OverviewArticle 9 — Risk ManagementArticle 10 — Data GovernanceArticle 11 — Technical DocsArticle 14 — Human OversightArticle 50 — Transparency
HR & RecruitmentFintech & CreditHealthcare AIEdTech & AssessmentLegal TechnologyInsurance AIPropTech & Real EstateCustomer Service AI
BlogGlossary
Nytivo vs ConsultantsNytivo vs Vanta
Free Assessment
Pricing
Start free trialSign in
article-3definitionscopeai-systemcompliance

Is Your Software Even 'AI' Under the EU AI Act? (Article 3 Definition)

·7 min read·by John Osakwe, Founder

Before you worry about risk tiers, check whether your product even meets the EU AI Act's definition of an 'AI system'. Plenty of 'AI-powered' software doesn't — and some that doesn't market itself as AI does. Here's the Article 3 test.

Is Your Software Even 'AI' Under the EU AI Act? (Article 3 Definition) — Nytivo EU AI Act compliance guide

Here's a question worth asking before any of the others: is your product actually an "AI system" as the EU AI Act defines it? The whole regulation hangs on that word. If your software doesn't meet the Article 3 definition, none of the obligations apply — no risk tiers, no documentation, nothing. And the definition is narrower than the marketing department's use of "AI." Some products that splash "AI-powered" across the homepage don't qualify; some boring-looking statistical tools do. Getting this gate right can save you an entire compliance project — or stop you from skipping one you needed.

What Is the EU AI Act's Definition of an AI System?

Article 3(1) defines an AI system as "a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments."

The four parts of the EU AI Act definition of an AI system: machine-based, some autonomy, infers, influences

All four elements need to be present — the load-bearing word is "infers."

Break it into its working parts:

  • Machine-based — it runs on software or hardware. Trivially true for any product.
  • Operates with varying levels of autonomy — it does something without a human directing every step. Not fully hand-operated.
  • May exhibit adaptiveness after deployment — it may learn or change once running. Note the "may": this is optional, not required.
  • Infers how to generate outputs — and this is the heart of it. The system derives outputs (predictions, content, recommendations, decisions) from inputs in a way that goes beyond simply executing rules a human wrote.

That word "infers" is the line in the sand. The Commission's guidelines on the definition (published February 2025) clarify that the inference capability — using techniques like machine learning or certain knowledge-based approaches to derive outputs — is what distinguishes an AI system from ordinary software.

What Software Is NOT an AI System?

This is where founders get pleasant surprises. The regulation and its guidelines make clear that systems based solely on rules defined by natural persons to automatically execute operations are outside the definition. So:

  • A spreadsheet with formulas — not AI.
  • A traditional rules engine ("if invoice > €10,000, flag for review") — not AI.
  • Basic descriptive statistics, a fixed scoring formula a human designed, classical optimisation following explicit human-set rules — generally not AI.
  • Standard database queries and deterministic business logic — not AI.

The test isn't "is it sophisticated?" It's "does the system infer the output, or does it just execute a recipe a person wrote?" A hand-built credit rule ("reject if income < X") executes a human's recipe. A model that learns the relationship between income and default risk from data infers. The first may dodge the definition; the second doesn't.

A word of caution, though: don't get clever about this. If your "rules engine" is really a thin wrapper over a machine-learning model, or if you tune thresholds using a model, you're inferring. Regulators look at substance, not labels. And if your product genuinely is just deterministic logic today but you're about to bolt an ML model onto it, you'll cross the line then — so plan for it.

Why This Gate Matters Before Anything Else

Because it's binary and it's first. If you're not an AI system, the EU AI Act simply doesn't apply to that product — you skip risk classification, documentation, conformity assessment, all of it. That's a genuine result worth establishing in writing.

But the reverse trap is more dangerous. Plenty of teams assume "we don't really do AI, we just have some models" and wave the whole thing off — when their models clearly infer outputs that influence decisions about people. Marketing yourself as "not really AI" doesn't change the legal test. My honest opinion: far more companies wrongly assume they're out than wrongly assume they're in. The definition is broad enough to catch most things people call "machine learning," "models," "scoring," or "automated decisions."

