Skip to content

Risk Classification Framework

Project: Pickles GmbH — AI Governance Framework Stage: Stage 2 — Governance Foundation Status: Draft Version: v1 Date: 2026-02-22 Assumptions: Built on outline assumptions — not verified against real Pickles GmbH data

Purpose

This framework defines the criteria for classifying AI systems operated or deployed by Pickles GmbH [ASSUMPTION — A-001, A-003] across three internal risk tiers: High, Medium, and Low. It translates the EU AI Act's regulatory risk tiers and GDPR obligations into operational governance requirements tailored to the legal AI context.

Every AI system registered in the AI System Inventory (L1-3.1) must be assigned a risk tier using this framework before deployment. Risk classification determines required documentation, review level, monitoring intensity, and escalation pathway.

Regulatory basis: - EU AI Act Articles 6, 9, 13, 14 — Risk-based requirements - EU AI Act Annex III — High-risk AI system categories - EU AI Act Recitals 53 and 61 — Classification of legal and judicial AI - GDPR Article 22 — Right not to be subject to solely automated decisions with legal effects - GDPR Article 35 — Data Protection Impact Assessment triggers - BDSG Sections 67-69 — German DPIA and prior consultation requirements - ISO/IEC 42001 Clauses 8.2-8.4 — AI risk and impact assessment

Section 1: Risk Tier Definitions

Tier 1 — High Risk

Definition: A system is classified as High Risk if it meets any one of the following criteria:

  1. EU AI Act high-risk classification: The system falls within EU AI Act Annex III categories, or is used for the administration of justice or legal reasoning applied to specific facts (Recital 61), or meets the criteria of Article 6(2).

  2. Legal effects on identifiable individuals: The system's output is used — directly or indirectly — to produce decisions with legal effects on individuals, or that similarly significantly affect their rights, interests, or obligations (GDPR Article 22(1)).

  3. Large-scale processing of special categories: The system processes special categories of personal data (GDPR Article 9(1)) or criminal convictions data (GDPR Article 10) at scale.

  4. High potential for harm: A failure, error, or misuse of the system could result in material harm to a client's legal interests; professional liability for a lawyer relying on the output; regulatory breach by Pickles GmbH; or reputational harm to the legal profession.

  5. Third-party foundation model in client-facing deployment without adequate safeguards: The system is deployed to external clients and relies on a third-party AI model provider [ASSUMPTION — A-004] where that provider cannot demonstrate EU-equivalent data protection and confidentiality standards per Section 43e(4) BRAO.

Likely High Risk examples [ASSUMPTION — A-001]: - Legal analysis tools that apply AI reasoning to specific client facts to produce conclusions - AI systems used by lawyers in adversarial or court proceedings - Any system where lawyers apply AI outputs directly to specific client matters without interim review

Tier 2 — Medium Risk

Definition: A system is classified as Medium Risk if it meets any of the following criteria but does not meet any Tier 1 criterion:

  1. Customer-facing AI interaction without specific-case outputs: The system is deployed to external clients and directly interacts with natural persons (triggering EU AI Act Article 50 obligations), but does not produce outputs applied to specific client facts.

  2. Processing of general personal data as a core function: The system processes general personal data (not special categories) in its core operation.

  3. Professional reliance risk: The system's output is likely to be relied upon by lawyers in their professional work, creating a risk of harm from errors or hallucinations, but the risk is mitigated by the assistive (not determinative) nature of the output.

  4. Third-party model with adequate safeguards: The system uses a third-party AI model provider [ASSUMPTION — A-004] with demonstrated EU-equivalent data protection standards, but with residual risk from model behaviour or training data.

  5. Internal tooling with personal data access: Internal AI systems used by Pickles GmbH staff that access or process personal data of staff or clients.

Likely Medium Risk examples [ASSUMPTION — A-001]: - Legal drafting assistance where output requires mandatory lawyer review before use - Document summarisation tools processing documents that may contain personal data - Client-facing legal research portals interacting with natural persons

Tier 3 — Low Risk

Definition: A system is classified as Low Risk only if it meets all of the following criteria:

  1. No personal data processing: The system does not process personal data of identifiable individuals, or processes only fully anonymised data.
  2. No client-facing interaction: The system is used entirely internally with no external client interaction.
  3. No legal effects: The system's output is not used to inform decisions with legal effects on individuals.
  4. Ancillary function: The system performs administrative, productivity, or support functions with no direct impact on legal advice or client outcomes.
  5. Minimal harm potential: Errors in the system's output would not cause material harm to clients, lawyers, or Pickles GmbH.

