Classifying classification: Risks of the AI Act and the (re)organization of artificial intelligence in academic libraries

Abstract

Background

The European Union’s Artificial Intelligence Act (AI Act) establishes a pioneering, sector-agnostic, risk-based taxonomy for artificial intelligence systems. However, its concrete operational implications for academic libraries, which increasingly rely on AI for discovery services, metadata generation, user support, and analytics, remain insufficiently explored.

Methods

This study conducts a systematic review of recent scientific and professional literature and maps common academic library AI use cases onto the proportional risk and compliance obligations defined by the AI Act. Based on this analysis, a sector-specific risk-classification matrix is developed to support regulatory interpretation in the library context.

Results

The findings indicate that ethical principles frequently prevail over enforceable compliance mechanisms, that library AI applications align conceptually with the AI Act’s taxonomy but lack practical operationalization, that generative AI and large language models intensify regulatory ambiguity, that AI procurement practices in libraries rarely incorporate AI Act safeguards, and that the protection of fundamental rights, including equity, privacy, and intellectual freedom, requires measurable controls beyond transparency notices.

Discussion

The results reveal a substantial gap between the regulatory framework and its practical implementation in academic libraries. Governance approaches remain largely normative, while auditable and operational compliance mechanisms are still underdeveloped. The rapid diffusion of generative AI further complicates accountability, risk classification, and institutional responsibility.

Conclusion

This study contributes a sector-specific AI risk-classification matrix, identifies policy needs for tailored audit and procurement models, and highlights key research gaps in empirical validation, bias detection, and trust frameworks. By bridging regulation and practice, it positions academic libraries as potential norm-setters within the European AI governance ecosystem, exemplifying rights-preserving and compliance-ready institutions where regulation acts both as a safeguard and a catalyst for responsible innovation.

Keywords

EU AI act academic libraries responsible artificial intelligence digital transformation information policy

Introduction

The European Union Artificial Intelligence Act (AI Act) represents the first comprehensive attempt to regulate AI on a risk-based model. While its provisions are designed to be sector-agnostic, their implications for academic and research libraries remain largely unexamined. This absence is striking: libraries increasingly rely on AI systems, ranging from recommender algorithms and discovery platforms to generative AI tools and biometric-based learning analytics, yet few studies have systematically mapped these applications against the Act’s risk categories and proportional obligations.

This gap gives rise to a central research problem: How can the AI Act’s risk taxonomy be operationalized within academic library settings, and what benefits or limitations does such alignment create for responsible AI governance?

To address this question, the study pursues the following objectives:

✓ General Objective: To critically examine the applicability of the AI Act’s risk-based framework to academic library contexts, with a view to identifying both opportunities and constraints;

✓ Specific Objectives:

o Map common AI use-cases in libraries against the AI Act’s risk categories;

o Assess the extent to which current literature addresses compliance mechanisms beyond ethical principles;

o Explore the governance and procurement implications of risk classification;

o Identify future research and practice directions for aligning library operations with regulatory requirements.

Based on the literature reviewed, two working hypotheses frame the inquiry:

(1) Academic libraries tend to rely on principle-based ethical frameworks rather than enforceable compliance mechanisms when deploying AI systems;

(2) The AI Act, if operationalized through sector-specific tools such as risk-classification matrices and contractual safeguards, can transform libraries into exemplars of rights-preserving AI governance.

The underlying problem, therefore, is not merely whether libraries use AI, but whether they govern it responsibly and in alignment with binding regulatory standards. The risk is that, without contextualized frameworks, libraries may either over-regulate benign tools or, conversely, underestimate the compliance burdens of high-risk systems, both scenarios undermining their mission as custodians of equitable access, academic freedom, and public trust.

This article positions itself within that tension. By bridging the regulatory innovations of the AI Act with the operational realities of academic libraries, it seeks to provoke a broader debate: should libraries remain passive adopters of AI shaped by external vendors, or can they become active norm-setters within Europe’s emerging AI governance ecosystem? The challenge is not only technical but institutional, demanding a shift from abstract ethics to enforceable procedures.

Methodology

This study followed a qualitative approach supported by a systematic literature review. The methodological design was guided by the central research question: How can the European Union’s Artificial Intelligence Act (AI Act) be operationalized within academic and university libraries through a risk-based taxonomy? The general objective was to map existing scholarship at the intersection of the AI Act, AI applications, and library practices, while the specific objectives focused on (i) identifying use cases of AI in academic libraries, (ii) examining how these applications align with the Act’s proportional obligations, and (iii) exploring sector-specific governance models capable of translating principles into verifiable practices. In line with these aims, the study also worked with two exploratory hypotheses: that current LIS literature privileges ethical principles over enforceable compliance pathways, and that operational matrices tailored to library contexts could provide a bridge between regulation and practice.

