Free tool · v1.0 · Updated Q2 2026

The AI Risk Classifier.

Eight questions about your AI system. One answer that reconciles three frameworks at once: EU AI Act tier, NIST AI RMF function profile, and the ISO 42001 controls that actually apply to you.

Built by senior practitioners who get tired of seeing model risk gauged by vibes. No email gate. No nurture sequence. Print or save the result.

Citations: EU AI Act Annex III · NIST AI 100-1 · ISO/IEC 42001:2023 ~3 minutes Senior-practitioner methodology
Question 1 / 8
Profiling
Methodology · how this works

No black box. Read the rules.

Every classifier on the internet is opinionated. Most don't admit it. Here's exactly how this one decides: and where it stops short of being a legal opinion.

Source 1 · EU AI Act

Annex III + Article 5 + Article 50

We map your use-case to the eight Annex III high-risk areas, the Article 5 prohibitions, and the Article 50 transparency triggers. If you describe a Part B harmonisation product, the high-risk path applies regardless of Annex III.

Source 2 · NIST AI RMF

Govern · Map · Measure · Manage

The four RMF functions are weighted by what your answers reveal. Foundation models without internal data lineage push Map and Measure heavy; deployment in safety-critical domains pushes Manage and Govern. Honest profiles, not flat checklists.

Source 3 · ISO/IEC 42001:2023

Annex A · which controls trigger

From the thirty-eight Annex A controls, we surface the ones your answers actually engage. Most engagements treat the standard as a checklist; we treat it as a routing rule. Different systems get different controls. That's the whole point.

For when the classifier isn't enough

The classifier gives a tier.
The work gives a defense.

If a real audit, customer questionnaire, or board memo is on the line, a 3-minute classifier doesn't close it. A senior practitioner can. That's the whole offer.

Talk to a senior practitioner Read the ISO 42001 page