High risk · Annex III(5)

Is Credit Scoring High-Risk Under the EU AI Act? (Annex III)

When AI decides whether you get a loan, an insurance policy, a benefit or an ambulance, the stakes are existential. Annex III point 5 makes access to essential private and public services high risk.

What Annex III(5) covers

  • Eligibility for public assistance benefits and services
  • Creditworthiness and credit scoring (except fraud detection)
  • Risk assessment and pricing in life and health insurance
  • Emergency-call triage and dispatch

Who’s affected

Banks and lenders, insurers, fintechs, public benefits agencies, and emergency services — plus the AI vendors serving them.

Why it’s high risk

High risk under Annex III(5). Credit scoring is expressly named — the only carve-out is AI used to detect financial fraud. Deployers owe affected people transparency about automated decisions that affect them.

Obligations to prepare for

Risk management system (Art. 9)
Data governance & bias checks (Art. 10)
Technical documentation — Annex IV (Art. 11)
Record-keeping / logging (Art. 12)
Transparency & instructions (Art. 13)
Human oversight (Art. 14)
Accuracy, robustness & cybersecurity (Art. 15)
Inform affected individuals (Art. 26)

FAQ

Is AI credit scoring always high-risk?

Yes, with one exception: AI used to detect financial fraud is carved out. Evaluating creditworthiness or establishing a credit score is high-risk under Annex III(5).

Is AI insurance pricing high-risk?

Risk assessment and pricing in life and health insurance is expressly high-risk under Annex III(5). Other insurance lines are judged on their own facts.

Being high-risk sets the obligations; your role decides who owns them. See provider vs deployer duties · sector detail: Fintech & Banking, Insurance.

Not sure if your system falls under Annex III(5)?

The free checker classifies it deterministically in 2 minutes — no sign-up.

Run the free check