Likely Low Risk examples [ASSUMPTION — A-001]: - Internal knowledge base search tools operating on non-personal data - Administrative scheduling or document management automation - Internal analytics operating on aggregate, anonymised data only

Section 2: Classification Requirements by Tier

Requirement High Risk (Tier 1) Medium Risk (Tier 2) Low Risk (Tier 3)
EU AI Act classification High-Risk (Annex III / Article 6) Limited-Risk (Article 50) or unclassified Minimal-Risk
DPIA Mandatory (GDPR Art. 35; BDSG §67) Risk assessment required; DPIA likely if personal data processed Risk assessment required; DPIA unlikely
BfDI prior consultation Required if DPIA shows residual high risk (GDPR Art. 36; BDSG §69) Not typically required Not required
Technical documentation Full pack required (EU AI Act Art. 11; L2-4.2) Summary documentation required Basic record only
Human oversight Mandatory — no AI outputs used without review (EU AI Act Art. 14; BRAK Position Paper Section 2.1) Required — all outputs reviewed before use Standard professional judgment
Conformity assessment Required before deployment (EU AI Act Arts. 16-23) Not required Not required
AI output labelling Mandatory (EU AI Act Art. 50) Mandatory where interacting with natural persons (Art. 50) Not required
Event logging Automatic logging mandatory (EU AI Act Art. 12; BDSG §76) Operational logging required Basic system logging
Review level Legal + DPO + Engineering + Executive sign-off Compliance Lead + Engineering sign-off Engineering sign-off only
Monitoring intensity Continuous active monitoring with defined KPIs Periodic monitoring (minimum quarterly) Annual review
Escalation pathway CEO/Board; DPO; regulatory reporting may apply Compliance Lead; DPO informed Engineering Lead
Re-classification trigger Any substantive modification (EU AI Act Art. 3); any incident; annual review Any change in deployment scope or data types; annual review Annual review

Section 3: Classification Decision Tree

Apply this decision tree to any new or modified AI system. Work through each question in order and stop at the first YES.

START
  │
  ├─► Q1. Is the system's intended use PROHIBITED under EU AI Act Article 5?
  │       (Examples: biometric categorisation for law enforcement in public spaces;
  │        social scoring; manipulation of vulnerable persons; real-time biometric
  │        identification in public spaces)
  │
  │   YES ──► PROHIBITED — Do not deploy. Escalate to Legal immediately.
  │   NO  ──► Continue ▼
  │
  ├─► Q2. Does the system fall within EU AI Act Annex III categories?
  │       OR is it used to assist judicial/legal authorities with fact-finding,
  │       legal research, or prediction of legal outcomes applied to specific
  │       client facts? (EU AI Act Recital 61)
  │
  │   YES ──► TIER 1 — HIGH RISK
  │   NO  ──► Continue ▼
  │
  ├─► Q3. Could the system's output be used — directly or indirectly — to produce
  │       decisions with legal effects on an identifiable individual, or that
  │       similarly significantly affect them? (GDPR Article 22(1))
  │
  │   YES ──► TIER 1 — HIGH RISK
  │   NO  ──► Continue ▼
  │
  ├─► Q4. Does the system process special categories of personal data
  │       (GDPR Article 9(1)) or criminal convictions data (GDPR Article 10)
  │       at scale?
  │
  │   YES ──► TIER 1 — HIGH RISK
  │   NO  ──► Continue ▼
  │
  ├─► Q5. Is the system customer-facing (directly accessible by or interacting
  │       with external lawyer clients or their end clients)?
  │
  │   YES ──► Continue to Q6
  │   NO  ──► Continue to Q7
  │
  ├─► Q6. Does the system produce outputs that lawyers are likely to apply to
  │       specific client matters — i.e., outputs about specific facts,
  │       specific clients, or specific legal situations?
  │
  │   YES ──► TIER 1 — HIGH RISK
  │          (risk of harm from reliance on specific-case AI outputs)
  │   NO  ──► TIER 2 — MEDIUM RISK
  │          (customer-facing with transparency obligations; EU AI Act Art. 50)
  │
  └─► Q7. Does the system process personal data of identifiable individuals
          in its core function?

      YES ──► TIER 2 — MEDIUM RISK
      NO  ──► TIER 3 — LOW RISK

[LEGAL REVIEW REQUIRED] The application of this decision tree to specific Pickles GmbH products requires legal interpretation before any classification is finalised. Q2 (Annex III / Recital 61) and Q6 (specific-case reliance) are particularly sensitive and must be reviewed by a qualified lawyer with EU AI Act expertise.