The following search string was applied:

(“Artificial Intelligence Act” OR “EU AI Act” OR “European Union AI regulation”) AND (“Academic libraries” OR “University libraries”) AND (“Artificial Intelligence” OR “AI” OR “Generative AI”)

Three databases were initially considered. In the Web of Science, the time span was restricted to 2021-2025. This decision was grounded in the fact that the political and scientific discussion on the AI Act started in 2021, and our intention was to capture literature produced during its negotiation and early implementation phases. Filters were applied to retrieve only review articles, and the disciplinary scope was refined to Library & Information Science Source. In Scopus, the search produced only 11 results when limited to articles. This relatively low yield reflects the emerging and still underexplored nature of the topic. Dimensions was also tested; however, the single item retrieved was situated in the field of journalism and therefore outside the scope of this study.

Altogether, the searches returned 275 results (Figure 1). To optimize the screening process, the tool Rayyan was employed. The first step was the identification of duplicates, of which none were found. The second step involved systematic screening, applying inclusion criteria (articles explicitly addressing the AI Act, artificial intelligence, and their implications for libraries or higher education) and exclusion criteria (items unrelated to the research problem, such as the journalism paper retrieved from Dimensions).

Figure 1.

Prisma flux diagram. Source: Based on PRISMA 2020 Statement.

Through this process, 224 items were excluded, leaving a working corpus of 51 relevant results. To strengthen the review, one additional article identified through web-based search was included, along with the official Portuguese version of the AI Act, which provides essential legal and conceptual grounding for the analysis.

This methodological pathway ensures that the review is both comprehensive, covering the key international databases most likely to index relevant LIS scholarship, and selective, focusing strictly on material aligned with the research problem. The use of Rayyan enhanced transparency and reproducibility in the selection process, while the explicit reporting of inclusion and exclusion criteria increases methodological rigor.

To enhance methodological transparency, it is important to note that Figure 2 through 6 were generated using artificial intelligence tools. These figures were designed to synthesize and visualize complex concepts emerging from the literature review, thereby supporting analytical clarity and facilitating knowledge translation. In addition, AI-assisted language refinement was employed to improve precision, coherence, and readability of the manuscript, while ensuring that all substantive arguments, interpretations, and critical perspectives remained the responsibility of the authors. This combined use of AI-generated visuals and text refinement aligns with recent scholarly practices that recognize the role of AI as an auxiliary instrument in academic writing, without displacing the centrality of human judgment and critical analysis.

Figure 2.

AI Act risk levels and illustrative library applications. Source: Generated with AI.

Literature review

Operationalizing risk taxonomies: Applying the EU Artificial Intelligence Act to academic library practices

The European Union’s Artificial Intelligence Act (AI Act) introduces a risk-based taxonomy that differentiates between prohibited, high-risk, limited-risk, and minimal-risk AI systems (Europe Union, 2024). While the regulation is designed to apply broadly across sectors, its operational implications for academic and research libraries remain largely unexplored in the scholarly record. This gap is significant: libraries are both adopters of AI-enabled technologies (e.g., recommender systems, discovery layers, chatbots, plagiarism detection, and analytics) and custodians of fundamental rights such as equitable access to knowledge, intellectual freedom, and data protection (Concha et al., 2024; Mannheimer et al., 2024).

Existing studies highlight efficiency gains and enhanced user services from AI adoption in libraries, while also warning about opacity, bias, and governance challenges (Borgohain et al., 2024; Collins et al., 2021). Yet, few explicitly connect these insights to the AI Act’s proportional obligations (Ashok et al., 2022; Laine et al., 2024).

Several strands of the reviewed literature provide the necessary building blocks for such operationalization. Ethical frameworks and dialogical instruments, such as the Data Ethics Decision Aid (DEDA) (Franzke et al., 2021), demonstrate how abstract ethical principles can be embedded into organizational processes. Likewise, systematized reviews of AI in library contexts (Bawack and Bawack, 2025; Concha et al., 2024) identify concrete cases of use that can be reclassified under the AI Act’s risk taxonomy. For instance, AI-powered proctoring and biometric identification tools align with high-risk categories due to their potential to affect fundamental rights, while recommender systems for content discovery are more plausibly framed as limited-risk, requiring transparency and user notification (Chen et al., 2024).

Within this regulatory framework, it becomes essential to distinguish how different applications of AI in libraries may fall under the European Union’s four-tier taxonomy of risk. This categorization not only clarifies the level of regulatory scrutiny but also highlights the proportionality principle at the core of the AI Act. To illustrate this, Figure 2 presents the hierarchy of AI risk levels, prohibited, high-risk, limited-risk, and minimal-risk, together with indicative examples relevant to library contexts. This visual framing reinforces the idea that the Act does not impose uniform requirements; instead, it calibrates obligations according to the potential harm posed to fundamental rights. Such a framework provides the conceptual foundation for analyzing library-specific applications in the subsequent sections.

