WWitness
Get StartedFeaturesAcademyFree ToolsExpert ChatPricingBlog
Sign In
Back to Blog
April 5, 2026

High-Risk AI Systems Under the EU AI Act: Complete Guide

Everything you need to know about high-risk AI classification under the EU AI Act. Both pathways, all 8 Annex III categories, the Article 6(3) exception, and full obligations.

Witness Team·9 min read·high risk AI system EUAnnex III AI ActAI Act high risk classificationhigh risk AI obligationsArticle 6 AI Act

Updated 25 May 2026 after the EU's Digital Omnibus agreement (7 May 2026): the Annex III high-risk compliance deadline has moved from 2 August 2026 to 2 December 2027 (Annex I to 2 August 2028). Article 50(2) transparency obligations still apply 2 August 2026. See our Omnibus update for the full timeline.

Why High-Risk Classification Matters

The EU AI Act's compliance obligations are concentrated almost entirely on high-risk AI systems. Minimal-risk systems face no mandatory requirements. Limited-risk systems need only transparency disclosures. But high-risk systems must meet a comprehensive set of requirements covering documentation, risk management, data governance, human oversight, accuracy, cybersecurity, conformity assessment, registration, and ongoing monitoring.

Getting the classification right is therefore the most consequential step in EU AI Act compliance. Misclassifying a high-risk system as limited risk leaves you exposed to penalties of up to €15 million or 3% of global annual turnover. Misclassifying a limited-risk system as high risk wastes resources on unnecessary compliance work. To skip ahead, you can classify your system using the same Article 5, Annex III, and Article 6(3) decision tree this guide unpacks — three minutes, no signup.

Two Pathways to High-Risk

The AI Act establishes two independent pathways for high-risk classification. A system only needs to trigger one.

Pathway 1: Safety Component (Article 6(1))

An AI system is high-risk if both conditions are met:

  1. The AI system is used as a safety component of a product, or is itself a product, covered by EU harmonisation legislation listed in Annex I of the AI Act
  2. That product is required to undergo a third-party conformity assessment under the applicable harmonisation legislation

Annex I covers existing EU product safety legislation including:

  • Machinery Regulation (EU) 2023/1230
  • Medical Devices Regulation (EU) 2017/745
  • In-Vitro Diagnostic Medical Devices Regulation (EU) 2017/746
  • Radio Equipment Directive 2014/53/EU
  • Civil Aviation Regulation (EU) 2018/1139
  • Motor Vehicle Type-Approval Regulations
  • Marine Equipment Directive 2014/90/EU
  • Rail Interoperability Directive (EU) 2016/797
  • And others

Examples: An AI system that controls braking decisions in an autonomous vehicle. An AI-powered diagnostic tool classified as a medical device. An AI component managing safety-critical functions in industrial machinery.

Application date: August 2, 2027 (one year later than Pathway 2).

Pathway 2: Annex III Listed (Article 6(2))

An AI system is high-risk if it falls into one of the use case categories listed in Annex III of the AI Act. This is the pathway that applies to most business AI systems.

Application date: August 2, 2026.

The Eight Annex III Categories

Category 1: Biometrics

Sub-areaDescriptionExamples
1(a)Remote biometric identificationPost-hoc facial recognition, identification in non-public spaces
1(b)Biometric categorization by sensitive attributesCategorizing people by ethnicity, gender, or other protected characteristics from biometric data
1(c)Emotion recognitionInferring emotions from facial expressions, voice patterns, body language (outside the workplace/education ban under Article 5)

Note: Real-time biometric identification in public spaces for law enforcement is not high-risk — it is prohibited under Article 5(1)(h), with three narrow exceptions requiring judicial authorization. Emotion recognition in the workplace and education is also prohibited (Article 5(1)(f)), except for medical or safety purposes.

Category 2: Critical Infrastructure

Sub-areaDescriptionExamples
2(a)Safety components in management/operation of critical digital infrastructure, road traffic, water/gas/heating/electricity supplyAI managing electricity grid load balancing, AI controlling traffic light systems, AI monitoring water treatment processes

The system must be a safety component — not just any software used by a utility or infrastructure provider. An AI-powered billing system at an energy company is not high-risk. An AI system making decisions about power distribution is.

