# Live credit prep

## Classification summary

- Organization: Ada Smoke
- Sector: Credit / banking
- Purpose: Prepare a human review packet
- Risk: Limited risk to confirm
- Article 6 product safety component: no
- Annex III categories: essentialServices

## Evidence

- [ ] Documented Article 6(3) exception memo (Legal)
- [ ] Documented purpose and use boundary (Product)

## Roadmap

- Immediate: Record Article 6(3) rationale and limits

## Methodology

Regulation (EU) 2024/1689 + Commission high-risk guidance checked 2026-07-01 | version 2026.06 | generated 2026-07-01T16:18:11.581Z

- Identify prohibited-practice triggers (Article 5 watchouts): No trigger detected
- Assess Article 6(1) product-safety component applicability: Not applicable
- Map Annex III domains from declared operational use: Annex III domains matched
- Check Article 6(3) significant-risk exception: Article 6(3) exception documented
- Generate evidence obligations and remediation priorities: Compliance outputs generated


Assumptions and limits

- Classification relies on intake declarations and selected risk triggers.
- Annex III systems are treated as high-risk unless an Article 6(3) exception is explicitly documented.
- Profiling of natural persons or material influence on decisions blocks the Article 6(3) exception.
- Commission high-risk enforcement timeline used: 2 December 2027 for Annex III areas and 2 August 2028 for product-integrated systems.
- Edge cases and product-specific harmonisation laws require manual legal review.

## Decision matrix

- Prohibited practices | Article 5 | Not triggered | No prohibited-practice trigger selected in intake.
- Product safety component | Article 6(1) | Not triggered | No regulated product/safety component declaration.
- Annex III domain | Annex III | Triggered | Matched domains: essentialServices
- Article 6(3) exception | Article 6(3) | Documented exception | Annex III trigger is present, but intake declares a narrow/preparatory task with no profiling and no material decision influence.
- Fundamental-rights impact | Recitals and Articles 9, 10, 14 | Required | Selected domain can materially affect people rights; structured impact assessment is required.
- Operational obligations | Articles 9-15 and 72 | Required | High-risk indicators trigger a full conformity workstream.

## Regulatory sources

- EU AI Act Article 5 (Prohibited AI practices) | Regulation (EU) 2024/1689, Article 5 | Official Journal L, 2024/1689 | applies 2025-02-02 - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- EU AI Act Article 6(1) (High-risk AI systems - product safety component) | Regulation (EU) 2024/1689, Article 6(1) | Official Journal L, 2024/1689 + Commission AI Omnibus timeline | applies 2028-08-02 - https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
- EU AI Act Article 6(3) (Annex III significant-risk exception) | Regulation (EU) 2024/1689, Article 6(3) | Official Journal L, 2024/1689 + Commission draft high-risk guidelines | applies 2027-12-02 - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- EU AI Act Articles 9-15 (Risk management, data governance, technical docs and oversight) | Regulation (EU) 2024/1689, Articles 9-15 | Official Journal L, 2024/1689 + Commission high-risk timeline | applies 2027-12-02 / 2028-08-02 - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- EU AI Act Article 72 (Post-market monitoring and incident reporting) | Regulation (EU) 2024/1689, Article 72 | Official Journal L, 2024/1689 + Commission high-risk timeline | applies 2027-12-02 / 2028-08-02 - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- EU AI Act Annex III(5) (Essential private and public services) | Regulation (EU) 2024/1689, Annex III(5) | Official Journal L, 2024/1689 + Commission high-risk timeline | applies 2027-12-02 - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
- European Commission high-risk AI guidelines (Draft classification guidance and enforcement timeline) | European Commission, Guidelines for providers and deployers of AI high-risk systems | Commission draft guidance, checked 2026-07-01 | applies 2027-12-02 / 2028-08-02 - https://digital-strategy.ec.europa.eu/en/policies/guidelines-ai-high-risk-systems
- European Commission AI Act timeline (Risk-based approach and application timeline) | European Commission, AI Act policy page | Commission AI Act page, checked 2026-07-01 | applies 2025-02-02 / 2025-08-02 / 2026-08-02 / 2027-12-02 / 2028-08-02 - https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai

## Disclaimers

- Pre-classification support only. Final qualification and conformity decisions require legal/compliance validation.
- Assessment scope is limited to declared use-case context and selected risk triggers.
- This output does not replace legal advice, notified-body review or competent authority guidance.