The literature on generative AI and large language models (Afjal, 2023; Buetow and Lovatt, 2024; Gupta et al., 2025) further complicates the taxonomy, as the AI Act introduces specific obligations for general-purpose AI systems. These obligations, ranging from technical documentation and testing to transparency towards downstream deployers, translate directly into library contexts where LLMs are increasingly deployed in search assistance, metadata generation, and summarization services. Without contextualized frameworks, libraries risk either over-regulating benign applications or, conversely, underestimating the compliance burden of high-risk.

What emerges from this body of research is both a clear opportunity and a pressing necessity: to design a sector-specific operational matrix that aligns common academic library applications with the AI Act’s risk categories and associated compliance obligations. Such a matrix would serve two purposes: first, as an internal governance instrument that guides procurement, deployment, and evaluation of AI systems in libraries (Lee et al., 2023; Roy, 2025); and second, as a contribution to the broader discourse on responsible AI in education and research sectors, positioning libraries not merely as passive adopters but as critical intermediaries in the European AI regulatory landscape.

Towards AI-Act-ready governance: Ethical auditing frameworks for library and information services

Across the literature, one theme stands out with urgency: the question of governance and ethical oversight. Libraries have long framed themselves as guardians of intellectual freedom, equity of access, and the responsible management of knowledge. As AI enters their workflows, whether in metadata creation, discovery, or user-facing services, the challenge is not merely what these systems can do, but how they are governed.

Several studies provide conceptual scaffolding for this debate. Ashok et al. (2022) and Laine et al. (2024) propose broad ethical frameworks for AI and digital technologies, highlighting principles of transparency, accountability, fairness, and explicability. Franzke et al. (2021) with the DEDA, demonstrate that ethical reflection can be embedded into day-to-day decision-making, turning values into operational processes. Heyder et al. (2023) and Trigo et al. (2024) add further nuance, showing how human-AI interaction and algorithmic fairness can be evaluated systematically.

What is striking, however, is the regulatory gap. These frameworks are not explicitly aligned with the risk-based obligations introduced by the AI Act. Ethical audits often remain voluntary, aspirational, or sector-agnostic, while the AI Act requires that for certain categories, especially high-risk systems, ethical considerations be transformed into legally binding compliance checks, technical documentation, and ongoing monitoring. For libraries, this means moving from principles to procedures: how to evidence that a chatbot is sufficiently transparent, or that a recommender system has been tested for bias, not just assumed to be fair.

The literature on libraries and archives begins to sketch this transition. Mannheimer et al. (2024) argue that responsible AI practice in cultural heritage institutions requires formal governance structures, not ad hoc adaptations. Borgohain et al. (2024) and Concha et al. (2024), in their reviews of AI applications in libraries, emphasize the diversity of use cases, yet they stop short of specifying governance protocols matched to risk levels. The implication is clear: while ethical guidance is abundant, libraries lack a sector-specific audit framework that translates these principles into compliance pathways under the AI Act.

This study positions itself within that gap. By synthesizing existing ethical frameworks with the regulatory obligations of the AI Act, it aims to outline what an AI-Act-ready audit process for libraries could look like. Such a process would not only strengthen compliance but also reaffirm libraries’ longstanding commitment to responsible stewardship of information technologies. In doing so, libraries could shift from being passive adopters of AI tools to active shapers of how AI is governed in academic knowledge environments.

General-purpose AI and large language models in academic libraries

If there is one technology that has accelerated debates around the AI Act, it is the rise of general-purpose AI and large language models (LLM). Unlike domain-specific applications, these systems are adaptable, fast-evolving, and widely deployed across multiple contexts, including libraries. The AI Act treats general-purpose AI with particular attention, imposing obligations for technical documentation, transparency, and risk management precisely because of their broad applicability (Europe Union, 2024).

In the library field, the literature shows a surge of interest in how LLM reshape core functions. Afjal (2023) highlights the transformative, yet disruptive, potential of ChatGPT in research and learning environments. Scherbakov et al. (2025) and Buetow and Lovatt (2024) demonstrate how LLM are already being tested for dynamic literature reviews, while Sparkman and Witt (2025) critically assess their ethical boundaries. Hossain (2025) and Harper and Groth (2025) point to the need for AI literacy and new skillsets among librarians, reinforcing the idea that these tools are no longer peripheral, they are becoming embedded in the everyday practice of information work.

Yet the scholarship also voices caution. Gupta et al. (2025) map the emerging trends of generative AI and emphasize unresolved issues of bias, opacity, and misuse. Ridley (2025) underscores the importance of human-centered explainability, a principle echoed in Potnis et al. (2025) when discussing the risks of algorithmic gatekeeping. These concerns are amplified in academic libraries, where intellectual freedom, academic integrity, and equity of access are non-negotiable values. Without clear governance, LLM risk undermining precisely the principles libraries are meant to protect.

What is missing across the literature is a regulatory lens: how to classify and manage LLM deployments in libraries within the AI Act’s risk taxonomy. Are LLM-based chatbots for reference services merely limited-risk tools requiring transparency notices, or do they edge into higher-risk categories when they mediate assessments of students’ academic work? What safeguards must be in place when metadata generation or recommender systems are driven by generative models? These are not theoretical questions; they are compliance issues with direct legal and ethical implications.

