The European Union’s AI Act introduces a framework for assessing and regulating AI systems based on risk levels. While the Act defines risk categories and compliance requirements, the classification of General-Purpose AI (GPAI) systems remains complex. This paper proposes a systematic risk classification enabling operators to categorise AI systems in accordance with the AI Act. We introduce a four-step classification process, distinguishing between high-risk AI systems, GPAI with and without systemic risk. Additionally, we outline key architectural considerations, including LLM-based AI agents, Retrieval-Augmented Generation, and hybrid deployment models. To validate our approach, we apply the framework to three real-world use cases, demonstrating its applicability. Our findings emphasise the challenges and impact of risk-based AI governance, offering practical insights for businesses developing or implementing GPAI under the AI Act.