Annex III high-risk AI systems: the categories to watch

Annex III high-risk AI systems are those listed in Annex III of the EU AI Act. They cover specific uses in employment, education, essential services, law enforcement, migration, justice, and democratic processes where the AI can materially influence decisions affecting people’s fundamental rights, safety, or opportunities.[1][2]

If your AI system ranks job candidates, scores exams, assesses creditworthiness, evaluates insurance risk, monitors worker performance for promotion/termination decisions, or supports judicial outcomes, it is likely high-risk under Annex III. This triggers obligations such as risk management, high-quality datasets, technical documentation, human oversight, logging, and—for certain deployers—a fundamental rights impact assessment (FRIA). Under current law these rules apply from 2 August 2026 for Annex III systems.[3][3]

Annex III is distinct from Annex I (AI embedded in regulated products such as medical devices or machinery subject to third-party conformity assessment). Annex III focuses on the purpose and context of use in sensitive societal areas rather than the product category.[1]

Law status box Current law (May 2026): Rules for high-risk AI systems listed in Annex III apply from 2 August 2026. Providers must meet requirements in Chapter III before placing systems on the market or putting them into service. Deployers have ongoing obligations including monitoring and, where required, conducting a FRIA. Existing systems placed on the market before this date generally fall under transitional rules unless significantly modified.[4][5]

Proposal under negotiation: The Digital Omnibus package proposes linking the application of high-risk rules to the availability of harmonised standards, guidelines, and other support tools. This could adjust timelines, with a possible latest application for Annex III systems around late 2027 in some scenarios. These changes remain proposals and are not yet law. Check official EU sources for updates.[3][6]

This matrix is derived from Annex III of the AI Act and Commission guidance. Classification depends on the intended purpose and specific context of use. A narrow procedural tool that does not materially influence the final decision may qualify for derogation, but you must document this assessment.[1]

Use these questions to test your use case. Answer honestly based on the system’s intended purpose and reasonably foreseeable misuse.

If you answer “yes” to any question and the output can materially influence a decision with legal or similarly significant effect, the system is likely high-risk under Annex III. Document your reasoning. Guidelines on the AI system definition and high-risk classification provide further practical examples.[2]

Annex III contains an exhaustive list of high-risk use cases outside those automatically classified via product safety legislation (Annex I). It targets contexts where AI can adversely affect health, safety, or the fundamental rights protected by the EU Charter. The listed areas are employment, education, essential services and benefits, law enforcement, migration and border management, and administration of justice and democratic processes.[1]

Why it matters separately from Annex I: Annex I high-risk systems are those that are safety components of, or are themselves, products already regulated under existing Union harmonisation legislation (medical devices, machinery, toys, lifts, etc.) that require third-party conformity assessment. Annex III systems are classified because of how they are used in society, not because they sit inside a regulated product. Most enterprise software, SaaS platforms, and internal tools fall under Annex III analysis rather than Annex I.[1]

The list can be updated by the Commission via delegated acts to reflect technological and societal developments.

Classification is purpose-driven. Ask:

• What is the intended purpose stated by the provider?
• In what context will it be deployed?
• Does the AI evaluate, score, predict, or influence personal traits, behaviour, eligibility, or outcomes for natural persons in one of the Annex III areas?
• Does the output materially influence a decision that produces legal effects or similarly significant effects (e.g. denial of credit, job loss, educational exclusion, denial of benefits, or impact on liberty or fair trial rights)?

Edge cases matter. A simple keyword-matching tool that flags CVs for human review is unlikely to qualify. A predictive ranking model whose score is the primary filter for interviews probably does. Automated proctoring that flags “suspicious behaviour” and directly affects exam results is high-risk. A recommendation engine that merely suggests courses without determining admission is typically not.[1]

Realistic example – recruitment ranking tool A company develops an AI system that ingests CVs, past performance data, and interview transcripts to produce a ranked shortlist with confidence scores and explanatory notes. The system is marketed as reducing unconscious bias but its output is used as the main filter before any human interview. This is a classic Annex III employment use case. The provider must implement the full high-risk requirements. The deploying company (as deployer) must ensure it is used in accordance with the instructions, monitor for anomalies, and carry out a FRIA where the use falls under the relevant criteria.[2]

Realistic example – exam proctoring An edtech provider offers remote exam monitoring that uses computer vision and behavioural analysis to detect cheating and assign a risk score that influences whether the exam result is accepted. This falls under education and vocational training in Annex III. Human oversight, robustness against different lighting or disabilities, and logging are mandatory.