The contribution of this article is to bridge that gap. By mapping library use cases of general-purpose AI against the obligations of the AI Act, it seeks to provide a practical compliance framework that clarifies when transparency notices suffice, when human oversight must be mandated, and when more robust measures, such as bias testing and independent audits, are required. In doing so, the analysis positions libraries not only as consumers of LLM technology but as critical regulators of their own environments, actively shaping how general-purpose AI is responsibly integrated into academic knowledge systems. (Table 1)

Table 1.

Mapping AI use cases in academic libraries to AI Act risk categories and obligations.

Library AI use case	AI Act risk category	Key obligations (selected)	References (examples)
Biometric-based proctoring tools/remote exam surveillance	High-risk (Annex III: Biometric identification, education context)	Risk management system; Data governance; Technical documentation; Human oversight; Accuracy, robustness, cybersecurity	(Echedom and Okuonghae, 2021; Harisanty et al., 2025)
Recommender systems in discovery platforms/content curation	Limited risk	Transparency to users; Clear disclosure that content is algorithmically recommended; Option to opt out	(Borgohain et al., 2024; Concha et al., 2024)
Chatbots for reference and user assistance	Limited-risk → High-risk (context-dependent)	Transparency notice; Human oversight; If mediating evaluation of students’ work → risk assessment + documentation	(Afjal, 2023; Ng and Zhang, 2025)
Metadata generation and summarization using LLM	General-purpose AI with downstream limited/high-risk use	Technical documentation from provider; Bias testing; Human-in-the-loop verification; Transparency to end-users	(Buetow and Lovatt, 2024; Scherbakov et al., 2025; Sparkman and Witt, 2025)
Analytics on user data (learning analytics, library space monitoring)	High-risk (education impact)/Limited risk (aggregate data)	DPIA (Data protection Impact Assessment); Documentation; User consent/notification; Security measures	(Lee et al., 2023; Roy, 2025)
Automated decision support in acquisitions/collection management	Minimal to limited risk	Basic transparency; Ensure human oversight; Document rationale for automated decisions	(Bawack and Bawack, 2025; Borges et al., 2021)
Algorithmic gatekeeping (content filtering, access restrictions)	High-risk (fundamental rights)	Documentation of filtering criteria; Bias/impact testing; Human appeal mechanism	(Mannheimer et al., 2024; Potnis et al., 2025)

Source: Own ellaboration.

Contractual safeguards and procurement policies: Embedding responsible AI clauses in library vendor agreements

If libraries are to operationalize the AI Act in practice, they cannot focus only on internal governance. Much of the AI they deploy is procured through third-party vendors, discovery platforms, analytics dashboards, learning support tools, or LLM. This procurement environment creates a structural dependency: libraries rarely design the AI themselves, yet they remain accountable for how these tools are implemented within academic contexts. The literature increasingly acknowledges this tension, but systematic approaches remain scarce.

Collins et al. (2021) and Borges et al. (2021) underline the strategic dimension of AI adoption in organizational settings, noting that procurement choices are often driven by functionality rather than compliance. Mannheimer et al. (2024) argue that responsible AI in libraries and archives requires embedding accountability mechanisms not only at the institutional level but also contractually with providers. This is where the AI Act provides a critical lever. By explicitly defining provider and deployer obligations, it empowers libraries to negotiate contracts that reflect risk-based compliance requirements.

The gap is evident in practice. Few library contracts today include clauses on algorithmic transparency, bias auditing, or human oversight mechanisms. Yet under the AI Act, deployers of high-risk systems are required to ensure these safeguards are in place. This means procurement contracts need to go beyond service-level agreements on uptime and data protection; they must include compliance clauses that specify, for example:

✓ Provider responsibility for maintaining technical documentation;

✓ Obligations to disclose training data limitations;

✓ Commitments to deliver bias testing results;

✓ Clear processes for libraries to exercise audit rights.

Literature outside the library domain reinforces this trajectory. Ashok et al. (2022) propose ethical frameworks that emphasize contractual embedding of values, while Lee et al. (2023) demonstrate how organizational AI adoption hinges on governance at the procurement stage. Saputra et al. (2024) and Netipatalachoochote and Pailler (2025), though examining national AI legislation in other jurisdictions, point to a similar insight: law without contractual integration risks remaining aspirational.

For libraries, the implication is twofold. First, procurement becomes a frontline site for ensuring AI Act compliance: contracts must explicitly reference risk classification and associated safeguards. Second, by adopting proactive procurement policies, libraries can influence vendors, many of whom serve multiple institutions and markets, to raise their standards more broadly. This places libraries not only as implementers but as norm-setters, aligning procurement power with their ethical mission.

