AI systems explained: definition, examples and regulation

An AI system is a machine-based system that, for a given set of objectives, infers from the inputs it receives how to generate outputs such as predictions, content, recommendations or decisions that can influence real or virtual environments. That wording, or something very close to it, is now the shared definition across the EU AI Act, the OECD AI Principles, the NIST AI Risk Management Framework and ISO/IEC 22989. The convergence is real and it matters: when you are building or buying AI, "is this an AI system?" is the first question that decides which obligations apply.

This post does two things. First, it walks through each definition and where they differ. Second, it answers the question our customers keep asking: if my product contains several models or agents, is that one AI system or several?

What is an AI system?

An AI system is software that takes input, infers something from it, and produces an output that is meant to influence the world. The OECD wording is the source text; the EU AI Act and ISO/IEC 22989 imported it with small edits; NIST used an earlier variant but describes the same object. Three traits keep showing up:

1. Some degree of autonomy. The system acts without a human holding its hand on every step.
2. Possible adaptiveness. It may learn or change after deployment, though it need not.
3. Inference. It maps inputs to outputs by something more than a fixed rule table.

That is it. The rest of the regulatory machinery sits on top of this definition.

AI system vs AI model

The EU AI Act is the only framework that draws a legal line between "AI model" and "AI system." A model is the trained artefact (weights, architecture, learned parameters). A system is the model plus the surrounding machinery (interface, data pipeline, intended purpose) that makes it do something useful for a user.

The Act's own words: an AI model "is an essential part of an AI system but does not constitute an AI system itself." GPT-4 alone is not an AI system under the Act. A customer support chatbot built on GPT-4, shipped to users, is.

Why this matters:

• System-level obligations (risk classification, conformity assessment, transparency to users) attach to the provider who puts the system on the market.
• General-Purpose AI (GPAI) model obligations attach to whoever trained and released the model. If you fine-tune or integrate a GPAI model, you are a system provider, not a model provider, unless the fine-tune is substantial enough to be a new model.

OECD, NIST and ISO do not make this separation at the legal level. They regulate or describe systems only. If you are complying with the EU AI Act, the distinction is load-bearing. Everywhere else, it is terminology.

How the major frameworks define an AI system

EU AI Act (Article 3(1))

A machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

The European Commission's AI Office published non-binding guidelines in February 2025 that expand on each clause. They are useful for borderline cases (is a statistical model an AI system? is a rule-based expert system?) but they do not resolve the one-or-many question for composite products.

NIST AI Risk Management Framework (2023)

An engineered or machine-based system that can, for a given set of objectives, generate outputs such as predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy.

"Engineered" is the key word. NIST emphasises intentional design and accountable objectives. Adaptiveness is implied, not required. The framework is voluntary in the US but is the de facto reference that most American enterprise buyers cite in vendor questionnaires.

OECD AI Principles (updated 2024)

A machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

This is the source of the modern definition. The EU imported it almost verbatim. The US AI executive orders reference it. Over forty countries have endorsed it. If there is a global definition of "AI system," it is this one.

ISO/IEC 22989:2022

ISO/IEC 22989 defines an AI system as an "engineered system that generates outputs such as content, forecasts, recommendations or decisions for a given set of human-defined objectives." The standard also defines an AI component as a "functional element that constructs an AI system." That second definition is the one you need for the compound-systems question below, because ISO is the only body that explicitly says an AI system can be built from multiple cooperating components.

Types of AI systems

The frameworks are technology-neutral, but a few shapes recur in practice:

• Predictive systems: classification, regression, forecasting. Credit scoring, churn prediction, medical triage.
• Generative systems: LLMs, image and video generators, code assistants.
• Decision-support systems: scoring and ranking models with a human in the loop.
• Autonomous systems: robotics, autonomous vehicles, agentic workflows that take actions on external systems without a human approval step.
• Multi-agent and compound systems: several models or agents composed into one product. This is where the one-or-many question lives.

Multi-agent and compound AI systems: one or many?

