Methodology

How our EU AI Act classification works

Every verdict Legalithm produces is reproducible and traceable to the law. Here is exactly how, and how we keep it current.

Rules engine v1.0.0View the changelog

Deterministic, not generative

Classifications are produced by a rules engine that maps a system onto a structured reading of the EU AI Act, not by a language model. The same inputs always produce the same output, so a verdict never changes phrasing or conclusion between runs.

There is no LLM, no network call and no randomness in the classification path, and this is enforced by an automated test, not just a policy. The web app, the API, the CLI and the developer tooling all call the same engine, so results never diverge across surfaces.

Cited to the primary source

Every output links to its exact article. Each obligation and each risk tier deep-links into Regulation (EU) 2024/1689 on EUR-Lex, so a compliance officer or their counsel can verify a verdict against the law itself.

Versioned and maintained

The rules corpus is versioned. Every change is dated and published to a public changelog, and each classification is stamped with the engine version that produced it.

When the rules change, existing systems are re-classified automatically. A change that raises a risk tier is held for human review before it goes live, and every published change generates a dated, plain-language notice of what changed and why.

Article references are to Regulation (EU) 2024/1689 (the EU AI Act). Legalithm provides compliance information, not legal advice.