Safeguarding fundamental rights and values in the age of AI libraries

At the heart of the AI Act lies a concern that extends beyond technical compliance: the protection of fundamental rights. This resonates deeply with libraries, which historically position themselves as institutions of intellectual freedom, privacy, equity, and public trust. If the Act classifies systems not only by technical function but by their potential impact on rights and freedoms, libraries provide a particularly rich terrain in which these principles are tested.

The literature acknowledges the stakes, though often indirectly. Mannheimer et al. (2024) emphasize that responsible AI in libraries and archives must be anchored in ethical commitments to openness and inclusivity. Potnis et al. (2025) warn of the dangers of algorithmic gatekeeping, where automated systems inadvertently restrict access to knowledge or reinforce structural inequities. Ridley (2025) argues for human-centered explainability, situating transparency not merely as a compliance obligation but as a right of the user to understand how decisions affecting their access to information are made.

These challenges, while conceptually distinct, converge around a common concern: how to preserve user rights and institutional trust in the face of increasing AI integration. To synthesize these issues, Figure 3 maps four recurring areas of concern identified in the literature, algorithmic bias, opacity of decision-making, vendor lock-in, and limited digital literacy among end-users. By clustering these challenges, the figure highlights both the diversity and the interdependence of the obstacles libraries must confront.

Figure 3.

Key challenges for AI adoption in academic libraries: bias, opacity, vendor lock-in, and digital literacy. Source: Generated with artificial intelligence.

Beyond the library field, broader studies underline the risks at play. Chen et al. (2024) document how bias in AI systems can disproportionately affect vulnerable groups. Trigo et al. (2024) highlight fairness as a principle too often abstracted rather than operationalized, while Kelly et al. (2023) examine acceptance of AI as contingent on trust, a fragile asset that libraries cannot afford to erode.

What emerges from these strands is a paradox. Libraries, often early adopters of digital innovation, risk becoming sites where rights are compromised unless safeguards are explicit. Transparency notices alone may not suffice; what is needed is a culture of rights-oriented governance, where bias testing, human appeal mechanisms, and rigorous oversight are not treated as optional enhancements but as core responsibilities.

The AI Act provides a framework for this shift. By codifying protections against discriminatory outcomes, mandating human oversight, and requiring proportionality in high-risk deployments, it aligns with the foundational mission of libraries. Yet the Act also challenges libraries to translate values into verifiable practices: to demonstrate, for example, how a recommender system protects against exclusionary bias, or how an LLM-based service avoids undermining academic integrity.

This paradox can be more clearly understood when visualized as a balance between rights-oriented safeguards and the functional benefits promised by AI systems. Figure 4 situates core library values, intellectual freedom, institutional autonomy, privacy, and algorithmic transparency, within this tension, illustrating how each can be simultaneously strengthened or undermined by AI adoption. By framing these values as points of equilibrium rather than fixed absolutes, the figure underscores the challenge libraries face: to adopt innovative technologies without compromising their foundational mission.

Figure 4.

Balancing risks and benefits of AI adoption in academic libraries: mapping core values against regulatory implications. Source: Generated with Artificial Intelligence.

In this sense, libraries are not merely passive recipients of regulation but potential exemplars. By embedding fundamental rights into their AI governance models, they can model what responsible implementation looks like across the broader knowledge ecosystem. This positions the library not only as a site of compliance but as a custodian of rights in the algorithmic age.

Findings

This review yields five interlocking findings that clarify how the AI Act can be operationalized in academic library settings and where the current literature still falls short.

I. The AI Act is rarely operationalized in LIS scholarship, ethical guidance dominates, compliance pathways do not. Across the corpus, discussions of AI in libraries are abundant, but most rely on principle-based frameworks rather than risk-based compliance models. Reviews and conceptual pieces synthesize transparency, accountability, fairness, and explicability as recurrent values (Ashok et al., 2022; Heyder et al., 2023; Laine et al., 2024), and dialogical tools such as DEDA show promise for embedding ethics in routine decisions (Franzke et al., 2021). Yet only a small subset translates those principles into AI Act aligned controls (documentation, bias testing, human oversight, transparency notices) by risk class. Within LIS, responsible AI reviews and domain mappings acknowledge the governance gap (Borgohain et al., 2024; Concha et al., 2024; Mannheimer et al., 2024), but stop short of a sectoral taxonomy tied to the Act’s proportional obligations (Europe Union, 2024);

II. Library use-cases are converging, and stratify naturally by risk, yet are seldom mapped to the Act’s taxonomy. The literature consistently identifies a stable set of applications: chatbots for reference, recommender/discovery systems, metadata generation and summarization (often LLM-assisted), learning and space analytics, and, in some institutional contexts, remote proctoring and biometric identification (Borgohain et al., 2024; Concha et al., 2024; Echedom and Okuonghae, 2021; Roy, 2025). Read through an AI Act lens, these naturally partition into limited-risk (e.g., recommender and most chatbots, subject to transparency) and high-risk categories (e.g., proctoring/biometrics; certain analytics with potential educational impact). However, the explicit assignment of controls by risk level, risk management systems, technical documentation, human-in-the-loop design, and post-deployment monitoring, remains largely implicit or absent in published guidance. To complement this analysis, Figure 5 visualizes the main benefit dimensions associated with AI deployments in academic libraries, efficiency, accessibility, personalization, research support, and innovation. These categories, consistently identified across the reviewed literature, highlight that while risk classification is essential under the AI Act, libraries also perceive AI as a driver of service enhancement and institutional transformation. By mapping these benefits, the figure underscores the dual challenge faced by libraries: maximizing opportunities while ensuring proportionate safeguards.