Most real products contain more than one model. A customer support product might combine an intent classifier, a retrieval model, an LLM and a safety filter. An autonomous vehicle combines perception, planning and control models. An "agentic AI" platform runs several agents in sequence or in parallel.

The honest answer is that no regulator has drawn a sharp line, and the European Commission's guidelines explicitly decline to. Here is the test that holds up in practice:

Count by intended purpose, not by model.

If the models collectively serve one intended purpose visible to the user, treat the whole assembly as one AI system with internal components. Document the components, assess the system-level risk, ship one conformity record. This is how Meta describes its content recommendation stack ("multiple models that identify content and predict how likely a person is to interact with it"). It is how ISO/IEC 22989 reads when you take the AI-component definition seriously.

If the models serve distinct intended purposes, even when bundled in one product, treat them as separate AI systems. A smart fridge with inventory vision and a voice assistant is two systems, because the intended purposes are different and the risk profiles are different.

The logic is hard to vary: the regulation cares about the risk a user and a bystander are exposed to. Risk is a property of what the system does, not of how many neural networks are inside.

Our position at Modulos

Default to counting by intended purpose, and err on the side of more systems rather than fewer. Two reasons. First, it forces you to surface the distinct risks inside a product, which is what your QMS should be doing anyway. Second, if an auditor or regulator later splits a product into two systems that you registered as one, you will need to redo the conformity work. Splitting up-front is cheaper than re-splitting later.

How the frameworks diverge

Most of the disagreement is cosmetic. The substantive differences:

1. Autonomy and adaptiveness. EU and OECD name them explicitly. NIST and ISO imply them. No framework requires adaptiveness.
2. Human involvement. EU and OECD say "human-defined objectives." NIST omits the phrase. Nothing turns on it in practice; all frameworks assume humans set the goal and the data.
3. Model-level regulation. Only the EU AI Act regulates GPAI models as a separate legal category. Everywhere else, the model is regulated only through the system that wraps it.
4. Composite systems. ISO is the only framework that explicitly acknowledges multi-component systems. The others leave it to interpretation.

None of these divergences change the core definition. The same artefact is an AI system under all four frameworks, or under none.

Frequently asked questions

What is an AI system? An AI system is a machine-based system that infers, from inputs, how to generate outputs (predictions, content, recommendations, decisions) that influence physical or virtual environments, with some level of autonomy.

What is the difference between an AI model and an AI system? Under the EU AI Act, a model is the trained artefact (weights, architecture). A system is the model plus the interface, data pipeline and intended purpose that make it useful to a user. OECD, NIST and ISO do not separate the two at the legal level.

Is a chatbot an AI system? Yes. A chatbot built on an LLM is an AI system under all four frameworks. The LLM by itself is only separately regulated under the EU AI Act, as a GPAI model.

How does the EU AI Act define an AI system? Article 3(1). See the quoted text above. The definition is taken almost verbatim from the OECD AI Principles.

Are multiple AI agents in one product one AI system or many? Count by intended purpose. If the agents serve one user-facing purpose, treat the assembly as one AI system with components. If they serve distinct purposes, treat them as separate AI systems even if bundled.

Is a rule-based expert system an AI system? Borderline. The European Commission's guidelines (Feb 2025) lean toward excluding purely deterministic rule-based systems, because they do not "infer" in the relevant sense. Machine-learned or probabilistic systems are in scope.

What to do next

If you are trying to figure out what is and is not an AI system in your own product, start with the intended-purpose test, then map each system against the EU AI Act risk classes and the controls in ISO/IEC 42001. We wrote the implementation guidance for ISO 42001 that powered the first German ISO 42001 certification (Xayn, June 2025) and hold the first product conformity attestation from CertX against the standard.

Related reading:

• ISO 42001 explained: requirements, certification and implementation
• NIST AI Risk Management Framework: the four functions explained
• EU AI Act summary (2026)
• High-risk AI systems under the EU AI Act
• CE marking under the EU AI Act