Category 3: Education and Vocational Training

Sub-areaDescriptionExamples
3(a)Determining access, admission, or assignment to educational institutionsAI-powered university admissions, automated school placement
3(b)Evaluating learning outcomes, including steering the learning processAI grading systems, adaptive learning platforms that determine curriculum
3(c)Assessing appropriate education level and influencing access to educationAI that decides what level of education someone should receive
3(d)Monitoring and detecting prohibited behavior during testsAI exam proctoring, cheating detection systems

Category 4: Employment, Worker Management, Access to Self-Employment

Sub-areaDescriptionExamples
4(a)Recruitment and selection: targeted job ads, screening/filtering applications, evaluating candidatesAI-powered CV screening, automated interview scoring, AI job ad targeting
4(b)Decisions on work relationships: promotion, termination, task allocation based on behavior/traits; monitoring and evaluating performanceAI-driven performance reviews, automated task assignment based on employee profiling, AI-powered workforce management

This category is particularly relevant for SMEs. Any AI tool used in hiring or employee evaluation falls here — including third-party SaaS tools. If you use an AI-powered applicant tracking system, you are a deployer of a high-risk AI system.

Category 5: Access to Essential Services

Sub-areaDescriptionExamples
5(a)Evaluating eligibility for public assistance, benefits, or servicesAI determining welfare eligibility, healthcare access decisions
5(b)Evaluating creditworthiness or establishing credit scoresAI credit scoring, automated lending decisions. Exception: fraud detection is explicitly not high-risk
5(c)Risk assessment and pricing for life and health insuranceAI determining insurance premiums for natural persons
5(d)Evaluating and classifying emergency calls, triaging emergency patientsAI-powered 112/911 dispatch, emergency room triage systems

The fraud detection exception in 5(b) is notable. Banks using AI solely for fraud detection do not trigger high-risk classification for that system, even though credit scoring and lending AI does.

Category 6: Law Enforcement

Sub-areaDescriptionExamples
6(a)Assessing risk of person becoming crime victimVictim risk assessment tools
6(b)Polygraphs and lie detectorsAI-based deception detection
6(c)Evaluating reliability of evidenceAI analyzing evidence in criminal investigations
6(d)Assessing risk of offending or re-offendingRecidivism prediction (must augment human assessment, not replace it)
6(e)Profiling during detection, investigation, or prosecutionCriminal profiling AI

Category 7: Migration, Asylum, and Border Control

Sub-areaDescriptionExamples
7(a)Polygraphs and lie detectors in migration contextAI deception detection at borders
7(b)Assessing irregular migration risk or health riskRisk assessment for persons intending to enter the EU
7(c)Examining asylum, visa, or residence applicationsAI processing immigration applications
7(d)Detecting, recognizing, or identifying persons in migration contextException: travel document verification

Category 8: Administration of Justice and Democratic Processes

Sub-areaDescriptionExamples
8(a)Assisting judicial authorities in interpreting and applying lawAI legal research tools used by courts, AI in alternative dispute resolution
8(b)Influencing election outcomes or voting behaviorException: AI for organizing political campaigns that does not directly interact with voters

The Article 6(3) Exception: When High-Risk Can Be Downgraded

Not every Annex III system is automatically high-risk. Article 6(3) provides an exception pathway that can downgrade a system that technically falls within an Annex III category.

The exception applies when a system meets both conditions:

Condition 1: Limited Function

The system performs only one of the following:

  • (a) A narrow procedural task (e.g., data format conversion, document sorting)
  • (b) Improving the result of a previously completed human activity (e.g., spell-checking a human-written assessment)
  • (c) Detecting patterns for human review without replacing or influencing the human assessment (e.g., anomaly flagging)
  • (d) A preparatory task for a human assessment (e.g., data gathering before a human makes the decision)

Condition 2: No Profiling

The system does not profile natural persons. The GDPR Article 4(4) definition of profiling applies: automated processing of personal data to evaluate personal aspects such as work performance, economic situation, health, preferences, reliability, behavior, location, or movements.

If profiling is involved, the system is always high-risk — the Article 6(3) exception cannot apply, regardless of the function.

