The EU AI Act does not regulate artificial intelligence based on how sophisticated the technology is. A state-of-the-art neural network that recommends films is not high-risk. A relatively simple algorithm used to filter job applications is.
The classification is based on impact — on health, safety, and the fundamental rights of people. If your AI system makes or influences decisions that significantly affect individuals in specific sensitive contexts, it is almost certainly high-risk under the EU AI Act, regardless of how it works under the hood.
This guide explains how the high-risk classification works, which systems fall into it, what obligations apply, and how to determine whether your AI system is in scope.
How high-risk classification works
The EU AI Act establishes a risk-based framework with four tiers: prohibited AI, high-risk AI, limited-risk AI, and minimal-risk AI. The vast majority of AI systems fall into the minimal-risk category and face no specific regulatory obligations.
High-risk AI systems are defined by two separate routes.
Route 1: Annex I — AI in regulated products
AI systems that are safety components of products already regulated under EU safety legislation are classified as high-risk. Annex I covers AI embedded in products already regulated by EU safety legislation — medical devices, vehicles, toys, and machinery.
Specifically, a product is high-risk under this route if:
- —The AI system is used as a safety component of the product, or the AI system is itself a product covered by Annex I legislation
- —AND the product is required to undergo a third-party conformity assessment under that Annex I legislation
Examples of Annex I high-risk AI:
- —AI in medical devices (MDR 2017/745)
- —AI in in-vitro diagnostic devices (IVDR 2017/746)
- —AI in automotive safety systems
- —AI in civil aviation systems
- —AI in machinery safety components
- —AI in toy safety-critical features
- —AI in marine equipment
Deadline for Annex I: August 2, 2028 — one year later than Annex III systems, reflecting the additional complexity of dual-regulation compliance.
Route 2: Annex III — standalone high-risk applications
Annex III covers standalone high-risk uses across eight domains — biometric identification, critical infrastructure management, education and vocational training, employment and worker management, access to essential services, law enforcement, migration and border control, and administration of justice.
This is where most tech companies building AI products will find themselves in scope. The rest of this guide focuses primarily on Annex III.
Deadline for Annex III: December 2, 2027 (extended from August 2026 by the Digital Omnibus amendment).
The critical exception: when Annex III systems are NOT high-risk
Not every AI system that touches an Annex III domain is automatically high-risk. A provider who considers that an AI system referred to in Annex III is not high-risk shall document its assessment before that system is placed on the market or put into service.
An Annex III system is considered NOT high-risk if it:
- —Performs a narrow procedural task
- —Detects decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence a previously completed human assessment without proper human review
- —Performs a preparatory task to an assessment relevant for the Annex III use case
AI systems listed under Annex III are alwaysconsidered high-risk if they profile individuals — that is, if they use data to assess various aspects of a person's life, such as work performance, economic situation, health, preferences, interests, reliability, behaviour, location, or movement.
The practical test: If your AI system influences a significant decision about a specific individual in an Annex III domain, it is almost certainly high-risk. If it provides general analytics or performs administrative tasks without influencing individual decisions, it may not be. When in doubt, treat the system as high-risk and document your reasoning.
The eight Annex III categories in detail
Category 1: Biometric identification and categorisation
What is in scope:
- —Real-time remote biometric identification of individuals in publicly accessible spaces (with narrow law enforcement exceptions)
- —Post-remote biometric identification systems
- —AI systems that categorise individuals by protected characteristics including race, ethnicity, political opinion, religion, or sexual orientation based on biometric data
- —Emotion recognition systems (outside prohibited contexts)
What is prohibited (not high-risk — completely banned):
- —Real-time remote biometric identification in publicly accessible spaces for law enforcement (with very narrow exceptions for serious crime)
- —AI systems that infer protected characteristics from biometric data in ways that discriminate
- —Emotion recognition systems in the workplace and educational institutions — prohibited outright under Article 5 since February 2025
Practical examples:
- —Face recognition for identity verification in fintech
- —Biometric access control systems
- —Behavioural biometric systems for fraud detection
Biometric identification systems face enhanced Article 12(3) requirements including session timestamps, reference database identification, and the identity of human verifiers.
Category 2: Critical infrastructure management
AI used as safety components in the management and operation of critical infrastructure. The AI must function as a safety component — its failure or malfunction must be capable of endangering public health, safety, or security. General analytics tools used in infrastructure management contexts are not automatically in scope.
- —AI managing electricity grid load balancing where failures could endanger public safety
- —AI systems controlling water treatment processes
- —AI in traffic management with safety implications
- —AI in financial market infrastructure systems
Category 3: Education and vocational training
What is in scope:
- —AI that determines access to or admission to educational or vocational training institutions
- —AI that evaluates, assesses, or categorises students
- —AI that monitors student behaviour during examinations
Administrative AI tools used in education that do not influence individual student decisions — scheduling systems, resource allocation tools, general analytics dashboards — are not in scope.
Category 4: Employment and worker management
This is the category with the broadest practical reach. If your company sells HR technology, talent management, or workforce management software used in the EU, read this section carefully.
