# EU AI Act — AI Risk Classification Statement

> **Product:** TrustOriginality.ai multimodal detection & compliance platform  
> **Version:** 1.0 · **Date:** 2026-06-16  
> **Public URL:** `https://trustoriginality.ai/docs/regulatory/ai-risk-classification.en.md`

This statement documents TrustOriginality’s **Article 6 risk classification** under Regulation (EU) 2024/1689. It is information for customers and auditors, not legal advice.

---

## 1. Summary

| Item | Classification |
|------|----------------|
| **TrustOriginality product** | General-purpose B2B **detection & documentation tool** |
| **Typical risk tier** | **Limited risk** — transparency / deployer-support (Art. 50) |
| **Annex III standalone high-risk system** | **No** — not marketed or designed as an Annex III decision system |
| **Provider role** | AI system **provider** of detection infrastructure (not a GPAI foundation model) |
| **Customer role** | Usually **deployer** of third-party or generative content |

TrustOriginality does **not** replace conformity assessment, CE marking, or national registration obligations that apply when a **customer** deploys a separate high-risk AI system.

---

## 2. Article 6 — Why we are not Annex III high-risk (standalone)

Annex III lists high-risk use areas (employment, education, law enforcement, migration, justice, critical infrastructure, etc.). TrustOriginality:

1. Does **not** autonomously make hiring, grading, policing, or judicial outcomes.
2. Returns **probabilistic forensic signals** with documented limitations.
3. Requires customers to keep **qualified human review** in the loop (see Acceptable Use Policy).
4. Prohibits **sole automated** Annex III decisions in contracts and API governance.

If a customer uses scores as the only input to an Annex III decision, **the customer** may trigger high-risk deployer obligations — mitigated by AUP, API blocks, and onboarding acknowledgments.

---

## 3. Obligations we implement (Art. 9 / Annex IV style)

| Obligation | TrustOriginality implementation |
|------------|--------------------------------|
| Risk management | Documented misuse risks, benchmark transparency, publish-gate thresholds |
| Technical documentation | Annex IV–style public file + panel technical page |
| Record-keeping | Activity log, compliance CSV/PDF, evidence ZIP, certificate keys |
| Human oversight | Required AUP acceptance; KYC/insurance APIs require `humanOversightAcknowledged` |
| Transparency (Art. 50) | JSON-LD labels, disclosure templates, audit exports |

We do **not** claim CE marking for TrustOriginality as a standalone Annex III product.

---

## 4. Prohibited customer use (Annex III)

See `acceptable-use-policy.en.md`. API `useCase` values such as `employment`, `education_grading`, `law_enforcement`, `migration`, `justice`, and `critical_infrastructure` combined with sole automated decision mode are **rejected**.

---

## 5. Review & versioning

- **Owner:** Trust & Compliance  
- **Review cycle:** Semi-annual or when EU AI Act guidance changes  
- **Related:** `annex-iv-technical-documentation.en.md`, `acceptable-use-policy.en.md`, `dpia-template.en.md`