Skip to main content Skip to main navigation

Publication

What are AI systems? Rethinking the core definition in the EU AI Act

Philip Meinel; Kevin Baum; Holger Hermanns; Emily Pöppelmann; Markus Langer; Anne Lauber-Ronsberg
In: Computer Law & Security Review, Vol. 62, Pages 1-12, Elsevier, 2026.

Abstract

The EU Artificial Intelligence Act (AI Act) is the first comprehensive attempt to regulate AI systems, with Article 3 (1) providing a legal definition as the entry point for most obligations. This paper argues that the primary criterion of the definition, a system's ability to "infer how to generate outputs", remains vague and ambiguous when applied to real-world examples. Our analysis traces the legislative evolution of the definition, from the Commission’s original method-based draft, through the OECD’s influence, to the final functional wording of Article 3 (1). It then examines the concept of inference, highlighting unresolved ambiguities between what the AI Act classifies as covered AI systems and excluded rule-based systems. Using the example of the COMPAS recidivism risk assessment tool and other borderline cases, the paper illustrates how technically simpler software can still produce high-risk outcomes. Excluding such systems could allow for regulatory arbitrage, especially when rulebased systems include results from the use of statistical or machine learning methods. Building on this, the paper provides a critical assessment of the European Commission's 2025 guidelines and argues for a shift in focus from technical complexity to a “limited controllability” as a more workable indicator for identifying AI systems.

More links