What is in scope:
- —AI used in recruitment — CV screening, candidate ranking, shortlisting, assessment
- —AI that evaluates candidates during the selection process
- —AI used to make promotion and advancement decisions
- —AI used for task allocation and work assignment
- —AI used to monitor and evaluate employee performance
Practical examples:
- —ATS features that score or rank candidates
- —Video interview analysis tools
- —Performance scoring systems
- —AI-powered workforce scheduling that affects individual assignment
- —Productivity monitoring systems with individual scoring
Emotion recognition systems in the workplace are a hard prohibition under Article 5, not a high-risk obligation. In force since February 2025. There is no compliance path — it is banned.
Category 5: Access to essential private and public services
- —AI used to evaluate creditworthiness of natural persons
- —AI used to establish credit scores
- —AI used for life insurance and health insurance risk assessment, pricing, and eligibility
- —AI used to assess eligibility for public benefits and services
- —AI used for emergency services dispatch prioritisation
Fraud detection AI that does not affect access to financial services is explicitly excluded. A fraud detection system that flags transactions for review without affecting a customer's access to their account is not high-risk under Category 5.
Fintech companies operating in the EU face dual compliance obligations. DORA imposes ICT risk management requirements that overlap with AI Act obligations. The recommended approach is to extend existing DORA risk management frameworks to incorporate AI-specific risks rather than building separate compliance programmes.
Category 6: Law enforcement
- —AI used for individual risk assessments in criminal investigations and proceedings
- —AI used as polygraphs or similar tools for detecting psychological states
- —AI used to evaluate the reliability of evidence
- —AI used for profiling in the context of detecting or investigating criminal offences
- —AI used to predict the occurrence or reoccurrence of criminal offences
Private companies building AI sold to law enforcement agencies are providers of high-risk AI systems under this category.
Category 7: Migration, asylum, and border control
- —AI used to assess the risk of irregular migration
- —AI used to evaluate visa or asylum applications
- —AI used to assess security or public health risks of individuals seeking to enter the EU
- —AI used in border control contexts
Category 8: Administration of justice and democratic processes
- —AI used to assist courts in researching and interpreting facts and applying the law
- —AI used to influence elections or referendums
- —AI-generated political advertising targeting systems
- —Micro-targeting tools used in electoral contexts
What obligations apply to high-risk AI systems
Once classified as high-risk, providers and deployers face a comprehensive set of obligations under Chapter III of the EU AI Act.
Provider obligations (Articles 8–15)
Establish, implement, document, and maintain a risk management system throughout the AI system's entire lifecycle. Identify and mitigate reasonably foreseeable risks. Test against real-world conditions.
Training, validation, and testing datasets must be relevant, representative, free of errors, and sufficiently complete. Bias detection and mitigation measures are mandatory.
Detailed documentation enabling authorities to assess compliance. Must be maintained throughout the system's lifecycle and updated as the system evolves.
High-risk AI systems must automatically log events throughout their lifetime. Logs must enable traceability, support post-market monitoring, and facilitate operational oversight. Minimum six-month retention.
High-risk AI systems must be sufficiently transparent that deployers can interpret and use outputs appropriately. Instructions for use must include capabilities, limitations, performance metrics, and human oversight requirements.
High-risk AI systems must be designed to allow effective human oversight during use. Humans must be able to understand the system's capabilities and limitations, detect malfunctions, and override or stop the system.
High-risk AI systems must achieve appropriate levels of accuracy for their intended purpose and perform consistently across their operational lifetime. Must be resilient to errors, faults, inconsistencies, and adversarial interference.
Conformity assessment (Article 43)
Before placing a high-risk AI system on the market, providers must complete a conformity assessment. For most Annex III systems, this can be done through internal procedures. For biometric identification systems and critical infrastructure safety components, third-party assessment by a notified body is required.
EU database registration (Article 49)
High-risk AI systems must be registered in an EU database before being placed on the market. Self-assessed non-high-risk Annex III systems must also be registered in a streamlined format.
Deployer obligations (Article 26)
Companies that deploy high-risk AI systems (without necessarily being the provider) have their own obligations:
- —Use the system in accordance with provider instructions
- —Assign human oversight to individuals with competence and authority
- —Monitor operation on the basis of instructions for use
- —Inform providers about serious incidents or malfunctions
- —Conduct a fundamental rights impact assessment (FRIA) for certain deployer categories
- —Inform workers when high-risk AI is used in employment contexts
Penalties for non-compliance
Penalties for non-compliance with high-risk obligations reach up to €15 million or 3% of global turnover under Article 99(4).
| Violation | Maximum fine |
|---|---|
| Prohibited AI practices (Art. 5) | €35M or 7% of turnover |
| High-risk AI obligations (Art. 8–15) | €15M or 3% of turnover |
| Incorrect information to authorities | €7.5M or 1.5% of turnover |
For context: a company with €100M in annual global revenue faces a maximum high-risk compliance fine of €15 million. The cost of implementing compliant logging, documentation, and risk management is a fraction of that.
