Traps se pehle, poore page ko ek image se anchor karo: risk tier decide hota hai system kya karta hai aur kiske saath, na ki model kitna bada hai. Flowchart ko top-to-bottom padho — pehli matching condition tier set karti hai.
Figure kya dikhata hai (image ke bina padhne walon ke liye): ek single top box "AI system (any model, any size)" chaar yes/no questions ki vertical chain ko feed karta hai. Pehla check: kya use Art. 5 list mein hai? → agar haan, toh Unacceptable / Prohibited (magenta). Agar nahi, toh agle check par: kya yeh ek Annex III use-case hai (hiring, credit, medical, law enforcement)? → agar haan, toh High risk jisme Arts. 9–15 stack hai (orange). Agar nahi: kya yeh logon ke saath interact karta hai ya unke liye content generate karta hai (chatbot, deepfake)? → agar haan, toh Limited risk, Art. 50 disclosure (violet). Agar nahi: Minimal risk, koi obligations nahi (navy). Visual lesson: model size kisi bhi box mein appear nahi hota — sirf use aur impact system ko route karta hai.
Act ke key hooks, taaki neeche har claim primary text ke against checkable ho:
Figure kya dikhata hai (image ke bina padhne walon ke liye): chaar vertical bars, ek per tier, jinki height us tier ki duty categories ki number hai. Minimal = height 0 (koi nahi). Limited = height 1 (sirf Art. 50 disclosure). High = height 7 — woh tall bar — Arts. 9–15 stack ke saath labelled (risk management, data governance, documentation, logs, transparency, human oversight, robustness), aur yaad raho ki is stack ko additionally ek conformity assessment (Arts. 43–45) ke through certify bhi karna hoga. Unacceptable = height 0 lekin magenta mein coloured hai "BANNED (Art. 5)" ke saath, kyunki point yeh nahi ki "kam duties hain" balki "koi bhi compliant version exist hi nahi karta". Visual lesson: labelling ek chota sa bar hai; high-risk ek poori ladder hai.
Ek system high-risk sirf isliye hai kyunki woh ek bada, powerful model use karta hai jaise transformer.
False. Trace karo: Art. 6 kehta hai ek system high-risk tab hi hota hai jab woh ek Annex III use-case mein fall karta ho (ya ek regulated product ka safety component ho), toh routing question yeh hai ki woh kya karta hai, na ki kitna bada hai — ek huge model jo spam filter power karta hai kabhi Annex III mein nahi aata, toh woh minimal-risk hi rehta hai. (Foundation models ka apna GPAI rulebook hai, Arts. 51–55 — ek alag ladder, yeh tier nahi.)
EU AI Act ne facial recognition ban kar diya.
False. Sirf real-time remote biometric identification in public spaces for mass surveillance prohibited hai (Art. 5(1)(h)); Face-ID phone unlock aur post-event forensic review safeguards ke saath allowed rehte hain.
EU ke bahar based company Act se exempt hai.
False. Act extraterritorial hai (Art. 2) — agar system ka output EU market mein use hota hai, toh obligations apply hoti hain chahe woh kahan build ya host kiya gaya ho.
Minimal-risk AI ko bhi regulators ke paas technical documentation file karni hoti hai.
False. Tiers trace karo: Art. 6 Arts. 9–15 documentation stack ko high-risk Annex III systems se pin karta hai; ek minimal-risk system flowchart mein har routing question fail karta hai, "no obligations" box mein land karta hai, aur isliye koi bhi mandatory documentation nahi owes karta.
Agar ek high-risk system ek accuracy benchmark pass kar le, toh human oversight optional ho jaati hai.
False. Accuracy (Art. 15) aur human oversight (Art. 14) alag, dono-zaroori obligations hain — koi bhi accuracy score ek aisi human ki duty ko nahi hatata jo intervene ya override kar sake.
Ek high-risk provider hamesha self-certify kar sakta hai compliance.
False. Zyaadatar Annex III systems self-assessment allow karte hain, lekin sabse sensitive categories (notably remote biometric identification) ke liye third-party notified-body assessment zaroori hai (Arts. 43–45); kaun sa route apply hota hai yeh use-case par depend karta hai, provider ki preference par nahi.
Ek deepfake jo clearly satire ke roop mein use ho, usse bhi AI-generated disclose karna hoga.
True — yeh corrected point hai. Art. 50(4) koi blanket artistic/satirical exemption provide nahi karta; yeh sirf disclosure ko scale karta hai taaki work kharab na ho (jaise ek discreet notice rather than ek giant watermark). Synthetic origin reveal karne ki obligation remain karti hai.
