The term AI system is the foundational concept of the EU AI Act, because the entire regulation only applies to systems that meet its definition. The Act defines an AI system as a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that — for explicit or implicit objectives — infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Understanding this definition is the indispensable first step in any AI Act assessment.
Why the definition matters so much
The definition is not an academic detail; it is the gate through which everything else passes. If a system meets the definition, it falls within the scope of the AI Act and must be classified by risk, with all the obligations that follow. If it does not, the Act simply does not apply to it. A great deal therefore turns on the wording — which is precisely why the legislators worked to align it with international definitions and to make the decisive criterion something more specific than “any clever software”.
Inference is the decisive criterion
The single most important word in the definition is infers. The Act is concerned with systems that derive their outputs by inference from inputs — systems that, in effect, learn or reason rather than simply follow a fixed, explicitly programmed set of rules. This is what separates a machine-learning model, which generalises from data, from a conventional program whose every output is the deterministic result of code a human wrote. The distinction is not always clean in practice, but the principle is clear: the more a system’s behaviour emerges from learned patterns rather than hand-written logic, the more likely it is an AI system in the legal sense.
The line between AI and conventional software
Many business applications contain rules, formulas, and automation without being AI systems. A spreadsheet that computes a total, a workflow that routes a form based on fixed conditions, or a calculator that applies a tax rate are deterministic: given the same input, they always produce the same output by following explicit instructions. These are not AI systems. By contrast, a model that predicts which customers will churn, that ranks job applications, or that generates text has inferred a relationship from data and applies it to new cases. The practical test is whether the system’s outputs follow from explicit human-written rules or from patterns the system itself derived.
Autonomy and adaptiveness
Two further elements of the definition deserve attention. Autonomy refers to the degree to which a system operates without ongoing human intervention; the Act speaks of varying levels, acknowledging that some systems merely assist a human while others act largely on their own. Adaptiveness refers to the capacity of some systems to change their behaviour after they are deployed, for instance through continued learning. Neither element on its own makes something an AI system, but together with inference they describe the kind of dynamic, data-driven behaviour the regulation is concerned with.
Borderline cases
In practice, organisations often encounter systems that are hard to classify with certainty. A piece of software might combine deterministic logic with an embedded model; a vendor might describe a product as “AI-powered” for marketing reasons when the underlying mechanism is a simple rule set, or vice versa. The honest approach is to look past labels at how the system actually produces its outputs. Where genuine doubt remains, the prudent course is to document the reasoning behind the classification, because that reasoning is itself part of demonstrating good-faith compliance and will be the starting point if the classification is ever questioned.
Why classification comes first
Determining whether something is an AI system is the first of two classification steps. Only once a system is confirmed to be an AI system does the second step — placing it into a risk tier — even arise. A system that is not an AI system needs no risk classification, no conformity assessment, and no AI-Act documentation. This is why a careful inventory and an honest definitional assessment can save substantial effort: they prevent both the error of regulating ordinary software as if it were AI and the more dangerous error of overlooking a genuine AI system that triggers real obligations.
The role of general-purpose models
A special category sits alongside the general definition: general-purpose AI models, such as large language models, which can perform many tasks and be built into countless downstream systems. When an organisation integrates such a model into its own product, the resulting product is itself typically an AI system, and the organisation usually becomes its provider or deployer. Understanding the AI-system definition therefore also means understanding how a borrowed general-purpose model turns the product around it into something the AI Act governs.
AI systems in the DACH context
For companies in Switzerland, Germany, and Austria, the AI-system definition has immediate practical weight. The first task in any AI-Act readiness effort is to inventory all software in use or development and decide, for each, whether it is an AI system at all. This single decision shapes the entire compliance workload. Innopulse builds this definitional assessment into its AI Risk Check tool, guiding organisations through the question of whether a given system meets the legal definition before moving on to its risk tier — so effort is spent only where the regulation genuinely applies.
Conclusion
An AI system, in the language of the EU AI Act, is a machine-based system that infers from input how to generate outputs influencing its environment, with inference as the decisive criterion that separates it from deterministic software. Because the entire regulation hinges on this definition, classifying each system correctly is the foundational step of compliance. A careful, well-documented assessment ensures that effort is directed at genuine AI systems and not wasted on ordinary software — and that no real AI system slips through unnoticed.