III. Generative purpose AI/LLM amplify governance ambiguity: documentation and oversight duties are clear in law but diffuse in practice. Studies of generative AI show rapid uptake in scholarly and library workflows, dynamic literature reviews, summarization, metadata support, and user assistance (Afjal, 2023; Buetow and Lovatt, 2024; Scherbakov et al., 2025; Sparkman and Witt, 2025). At the same time, they foreground unresolved risks, bias, opacity, hallucination, misuse, and explainability deficits, with calls for human-centred explanaible AI (Ridley, 2025) and vigilance against algorithmic gatekeeping (Gupta et al., 2025; Potnis et al., 2025). Under the AI Act, general purpose AI carries specific obligations (provider documentation, transparency to downstream deployers, risk mitigation) that libraries increasingly depend upon yet do not routinely demand or evidence in deployment policies (Europe Union, 2024);

IV. Procurement is the compliance chokepoint: vendor contracts rarely encode AI-Act ready safeguards. Library AI is often procured, not built. Organizational reviews emphasize that adoption decisions are shaped by functionality and fit, more than by verifiable compliance features (Borges et al., 2021; Collins et al., 2021; Lee et al., 2023). LIS-specific work calls for formal governance but provides limited contractual templates (Mannheimer et al., 2024). The result is a structural dependency where audit rights, bias-testing deliverables, model documentation, and transparency commitments are under-specified in vendor agreements, precisely where the AI Act’s provider-deployer allocation of duties could be translated into enforceable clauses;

V. Fundamental rights are the through-line: trust, equity, and academic freedom are at stake without risk-proportionate controls. Evidence from LIS and adjacent fields shows that biased or opaque systems threaten vulnerable groups and erode user trust (Chen et al., 2024; Kelly et al., 2023). For libraries, institutions normatively committed to intellectual freedom, privacy, and equitable access, this raises the bar: transparency notices and generic ethics statements are necessary but insufficient. What the literature supports, and the AI Act requires for higher-risk deployments, is a rights-oriented governance culture: bias/impact testing, meaningful human appeal, clear user communications, and continuous post-deployment monitoring (Europe Union, 2024; Mannheimer et al., 2024; Potnis et al., 2025).

Figure 5.

Benefit dimensions of AI applications in academic libraries. Source: Generated with artificial intelligence.

Cross-cutting implications

(1) For practice (libraries): move from principle to procedure by adopting a risk-classification matrix that ties common use-cases to concrete AI-Act obligations (e.g., transparency artefacts for limited-risk chatbots; DPIA, bias testing, and human oversight for high-risk proctoring/analytics); integrate these requirements upstream in procurement with enforceable vendor deliverables;

(2) For policy (sector bodies): develop sector-specific audit checklists and model contract clauses that operationalize the Act’s proportionality in LIS contexts, including expectations for generative purpose AI documentation and explainability;

(3) For research: address three gaps- (i) empirical validation of risk classification and controls in academic libraries; (ii) measurement frameworks for bias/explainability tailored to discovery and metadata workflows; (iii) outcomes studies on user trust and academic freedom under different governance designs.

Taken together, the findings position academic libraries not only as deployers of AI but as norm-setting institutions capable of demonstrating what AI-Act-aligned, rights-preserving implementation looks like in the European knowledge ecosystem.

Discussion

The findings of this review highlight both the potential and the limitations of applying the EU AI Act to academic libraries. The Act offers a regulatory compass that can transform ethical aspirations into enforceable safeguards, yet the literature reveals significant gaps: compliance pathways remain underdeveloped, procurement contracts lack explicit safeguards, and libraries risk becoming passive adopters rather than active shapers of AI governance.

To capture these dynamics in a structured way, Table 2 presents a comparative synthesis of the benefits (pros), critiques (cons), and challenges identified in the literature and in this analysis.

Table 2.

Comparative analysis of applying the AI Act in academic libraries.