Transparency tier require karta hai ki tum har user ko explain karo ki AI kaise kaam karta hai.
False. Limited-risk transparency (Art. 50) disclosure ki zaroori hai ki yeh AI hai (aur content synthetic hai), model ke internals ki poori explanation nahi.
Prohibited systems ko deploy kiya ja sakta hai agar vendor full legal liability accept kare.
False. Art. 5 uses outright banned hain; koi "pay-to-play" ya liability-waiver path nahi hai, unlike high-risk jo permitted-with-conditions hai.
"Hamara chatbot URL se obviously ek bot hai, toh hum disclosure skip karte hain — yeh Act ko satisfy karta hai kyunki disclosure sirf tab apply hoti hai jab yeh obvious nahi hota."
Partly right, dangerously stated. Art. 50(1) disclosure tabhi waive karta hai jab AI interaction reasonably well-informed user ko evident ho; yeh assume karna ki "URL se obvious hai" ek weak defence hai — jab doubt ho, disclose karo.
"Hum apni hiring AI ki decisions audit nahi kar sakte, lekin woh theek hai kyunki model ek trade secret hai."
Error. Arts. 11 aur 12 documentation aur logging ko mandatory legal obligations banate hain, aur Act ki confidentiality clause (Art. 78) trade secrets ko sirf public disclosurese protect karti hai — yeh tumhe regulators ya market-surveillance authorities se file withhold karne nahi deti. Law clash ko audit trail intact rakhke lekin treat karte hue confidentially resolve karta hai, toh "yeh trade secret hai" auditability ko defeat nahi kar sakta.
"Hamare medical-imaging AI ne hamare internal test set par 96% sensitivity hit ki, toh robustness proven hai."
Error. Ek in-house test set scanners, hospitals, aur demographics across robustness nahi dikhata jaise Art. 15 demand karta hai; robustness ka matlab hai varied conditions par testing jo system actually face karega.
"Humne AI ki outputs ko synthetic label kiya, toh humne apne saare high-risk duties meet kar li."
Error. Labelling ek transparency (Art. 50) measure hai — obligation-mapping figure mein woh single short bar. Ek high-risk system additionally poori Arts. 9–15 stack bhi owes karta hai (risk management, data governance, logs, human oversight, robustness) aur market mein jaane se pehle ek conformity assessment (Arts. 43–45).
"Humne training data se 'gender' column remove kar diya, toh hiring model biased nahi ho sakta."
Error. Bias proxy features mein chhup jaata hai — innocent-looking fields jo statistically ek protected attribute ki jagah kham karte hain. Example: postcode ethnicity se correlate karta hai, first name gender signal karta hai, aur "career gap" flag maternity leave track karta hai, toh model in sab se removed attribute reconstruct kar leta hai. Art. 10 isliye outcomes ka disparate impact ke liye testing require karta hai, sirf ek column delete karna nahi.
"Stored CCTV par crime solve karne ke liye post-event facial recognition prohibited hai, live surveillance ki tarah."
Error. Art. 5 ban real-time, public-space, mass identification ko target karta hai; oversight ke saath targeted post-event analysis alag tarike se treat hoti hai aur blanket-prohibited nahi hai.
Act kuch systems ko outright ban kyun karta hai instead of unhe heavily regulate karne ke?
Kyunki kuch uses (social scoring, subliminal manipulation) fundamental rights ko unke core par violate karte hain — Recital 28 explain karta hai ki yeh practices human dignity aur autonomy ki Union values ke contrary hain, toh koi bhi documentation ya oversight unhe acceptable nahi banata aur koi compliant version exist hi nahi kar sakta.
Human oversight kyun zaroori hai even for very accurate high-risk AI?
Kyunki Recital 73 oversight ko baaki safeguards ke bawajood remaining risks ko prevent karne ya minimise karne ke roop mein frame karta hai: ek person ko output correctly interpret karne, automation bias se alert rehne, aur system ko intervene ya halt karne capable hona chahiye — accuracy metrics average behaviour measure karte hain, na ki ek real person ke saamne specific edge case ko, aur accountability ek human par rest karni chahiye.
Act risk ko application se kyon tie karta hai, technology se nahi?
Kyunki same model harmless (game) ya dangerous (sentencing) ho sakta hai, toh tier ko logon ko potential harm track karna chahiye; Recital 26 ki proportionality logic kehti hai ki tech itself ko regulate karna ya toh safe uses ko over-burden karega ya dangerous ones ko under-protect karega.
Ek high-risk system ko conformity assessment market mein pahunchne se pehle kyun chahiye, baad mein sirf monitoring nahi?