Section 4: Tier-Specific Governance Requirements

Tier 1 — High Risk: Full Requirements

Required documentation: - [ ] Technical Documentation Pack (EU AI Act Article 11) — template L2-4.2 - [ ] EU AI Act Risk Classification Assessment — citing specific Annex III categories or Recital 61 basis - [ ] Data Protection Impact Assessment (GDPR Article 35; BDSG Section 67) - [ ] BfDI prior consultation record or documented decision not required (GDPR Article 36; BDSG Section 69) - [ ] Conformity Assessment and Declaration of Conformity (EU AI Act Articles 16-23) - [ ] Data Processing Agreement with all clients (GDPR Article 28) - [ ] Section 43e BRAO-compliant service agreement (for lawyer clients) [ASSUMPTION — A-002] - [ ] Vendor Risk Assessment for any third-party model providers (L2-5.3)

Review level: All four sign-offs mandatory before deployment: 1. Legal and compliance (including DPIA and DPA review) 2. DPO [ASSUMPTION — A-008] 3. Engineering and security 4. Executive sign-off (CEO or designated C-suite)

Monitoring intensity: - Continuous active monitoring via L3-6.1 - Hallucination rate, citation error rate, bias signals, complaint rate tracked as KPIs - Monthly monitoring report to Compliance Lead and DPO - Annual external audit recommended

Escalation pathway: 1. Incident or anomaly detected → Incident Response Playbook (L3-6.2) activated immediately 2. Serious incident (client harm, regulatory breach, data breach) → CEO/Board within 24 hours; DPO immediately; regulatory reporting assessed 3. EU AI Act serious incident → Market surveillance authority per Article 73 4. GDPR data breach → Supervisory authority within 72 hours (Article 33); data subjects if high risk (Article 34)

Tier 2 — Medium Risk: Full Requirements

Required documentation: - [ ] System summary documentation (purpose, model type, data categories, intended use) - [ ] Risk assessment documenting why Tier 1 criteria are not met - [ ] DPIA trigger assessment (document conclusion even if DPIA not triggered) - [ ] Data Processing Agreement if personal data is processed (GDPR Article 28) - [ ] AI transparency disclosure for customer-facing systems (EU AI Act Article 50; L2-4.3)

Review level: Two sign-offs required before deployment: 1. Compliance Lead review 2. Engineering and security sign-off

Monitoring intensity: - Periodic monitoring — minimum quarterly review - Error rate and complaint tracking - Quarterly report to Compliance Lead

Escalation pathway: 1. Incident or anomaly → Compliance Lead within 48 hours; Incident Response Playbook assessed 2. Personal data breach → DPO immediately; GDPR Article 33 reporting assessed 3. Pattern of errors or complaints → Risk re-assessment; consider re-classification to Tier 1

Tier 3 — Low Risk: Full Requirements

Required documentation: - [ ] Basic system record (system name, purpose, owner, deployment date) - [ ] Documented confirmation that Tier 1 and Tier 2 criteria have been assessed and do not apply

Review level: Single sign-off: 1. Engineering sign-off (technical review and basic security check)

Monitoring intensity: - Annual review to confirm continued eligibility for Tier 3 - No real-time monitoring required

Escalation pathway: 1. Unexpected personal data processing identified → Re-assess classification immediately; inform DPO 2. Any incident → Engineering Lead notified; Compliance Lead informed

Section 5: Re-Classification Triggers

A system must be re-classified whenever any of the following occur:

Trigger Required Action
Substantive modification to model, architecture, or intended use (EU AI Act Article 3) Re-run decision tree; re-classification may require new conformity assessment
Change in data categories processed Re-run decision tree; consider DPIA trigger
Change from internal to customer-facing deployment Re-run decision tree; likely upgrade to Tier 2 or Tier 1
Change of third-party model provider [ASSUMPTION — A-004] Re-run Vendor Risk Assessment (L2-5.3); consider classification impact
Significant incident or pattern of errors Compliance Lead to review; may require upgrade
Annual review Re-confirm classification; update documentation
New regulatory guidance (BRAK notes its guidance is a "snapshot") Compliance Lead to assess impact on all classified systems

Section 6: Classification Register

Risk classifications are recorded in the AI System Inventory (L1-3.1). This framework governs how classifications are assigned and reviewed. L1-3.1 is the authoritative record of each system's current classification.

System ID System Name Current Classification Classification Date Next Review
SYS-001 Legal Drafting Assistant [ASSUMPTION: Pending — likely Tier 1 or Tier 2] Pending At deployment
SYS-002 Legal Research Engine [ASSUMPTION: Pending — likely Tier 2 or Tier 3] Pending At deployment
SYS-003 Document Summarisation Tool [ASSUMPTION: Pending — likely Tier 2] Pending At deployment
SYS-004 Internal Operations Tool [ASSUMPTION: Pending — likely Tier 3] Pending At deployment

This framework is a governance control document. Classifications assigned under this framework have regulatory significance under the EU AI Act and GDPR.

[LEGAL REVIEW REQUIRED] The criteria in this framework, particularly the decision tree at Section 3, require legal interpretation before operational use. The boundary between Tier 1 and Tier 2 for legal AI tools (Q2 and Q6) depends on deployment context and must be assessed per product by a qualified lawyer with EU AI Act expertise.