High-Risk AI Systems & Annex III: The Full Guide
Most of the EU AI Act's hard obligations fall on a single category: high-risk AI systems. If your system lands here, you inherit a demanding compliance programme — risk management, data governance, technical documentation and more. This guide explains exactly what makes a system high-risk under Annex III and Article 6, the one exemption that can pull you back out, and what to do once you know where you stand.
Two routes into the high-risk category
Under Regulation (EU) 2024/1689, a system becomes high-risk through one of two independent routes set out in Article 6:
- Annex III use cases — the system is intended to be used in one of eight sensitive areas listed in Annex III (biometrics, employment, essential services, and so on). This is the route most software providers need to check.
- Safety components of regulated products — the system is a safety component of a product already covered by EU product-safety law (such as machinery, medical devices, lifts or toys), or is itself such a product, and that product must undergo third-party conformity assessment.
You only need to fall into one route to be classified high-risk. Neither route depends on where your company is based: the Act is extraterritorial and applies whenever the system — or its output — is used within the EU. Not sure which bucket you're in? Start with the free risk checker.
The full Annex III list
Annex III enumerates the high-risk use cases. A system intended for any of these areas is presumed high-risk:
- Biometrics — remote biometric identification, biometric categorisation, and emotion recognition (where not already prohibited under Article 5).
- Critical infrastructure — safety components in the management and operation of digital infrastructure, road traffic, and the supply of water, gas, heating and electricity.
- Education and vocational training — determining access or admission, evaluating learning outcomes, or monitoring prohibited behaviour during tests.
- Employment, worker management and access to self-employment — recruitment, screening and filtering of applications, and decisions on promotion, task allocation or termination.
- Access to essential private and public services — eligibility for public benefits, credit scoring and creditworthiness, risk assessment and pricing in life and health insurance, and emergency dispatch prioritisation.
- Law enforcement — risk assessments, polygraphs, evidence evaluation and profiling.
- Migration, asylum and border control — visa and asylum application processing, risk assessments and identity verification.
- Administration of justice and democratic processes — assisting judicial authorities in researching and interpreting the law, and systems intended to influence election outcomes.
If none of these describe your intended purpose, and you are not a safety component of a regulated product, you are almost certainly not high-risk — meaning you may only face the lighter transparency rules or no mandatory obligations at all.
The Article 6(3) exemption
Landing in an Annex III area does not automatically make you high-risk. Article 6(3) provides an exemption: a system is not high-risk if it does not pose a significant risk of harm to health, safety or fundamental rights, including by not materially influencing the outcome of decision-making.
The exemption applies where the system performs a narrow procedural task, improves the result of a previously completed human activity, detects decision-making patterns without replacing human judgement, or performs a purely preparatory task to an assessment. There is an important carve-out: a system that performs profiling of natural persons is always considered high-risk, regardless of these conditions.
Crucially, the exemption is not self-certifying by silence. If you rely on it, you must:
- Document your assessment of why the system does not pose significant risk, before placing it on the market.
- Register the system in the EU database, even when claiming the exemption.
- Be ready to provide the assessment to national authorities on request.
What high-risk status obliges you to do
If you confirm high-risk status as a provider, you take on the core obligations of the Act:
- Article 9 — establish a continuous risk-management system across the lifecycle.
- Article 10 — data governance for training, validation and testing datasets.
- Article 11 — draw up technical documentation to Annex IV.
- Article 12 — automatic record-keeping (logging).
- Article 13 — transparency and instructions for use for deployers.
- Article 14 — effective human oversight.
- Article 15 — appropriate accuracy, robustness and cybersecurity.
Deployers — organisations using a high-risk system under their own authority — carry their own duties under Article 26, including operating the system per its instructions and maintaining human oversight.
What to do next
Work through classification in order:
- Map your intended purpose against the eight Annex III areas and the Article 6 product-safety route.
- Test the exemption — if you touch an Annex III area, assess Article 6(3) honestly, remembering the profiling carve-out.
- Document the outcome either way. A defensible written classification is your first compliance artefact.
- Diarise the deadline — high-risk obligations for Annex III systems apply from 2 December 2027. See the full deadlines timeline.
- Scope the gap — if you are high-risk, begin building the Article 9–15 programme now; it takes months, not weeks.
Start the whole process with the free risk checker or read the complete guide.
Frequently asked questions
Does an Annex III system automatically count as high-risk?
No. Falling within an Annex III area creates a presumption of high-risk, but Article 6(3) exempts systems that don't pose a significant risk of harm — for example those performing a narrow procedural or purely preparatory task. However, any system that profiles natural persons is always high-risk, and you must document and register your exemption.
What is the difference between the Annex III route and the Article 6 product route?
The Annex III route captures standalone software used in eight sensitive areas like employment or credit scoring. The product route captures AI that is a safety component of a regulated product (machinery, medical devices, toys) that already requires third-party conformity assessment. Either route alone makes you high-risk.
When do high-risk obligations start applying?
For Annex III high-risk systems, the obligations apply from 2 December 2027 under Article 113. Because building a compliant Article 9–15 programme and Annex IV documentation takes many months, most providers should begin well before that date.
Are non-EU companies caught by the high-risk rules?
Yes. The EU AI Act is extraterritorial. If your high-risk system, or the output it produces, is used within the EU, the obligations apply regardless of where your company is established.
Free, no sign-up. Deterministic — not a chatbot.