Skip to content
Klarvo
Start free

EU AI Act · High-risk

High-risk AI under the EU AI Act — Annex III, explained

High-risk under the EU AI Act is a precise category, not a vibe. Annex III lists eight specific contexts — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice. Here's what's actually in each, and what isn't.

The eight Annex III categories

Annex III to the EU AI Act lists eight categories where an AI system is treated as high-risk because of where it's used, not because of how it's built.

1. Biometrics

Remote biometric identification systems, biometric categorisation by sensitive attributes, emotion recognition (outside the workplace and education, where it's prohibited under Article 5). Includes face-recognition access control above a certain reliability threshold.

2. Critical infrastructure

AI used as a safety component in the management or operation of critical digital infrastructure, road traffic, water, gas, heat, electricity. The system has to be safety-critical — analytics dashboards or routine reporting aren't covered.

3. Education and vocational training

AI used to determine access, admissions or assignment to education; to evaluate student learning outcomes; to assess appropriate education level; to monitor for prohibited cheating behaviour. Proctoring, automated grading at scale, admission-scoring systems.

4. Employment, worker management, access to self-employment

The category most SMEs trip. Covers: AI used to filter, rank, evaluate or place candidates in recruitment or selection; AI used to allocate tasks, monitor performance, or make promotion/termination decisions; AI used to assess workers' behaviour or productivity.

5. Access to essential services and benefits

AI used to evaluate eligibility for public assistance, healthcare services, or essential private services (credit scoring, insurance-risk pricing for natural persons, emergency dispatch prioritisation).

6. Law enforcement

Risk assessment of natural persons by law-enforcement authorities, polygraph-style truth detection, evaluation of evidence reliability. Not relevant to most commercial SMEs.

7. Migration, asylum, border control

AI used to assess risk or examine applications relating to migration, asylum, visas, border control. Again, narrow and almost always governmental.

8. Administration of justice and democratic processes

AI used to assist a judicial authority in researching or interpreting facts or law, or in applying law. AI used in elections (excluding back-office logistics).

What deployers actually have to do

Most SMEs encountering an Annex III system encounter it as a deployer — they use an AI tool a vendor has built. The deployer-side obligations are real but limited:

  • Use the system as the provider instructs. No off-label use.
  • Assign human oversight — a named person who understands the system, can override it, and has the authority to do so.
  • Monitor performance — if the system starts producing outliers, you act on it; you don't quietly let it run.
  • Keep logs for the period the provider specifies (at least six months by default).
  • Inform affected individuals when a decision is significantly influenced by the system, and explain the role the AI played.
  • FRIA if you're a public body or you deploy a credit-scoring or insurance-pricing AI (Article 27).

The good news for SMEs. The heavy-weight provider obligations — conformity assessment, technical documentation, CE marking, EU database registration — belong to the system's provider, not its deployer. If you use a vendor's tool, the vendor carries that weight.

What the calendar actually looks like

The original Annex III deadline was 2 August 2026. The European Commission's December 2025 Digital Omnibus proposal moves the substantive application of Annex III high-risk obligations to 2 December 2027, with the European Parliament voting 101–9 to support the delay in March 2026. Trilogue is ongoing. Plan against August 2026 as the safe baseline until the trilogue concludes — Article 50 transparency is unaffected and stays on 2 August 2026.

What to do this quarter

  1. List your AI systems and tag each with the Annex III category, if any.
  2. For each Annex III system, name the human-oversight owner, document the use-case scope, capture the vendor's instructions for use.
  3. Decide on FRIA — if you're a public body or you deploy credit/insurance scoring AI, start it now (it's not a quick exercise).
  4. Negotiate vendor terms. Your vendor must give you the conformity assessment, technical documentation summary, and the logs. If they can't, change vendor.

Run the High-Risk Checker — Annex III screener →

Klarvo organises and explains EU AI Act compliance. It is not legal advice. For specific legal situations, consult a qualified professional.

Frequently asked

Is recruitment software always high-risk? +

Recruitment software that uses AI to filter, rank, or recommend candidates almost always lands in Annex III §4(a). What's not high-risk: a CV intake form with no AI ranking, an interview-scheduling tool, a job-board search that doesn't score candidates against the job description.

Is ChatGPT or a Copilot used internally high-risk? +

Usually no, by itself. A general-purpose model used for drafting emails or summarising documents isn't high-risk because of what it is — risk attaches to the use case. If you take the same model and wire it into a system that ranks CVs or scores loan applications, that use case is high-risk.

What's a 'deployer' vs a 'provider'? +

A provider develops or markets the AI system. A deployer uses it under their authority. Most SMEs are deployers. Annex III obligations split across both roles — provider duties (technical documentation, conformity assessment, CE marking) are heavier; deployer duties (use according to instructions, log retention, human oversight, FRIA in some cases) are lighter but still real.

What's the Digital Omnibus delay people are talking about? +

The European Commission's December 2025 Digital Omnibus proposal would delay the application of the Annex III high-risk obligations to 2 December 2027. The European Parliament voted to support the delay in March 2026 (101–9); trilogue is ongoing. Article 50 transparency is unaffected. The 2 August 2026 baseline is the safe assumption to plan against until trilogue concludes.

Does a FRIA always apply to high-risk systems? +

No. The Fundamental Rights Impact Assessment (Article 27) applies to a narrower subset: public bodies, and deployers of credit-scoring or insurance-pricing AI. For other Annex III categories, FRIA is not mandatory but is widely treated as best practice.

Catalogue your Annex III exposure in an afternoon.

Klarvo's free tier classifies each of your systems against Annex III and tells you exactly which obligations land where. The Prove tier adds the FRIA wizard.

Start free See pricing

Free tier · Full KlarvoEngine classification · No credit card