Risk Classification is included based on your engagement scope. Contact your Ayliea engagement lead to confirm what’s included, including AI-assisted narrative analysis.
Auto-classification
When you open the classification view for a registered system, Ayliea analyzes the use cases and data flows you provided during registration and suggests a risk tier automatically. The suggestion is based on the categories of use, the type of decisions the system influences, and the population it affects. Auto-classification is a starting point, not a final determination. Review the suggestion and accept it or override it with your own assessment.EU AI Act tiers
The EU AI Act organizes AI systems into four tiers based on the risk they pose:NIST AI RMF assessment
Alongside the EU AI Act classification, you can record an impact and likelihood assessment aligned to the NIST AI Risk Management Framework. This gives you a two-dimensional view of risk: how severe the potential harm is, and how likely it is to occur. The NIST assessment does not produce a pass or fail result — it produces a risk profile that informs your governance priorities.Accepting or overriding the auto-classification
After reviewing the suggested tier, select Accept to confirm it, or select Override to record a different tier. Overrides require a written rationale, which is saved with the classification record. This rationale is available during audits to explain why your team chose a different tier than the system suggested.Governance requirements
Once a system is classified, the governance requirements triggered by that classification are listed on the system detail view. For example, a High-risk system under the EU AI Act will show requirements such as:- Conformity assessment before deployment
- Human oversight mechanism documentation
- Post-market monitoring plan
- Incident reporting obligations

