolving rapidly. The key is to plan early, document thoroughly, and integrate legal, ethical, and technical considerations from the ground up.

At our upcoming AI Web Summit, we’ll be diving deeper into these issues and providing practical insights to help your organisation future-proof its AI systems. We look forward to dive into the conversation there and hollow out specific use cases of innovative data driven use cases. Sign up here: Preparing Cross-Border Businesses for Emerging AI Regulations: Navigating Legal Uncertainty in AI-Powered Business Models

Dr. Peter Schneidereit
Partner - IT Contracts, Data Protection
Spencer West Partner Dr. Peter Schneidereit
Telephone
Email
View Profile View Articles