Kyunki Arts. 43–45 check ko ex-ante rakhte hain — poora harm model prevention hai, toh system ko Arts. 9–15 satisfy karte dikhana hoga pehle ki woh loan deny kare ya X-ray read kare, zyaadatar cases mein self-assessment ke saath aur highest-stakes categories ke liye ek independent notified body ke saath.
Record-keeping (logging) ko apna alag Article kyun milta hai instead of documentation mein fold hone ke?
Kyunki Art. 12 live decisions ki ex-post traceability ko target karta hai: agar harm hota hai, toh authorities aur affected log reconstruct kar sakein kaun sa data, kaun sa model, kaun sa decision us specific run par — ek static design document (Art. 11) yeh nahi kar sakta, toh running log ek alag, continuous obligation hai.
Live public facial recognition ko stored footage se zyada harsh treatment kyun milti hai?
Kyunki real-time mass surveillance har kisi ke public behaviour par ek permanent chilling effect create karta hai (Recital 32), jabki stored footage ka targeted post-hoc review case-specific oversight aur judicial authorisation ke peeche gated kiya ja sakta hai.
Ek game AI opponents use karta hai lekin saath hi ek in-game chatbot NPC bhi hai jo ek human ka role-play karta hai. Kaun si obligations bite karti hain?
Game logic minimal-risk (koi nahi) hai, lekin chatbot limited-risk transparency (Art. 50) trigger karta hai — players ko pata hona chahiye ki woh AI se baat kar rahe hain, toh ek mixed system per component sabse highest applicable tier inherit karta hai.
Ek hiring tool sirf candidates ko rank karne ke liye use hota hai, aur ek human har final call karta hai — kya high-risk still apply hota hai?
Haan. Employment AI (Annex III) ek recommender ke roop mein bhi high-risk hai, kyunki ranking human decision ko materially shape karta hai; human oversight (Art. 14) ek added safeguard hai, tier se escape nahi.
Ek emotion-recognition system ek private research lab mein use hota hai, public par nahi. Prohibited hai ya nahi?
Automatically nahi — Art. 5 emotion recognition specifically workplace aur education settings mein ban karta hai, aur doosre bans public-space mass surveillance par hinge karte hain; same technique alag tiers mein land karti hai depending on kahan aur kiske upar use hoti hai.
Ek free open-source model ko ek startup loan-approval system mein fine-tune karta hai. High-risk obligations kaun carry karta hai?
Woh party jo high-risk system ko market par place kare ya service mein daale (Art. 25 ke under deployer/provider) — yahan loan tool build karne wala startup; "humne open source use kiya" duty ko shift nahi karta, aur wahi provider hai jo conformity assessment run karne ki zimmedari uthata hai.
Ek high-risk system deployment ke baad seekhta rehta hai (online updates) — kya hum compliance re-check karte hain?
Haan. Ek substantial modification jo intended purpose ya performance change kare conformity assessment re-trigger karta hai (Art. 43(4)); dynamic systems ko unke post-deployment change behaviour pre-defined hona chahiye risk-management file mein (Art. 9) taaki learned drift ek tested envelope ke andar rahe, "ek baar set karo, bhool jao" ke roop mein nahi treat hota.
Ek high-risk remote-biometric system ka provider time bachane ke liye self-certify karna chahta hai. Allowed hai?
Nahi — yeh exactly woh edge case hai jahan third-party notified-body assessment mandatory hai (Arts. 43–45); zyaadatar Annex III systems ke liye available self-assessment shortcut sabse sensitive biometric categories tak extend nahi hota.
Ek system limited-risk tier mein hai lekin kabhi kabhi users par legal effect wali automated decisions karta hai. Kya hai trap?
Trap yeh hai ki tier ko first impression se fixed maanlo — agar yeh decisions affecting rights or safety produce karta hai toh woh actually high-risk (Annex III) ho sakta hai, aur akeli transparency tab insufficient hogi.
Recall Har trap ki one-line summary
Tier use aur impact follow karta hai (Art. 6), model power nahi; Act EU market follow karta hai (Art. 2), builder nahi; GPAI foundation models ek alag axis par hain (Arts. 51–55), chaar tiers mein nahi; Art. 5 bans ka koi compliant workaround nahi hai; deepfakes ko hamesha disclosure chahiye (Art. 50, koi satire exemption nahi); high-risk poori Arts. 9–15 stack plus ek conformity assessment (Arts. 43–45) owes karta hai jo zyaadatar Annex III cases ke liye self-certified hoti hai lekin remote biometrics jaise sabse sensitive categories ke liye ek independent notified body require karti hai; aur ek substantial modification (Art. 43(4)) un systems ke liye woh assessment re-open karta hai jo deployment ke baad change hote hain.