The self-assessment option and its limits
The EU AI Act allows providers to self-assess most Annex III systems — you do not need a third party to certify compliance for most categories. However, self-assessment is not the same as no assessment.
If you self-assess your system as not high-risk, you must:
- —Document that assessment before placing the system on market
- —Register the system in the EU database
- —Be prepared to provide the documentation to national competent authorities on request
If you self-assess incorrectly — if a supervisory authority determines that your system is high-risk and you did not treat it as such — you face both the compliance gap and the penalties for the missing obligations.
If there is any meaningful doubt about whether your system is high-risk, treat it as high-risk and implement the required measures. The cost of implementing measures for a system that turns out not to need them is far lower than the cost of missing measures for a system that does.
How to determine if your AI system is high-risk
Work through this decision tree:
Is the AI system embedded in a product covered by Annex I legislation?
If yes, and the product requires third-party conformity assessment under that legislation: high-risk (Annex I route). Deadline: August 2028.
Does the AI system fall within one of the eight Annex III categories?
Review each category against your system's actual use. Be conservative — if the use case is plausibly in scope, treat it as in scope pending legal advice. If yes, proceed to Step 3.
Does the system profile individuals?
If it uses data to assess any aspect of an individual's life — work performance, economic situation, health, behaviour, location — it is always high-risk.
Does the system perform only a narrow procedural task?
If the system performs a preparatory or administrative function without directly influencing individual decisions, and does not profile individuals, document your reasoning for treating it as not high-risk.
When in doubt
Treat as high-risk. Document the assessment. Implement the measures. Revisit when the European AI Office publishes updated guidance on practical examples.
The December 2027 deadline — how to use the time
The Digital Omnibus extension gives Annex III companies until December 2, 2027. This is genuinely useful time if it is used for implementation — not if it is used to delay thinking about the problem.
A realistic implementation timeline for a company with one or two high-risk AI systems:
Classification and gap assessment
- —Identify all AI systems in use or development
- —Classify each against Annex III
- —Assess current compliance against Article 8–15 obligations
- —Identify the gaps
Technical implementation
- —Implement Article 12 compliant logging
- —Implement human oversight logging
- —Begin technical documentation
- —Implement data governance measures for training data
Documentation and governance
- —Complete technical documentation (Article 11)
- —Conduct DPIA where required
- —Conduct fundamental rights impact assessment
- —Establish post-market monitoring process
Conformity assessment
- —Conduct internal conformity assessment
- —For biometric systems: engage notified body
- —Register in EU database
Testing and review
- —Test logging and oversight systems
- —Review with legal team
- —Generate first compliance reports
- —Identify and close remaining gaps
Ongoing monitoring
- —Monthly Article 12 report generation
- —Post-market monitoring
- —Update documentation as system changes
- —Respond to any regulatory enquiries
Starting this process in 2026 means arriving at December 2027 with over a year of clean compliance history. Starting in October 2027 means scrambling.
Frequently asked questions
Yes, if the system is placed on the EU market or if its outputs are used in the EU. A US company that provides AI-assisted credit scoring used by EU lenders is a provider of a high-risk AI system for EU AI Act purposes, even if the company has no EU presence.
The EU AI Act provides for regulatory sandboxes where companies can test high-risk AI under regulatory supervision before full compliance is required. Member states are required to establish at least one national AI regulatory sandbox by August 2027. Contact your national AI authority to explore sandbox participation.
Yes, as a deployer. Deployers have their own obligations under Article 26, including monitoring the system's operation, informing providers about incidents, and ensuring appropriate human oversight.
The EU AI Act applies based on use, not the licensing model of the underlying technology. Using an open source LLM for credit scoring does not exempt you from high-risk obligations.
They are complementary, not alternative frameworks. Both apply simultaneously. Article 12 logs should use PII pseudonymisation to satisfy both GDPR data minimisation and Article 12 completeness requirements. A DPIA (GDPR Article 35) is also likely required for high-risk AI systems processing personal data.
Summary
High-risk AI systems under the EU AI Act are defined by two routes: Annex I (AI in regulated products) and Annex III (standalone high-risk applications in eight domains).
The Annex III categories cover biometric identification, critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice. Any AI system that profiles individuals within these domains is always high-risk.
Companies that use the time to December 2027 to implement robust compliance programmes will be in a fundamentally different position from those that wait.
This guide is maintained by Sovergate, a European AI compliance platform providing Article 12 logging for companies using LLMs in high-risk contexts. This guide is for informational purposes only and does not constitute legal advice. Consult a qualified lawyer for advice specific to your situation.
Last updated June 2026. Regulation referenced: EU Regulation 2024/1689 (EU AI Act), Annex I, Annex III, Articles 6, 8–15, 26, 43, 49, 99.
Ready to start building your Article 12 audit trail?
Two lines of code. PII scrubbed locally. Data stored in Germany. Monthly compliance reports ready for your legal team.