Exception Obligations

Even when the exception applies and the system is downgraded, the provider must:

  1. Document the assessment explaining why the exception applies
  2. Register the system in the EU database with the documented reasoning (Article 49(2))
  3. Notify the relevant market surveillance authority

This is not a "get out of compliance free" card. It is a documented exception with its own obligations.

Provider Obligations for High-Risk Systems

Providers — those who develop high-risk AI systems or place them on the market under their name — bear 19 distinct obligations:

#ArticleObligation
1Art. 9Establish and maintain a continuous risk management system
2Art. 10Implement data governance for training, validation, and testing data
3Art. 11Prepare and maintain Annex IV technical documentation
4Art. 12Design automatic logging capabilities into the system
5Art. 13Provide transparency information and instructions for use
6Art. 14Design human oversight measures into the system
7Art. 15Ensure accuracy, robustness, and cybersecurity
8Art. 17Implement a quality management system
9Art. 18Retain documentation for 10 years
10Art. 19Retain auto-generated logs for minimum 6 months
11Art. 20Take corrective actions for non-compliant systems
12Art. 21Cooperate with authorities upon request
13Art. 22Appoint an EU authorized representative (if non-EU provider)
14Art. 43Complete conformity assessment before market placement
15Art. 47Draw up EU declaration of conformity
16Art. 48Affix CE marking
17Art. 49Register in the EU database
18Art. 72Establish post-market monitoring system
19Art. 73Report serious incidents within 15 days

For deployers in scope of Article 27, our Article 27 FRIA template covers the required elements out of the box. The end-to-end compliance checklist walks each of these provider obligations in sequence with the article references intact.

Conformity Assessment: Self or Third-Party?

Most high-risk systems undergo self-assessment based on Annex VI. The provider verifies their own compliance, issues a declaration of conformity, and affixes the CE marking.

Third-party assessment by a notified body (Annex VII) may be required for Annex III point 1 biometric systems — remote biometric identification, biometric categorisation, and emotion recognition — where harmonised standards or common specifications do not fully cover the applicable requirements. Other Annex III systems generally use internal control under Annex VI.

Deployer Obligations for High-Risk Systems

Deployers — those who use high-risk AI systems under their authority — have a lighter but still significant set of obligations:

#ArticleObligation
1Art. 26(1)Use the system according to the provider's instructions
2Art. 26(2)Assign competent, trained persons for human oversight
3Art. 26(4)Ensure input data is relevant and representative
4Art. 26(5)Monitor operation, suspend if risks arise, report incidents
5Art. 26(6)Retain auto-generated logs for minimum 6 months
6Art. 27Conduct a FRIA (only for: public bodies, public service providers, credit scoring deployers, life/health insurance deployers)
7Art. 26(11)Inform persons affected by AI-based decisions
8Art. 26(7)Inform workers and worker representatives when AI is used in the workplace
9Art. 50(3)Inform persons exposed to emotion recognition or biometric categorization

Role Shifting Warning

Article 25 specifies that a deployer becomes a provider — inheriting all 19 provider obligations — if they:

  • Put their own name or trademark on a high-risk AI system
  • Make a substantial modification to the system
  • Change the intended purpose of any AI system in a way that makes it high-risk

This is a critical consideration for companies that customize or rebrand third-party AI tools. The full provider obligation set is not free to produce, which is why our breakdown of EU AI Act compliance costs is worth reading before any role-shift decision.

Timeline: When Do High-Risk Obligations Apply?

PathwayApplication DateScope
Annex III (Pathway 2)August 2, 2026All 8 categories listed above
Annex I product-embedded (Pathway 1)August 2, 2027Safety components of regulated products

There is a transitional provision: high-risk AI systems already on the market before August 2, 2026 need to comply only if they undergo a significant design change after that date. Systems intended to be used by public authorities are not open-endedly grandfathered: providers and deployers must take the necessary steps to comply by August 2, 2030.

Getting Started

Classification is the foundation. If you are unsure whether your AI system is high-risk, the Witness AI System Classifier walks you through the decision tree in about three minutes — covering the Article 5 prohibitions check, Annex III category matching, and the Article 6(3) exception assessment. It identifies your risk level, your role, and the specific obligations that apply.

Check if the EU AI Act applies to you

Free classification in 3 minutes. No signup required.

Get Started