Dimension	Pros (Benefits)	Cons (critiques)	Challenges (Future directions)
Regulatory alignment	Provides a structured, risk-based taxonomy that libraries can directly adopt	Limited LIS literature explicitly operationalizing the AI Act	Translating risk levels into concrete workflows for library services
Ethical reinforcement	Reinforces long-standing library values (equity, privacy, intellectual freedom)	Overreliance on principle-based frameworks without compliance pathways	Embedding continuous monitoring and auditing to protect user rights
Sectoral leadership	Opportunity to position libraries as exemplars of responsible AI governance	Smaller libraries may lack resources to implement compliance mechanisms	Building institutional capacity and sector-wide audit tools
Vendor relations	Procurement could drive vendors to adopt AI Act-compliant safeguards	Current contracts rarely include enforceable compliance clauses	Negotiating effective contractual obligations with external providers
Generative AI	Expands service potential (literature reviews, discovery, metadata)	Heightened ambiguity in risk classification and explainability	Governing generative purpose AI/LLM with transparency, bias mitigation, and human oversight
Research & innovation	Identifies clear empirical and conceptual gaps for future LIS research	Existing work under-theorizes compliance and over-focuses on principles	Developing sector-specific metrics for bias, explainability, and trust

Source: Own elaboration.

This comparative framing reinforces that libraries are at a crossroads: either they adopt AI uncritically, replicating patterns of bias and opacity, or they seize the AI Act as an opportunity to embed rights-preserving governance into their operations. The pros demonstrate that alignment is feasible and synergistic with core library values; the cons reveal a scholarly and operational lag in translating principles into practice; and the challenges highlight where sector-wide effort and empirical inquiry are most needed.

In short, academic libraries are not merely deployers of AI systems, they can become exemplars of responsible, AI-Act-aligned governance within the European knowledge ecosystem.

Building on these reflections, it becomes evident that aligning academic libraries with the EU AI Act requires a triangular interaction between research, policy, and practice. Research provides the conceptual and empirical evidence to ground risk-classification frameworks; policy translates these insights into enforceable governance structures; and practice ensures their day-to-day operationalization within library environments. To illustrate this interdependence, Figure 6 visualizes the tripartite scaffolding necessary for embedding responsible AI governance in libraries.

Figure 6.

Triangular framework linking research, policy, and practice for AI-Act-aligned library governance. Source: Generated with artificial intelligence.

Conclusion

This study demonstrates that the EU AI Act offers academic libraries not just a legal framework but also a strategic opportunity to embed responsible AI practices aligned with their long-standing values of equity, intellectual freedom, and trust. By applying the Act’s risk taxonomy to concrete library use cases, ranging from chatbots and discovery systems to generative AI tools and biometric applications, it becomes evident that the regulation is both relevant and adaptable to the sector.

The analysis reveals a dual picture. On the one hand, the AI Act provides libraries with a clear pathway to move beyond principle-based ethics into enforceable, risk-proportionate governance. On the other hand, significant barriers remain: vendor dependency, limited compliance expertise, and the under-theorization of regulatory pathways within LIS scholarship. These tensions underscore the importance of libraries positioning themselves not as passive adopters of AI but as proactive institutions capable of shaping responsible deployment.

For practice, the findings suggest that libraries should develop sector-specific risk classification matrices, strengthen procurement processes with enforceable compliance clauses, and build internal capacity for auditing and monitoring AI systems. For policy, there is a need for tailored audit frameworks and contractual models that reflect both the AI Act’s requirements and the library sector’s mission. For research, three directions stand out: empirical validation of AI risk classification in library settings, metrics for explainability and bias mitigation in discovery systems, and studies on user trust, rights, and academic freedom under different governance models.

Ultimately, academic libraries occupy a unique position at the intersection of knowledge, rights, and technology. By operationalizing the AI Act in ways that safeguard fundamental rights while enabling innovation, libraries can become exemplars of responsible AI governance in the European knowledge ecosystem, demonstrating that regulation, far from being a constraint, can serve as an enabler of both trust and progress.

Footnotes

ORCID iD

Nuno Miguel Teixeira Sousa

Funding

The author received no financial support for the research, authorship, and/or publication of this article.

Declaration of conflicting interests

The author declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Author biography

Nuno Miguel Teixeira Sousa completed his Master's degree in Information Science in 2023 from the Faculty of Arts and Humanities of Coimbra University and his Bachelor's degree in Information Science in 2021 from the Faculty of Arts and Humanities of Coimbra University. He is currently studying for a PhD in Information Science at the Faculty of Letters of the University of Lisbon since 2024 and he is investigator of Center for Classical Studies. Actually is a Senior Technician at the Library of the Law Faculty of the Coimbra University. He has received 4 awards. Works in the field(s) of Social Sciences with an emphasis on Communication Sciences with an emphasis on Information Sciences.

References

Afjal

(2023) ChatGPT and the AI revolution: a comprehensive investigation of its multidimensional impact and potential. Library Hi Tech 43: 353–376.

Ashok

Madan

Joha

, et al. (2022) Ethical framework for artificial intelligence and digital technologies. International Journal of Information Management 62: 102433.

Bawack

(2025) «Hey librarian, what can AI and analytics do for you»: a systematic literature review and sociotechnical perspective. Aslib Journal of Information Management.

Borges

Laurindo

Spínola

, et al. (2021) The strategic use of artificial intelligence in the digital era: systematic literature review and future research directions. International Journal of Information Management 57: 102225.