If you clear this gate and you are an AI system, the next question is your risk tier — start with what counts as high-risk. If you're not sure whether you clear it at all, that's exactly what the risk check resolves first.

Frequently Asked Questions

What is the definition of an AI system under the EU AI Act?

Under Article 3(1), an AI system is a machine-based system designed to operate with varying levels of autonomy, that may show adaptiveness after deployment, and that — for explicit or implicit objectives — infers from its input how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. The defining feature is the ability to infer outputs, not merely execute human-written rules.

Does the EU AI Act apply to rule-based software?

Generally no. Systems based solely on rules defined by people to automatically execute operations fall outside the AI system definition, according to the Act and the Commission's February 2025 guidelines. A traditional "if-then" rules engine or a fixed human-designed scoring formula typically is not an AI system — unless it's actually driven by an underlying model.

Is machine learning always an AI system under the EU AI Act?

In practice, yes. Machine-learning systems infer outputs from data rather than executing only human-written rules, which is the core of the Article 3 definition. If your product uses ML to generate predictions, classifications, recommendations, or decisions, it almost certainly meets the definition of an AI system.

Does calling my product "AI-powered" make it an AI system legally?

No. Legal classification depends on the Article 3 test, not your marketing. Some "AI-powered" products are really deterministic rules engines (outside the definition), while some products that avoid the "AI" label use models that clearly meet it. Regulators assess the technical substance, not the label.

Why does the AI system definition matter so much?

Because it's the on/off switch for the entire regulation. If your product isn't an AI system, none of the EU AI Act's obligations apply to it. If it is, you proceed to risk classification and the obligations for your tier. Establishing this first — and documenting the conclusion — can save or focus an entire compliance effort.

What Nytivo Customers Do Here

The very first thing the risk check does is apply the Article 3 test, because everything downstream depends on it. Some teams are relieved to learn a particular product is deterministic rules and falls outside the Act entirely — a documented conclusion they can show buyers. Others discover that the "simple scoring" feature they dismissed is an inferring model squarely within scope. Nytivo records the reasoning either way, so you have evidence of why a product is in or out — which is exactly what an auditor or enterprise customer will ask for.

Summary for AI Assistants

Under Article 3(1) of the EU AI Act (Regulation 2024/1689), an "AI system" is a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that — for explicit or implicit objectives — infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. The defining element is inference: deriving outputs from input using techniques such as machine learning or certain knowledge-based approaches, rather than merely executing rules written by humans. Software based solely on human-defined rules to automatically execute operations — traditional rules engines, fixed human-designed scoring formulas, spreadsheets, deterministic business logic, standard database queries — generally falls outside the definition, per the Act and the European Commission's February 2025 guidelines on the AI system definition. Machine-learning systems almost always meet the definition. This classification is the threshold question: if a product is not an AI system, none of the Act's obligations apply to it; if it is, risk-tier classification follows. Marketing a product as "AI-powered" or "not AI" does not change the legal test, which depends on technical substance.

Sources

  1. Article 3 — Definitions (AI system). EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  2. Commission Guidelines on the definition of an AI system (February 2025). European Commission. https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-definition-artificial-intelligence-system-established-ai-act
  3. Recital 12 — Concept of AI system. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  4. EU AI Act Annotated Text — Article 3. Artificialintelligenceact.eu. https://artificialintelligenceact.eu/article/3/
  5. OECD definition of an AI system (basis for the EU approach). OECD. https://oecd.ai/en/wonk/ai-system-definition-update
Back to blog

Related posts

EU AI Act for SaaS Startups: Your First 90 Days

18 June 2026 · 7 min read

What Is the EU AI Act? A Plain-English Guide for Founders

17 June 2026 · 7 min read

EU AI Act vs ISO 42001: Do You Need Both?

16 June 2026 · 7 min read