The risk pyramid is a cybersecurity and regulatory framework that categorizes AI systems based on the level of risk they pose to users and society. At the base are minimal-risk systems with few or no regulatory requirements, while higher tiers represent increased risk, triggering stricter legal obligations and oversight. This model helps organizations and regulators prioritize resources and compliance efforts, ensuring that the most potentially harmful technologies are subject to the highest scrutiny. The risk pyramid is especially relevant in AI governance, where it guides the application of laws and standards according to the potential impact of each system.