Borgohain

Bhardwaj

Verma

(2024) Mapping the literature on the application of artificial intelligence in libraries (AAIL): a scientometric analysis. Library Hi Tech 42(1): 149–179.

Buetow

Lovatt

(2024) From insight to innovation: harnessing artificial intelligence for dynamic literature reviews. The Journal of Academic Librarianship 50(4): 102901.

Chen

Wang

Hong

, et al. (2024) Unmasking bias in artificial intelligence: a systematic review of bias detection and mitigation strategies in electronic health record-based models. Journal of the American Medical Informatics Association: JAMIA 31(5): 1172–1183.

Collins

Dennehy

Conboy

, et al. (2021) Artificial intelligence in information systems research: a systematic literature review and research agenda. International Journal of Information Management 60: 102383.

Concha

Zenteno

Alfaro

(2024) Use of artificial intelligence in libraries: a systematic review, 2019-2023. South African Journal of Library and Information Science 90(2): 1–13.

10.

Echedom

Okuonghae

(2021) Transforming academic library operations in Africa with artificial intelligence: opportunities and challenges: a review paper. New Review of Academic Librarianship 27(2): 243–255.

11.

Europe Union (2024) Regulamento (UE) 2024/1689 do parlamento europeu E do conselho. https://eur-lex.europa.eu/legal-content/PT/TXT/PDF/?uri=OJ:L_202401689

12.

Franzke

Muis

Schäfer

(2021) Data ethics decision aid (DEDA): a dialogical framework for ethical inquiry of AI and data projects in the Netherlands. Ethics and Information Technology 23(3): 551–567.

13.

Gupta

Bhutani

Kumar

, et al. (2025) State-of-the-art review and critical analysis of emerging trends in generative artificial intelligence. Journal of Information and Optimization Sciences 46(5): 1691–1704.

14.

Harisanty

Anna

NEV

Sin

S-CJ

, et al. (2025) Librarian behaviour towards AI: an explorative study of how librarians use AI through the lens of the diffusion of innovations theory. The Electronic Library 43: 578–599.

15.

Harper

Groth

(2025) The librarian skillset and the needs of artificial intelligence. Cataloging & Classification Quarterly 63(6–7): 546–565.

16.

Heyder

Passlack

Posegga

(2023) Ethical management of human-AI interaction: theory development review. The Journal of Strategic Information Systems 32(3): 101772.

17.

Hossain

(2025) Integrating AI Literacy into Library and Information Science Education and Practice: A human-centered Approach. Library Hi Tech News.

18.

Kelly

Kaye

Oviedo-Trespalacios

(2023) What factors contribute to the acceptance of artificial intelligence? A systematic review. Telematics and Informatics 77: 101925.

19.

Laine

Minkkinen

Mäntymäki

(2024) Ethics-based AI auditing: a systematic literature review on conceptualizations of ethical principles and knowledge contributions to stakeholders. Information and Management 61(5): 103969.

20.

Lee

Scheepers

Lui

, et al. (2023) The implementation of artificial intelligence in organizations: a systematic literature review. Information and Management 60(5): 103816.

21.

Mannheimer

Bond

Young

SWH

, et al. (2024) Responsible AI practice in libraries and archives: a review of literature. Information Technology and Libraries 43(3): 1–29.

22.

Netipatalachoochote

Pailler

(2025) Developing artificial intelligence legislation in Thailand: lessons from the European Union. Journal of Human Rights, Culture and Legal System 5(1): 1–32.

23.

Zhang

(2025) Trust in AI chatbots: a systematic review. Telematics and Informatics 97: 102240.

24.

Potnis

Tahamtan

Mcdonald

(2025) Negative consequences of information gatekeeping through algorithmic technologies: an annual review of information science and technology (ARIST) paper. Journal of the Association for Information Science and Technology 76(1): 262–288.

25.

Ridley

(2025) Human-centered explainable artificial intelligence: an annual review of information science and technology (ARIST) paper. Journal of the Association for Information Science and Technology 76(1): 98–120.

26.

Roy

(2025) Transforming higher education libraries with data analytics, business intelligence, and business analytics: a review. Journal of Librarianship and Information Science 09610006241307028.

27.

Saputra

Hartati

Bene

(2024) Hungary’s AI strategy: lessons for Indonesia’s AI legal framework enhancement. Jambe Law Journal 7(1): 25–58.

28.

Scherbakov

Hubig

Jansari

, et al. (2025) The emergence of large language models as tools in literature reviews: a large language model-assisted systematic review. Journal of the American Medical Informatics Association: JAMIA 32(6): 1071–1086.

29.

Sparkman

Witt

(2025) Claude AI and literature reviews: an experiment in utility and ethical use. Library Trends 73(3): 355–380.

30.

Trigo

Stein

Belfo

(2024) Strategies to improve fairness in artificial intelligence: a systematic literature review. Education for Information 40(3): 323–346.