Realistic example – credit scoring or insurance-risk support A fintech tool that combines alternative data sources to produce a creditworthiness score used by banks to approve or decline loans qualifies under essential private services. Data quality, bias testing, and transparency to the deployer (the bank) are central obligations.

Derogations exist (Article 6(3)): if the system performs only narrow procedural tasks, improves previous human activity without replacing assessment, detects patterns without influencing outcomes, or prepares for a later high-risk use without itself making decisions, it may not be high-risk. Providers must document and, in some cases, register such assessments.[1]

Employment and worker management is the most immediate concern for the majority of companies. Tools that filter applicants, predict performance, monitor productivity, or recommend promotions or terminations are high-risk when they materially shape decisions. Bias here can violate non-discrimination rules and expose organisations to significant regulatory and reputational risk. Start with a use-case inventory across HR, talent acquisition, and people analytics teams. See Recruitment AI and the EU AI Act and EU AI Act for HR software teams.

Education and exams/proctoring affects both established edtech vendors and companies offering internal training platforms. Any system that scores learners, determines progression, or flags misconduct during assessments is in scope. fairness across diverse student populations (language, disability, cultural background) is a core technical requirement.

Essential private and public services (including credit scoring and insurance) is highly relevant to financial services, insurance, utilities, and public-sector service providers. Credit and insurance algorithms have been under scrutiny for years; the AI Act adds structured risk management, dataset documentation, and human oversight obligations. See Credit scoring, insurance, and essential-service AI.

The law enforcement, migration, justice, and democratic-process categories are more relevant to public authorities and specialised vendors, but private companies supplying such tools inherit provider obligations.

High-risk status under Annex III imposes a structured compliance regime aimed at ensuring safety, fundamental rights, transparency, and accountability throughout the lifecycle.

For providers (developers placing the system on the market):

• Implement a risk management system (identify, analyse, evaluate, and mitigate risks to health, safety, and fundamental rights).
• Ensure high-quality, relevant, representative, error-free, and complete training, validation, and testing datasets with appropriate bias mitigation.
• Produce and maintain technical documentation sufficient for authorities to assess compliance.
• Enable automatic record-keeping (logs) for traceability.
• Provide clear instructions and information to deployers.
• Design for appropriate human oversight (ability to understand, interpret, and intervene).
• Meet accuracy, robustness, and cybersecurity standards appropriate to the risk.
• Establish a quality management system (QMS) covering the above plus corrective actions and post-market monitoring.
• Draw up an EU declaration of conformity, affix CE marking, and register the system in the EU database (for most Annex III systems).

For deployers (users putting the system into service):

• Use the system according to the provider’s instructions.
• Monitor operation, keep logs where required, and report serious incidents or malfunctions.
• Perform a fundamental rights impact assessment (FRIA) before deployment in many cases, particularly for public bodies or high-impact uses. Guidelines and a template are under preparation by the Commission.[2]
• Ensure staff receive appropriate AI literacy training.

These obligations are significantly more onerous than limited-risk transparency rules (Article 50) or minimal-risk systems. They require evidence, documentation, and ongoing processes rather than one-off disclosures. Preparation should begin well before the 2026 application date to allow time for gap analysis, supplier due diligence in procurement, and integration into existing risk or compliance frameworks. Harmonised standards under development (e.g. on quality management systems and risk management) can provide a presumption of conformity once referenced in the Official Journal.[3]

• Treating every HR or analytics tool as automatically high-risk instead of analysing the specific purpose and degree of material influence on decisions.
• Confusing provider and deployer roles—many companies act as both when they customise or fine-tune systems.
• Assuming a “human in the loop” is automatically sufficient without designing meaningful oversight that allows understanding and intervention.
• Starting documentation only when enforcement begins; authorities will expect evidence of a systematic approach from the design phase.
• Overlooking FRIA obligations for deployers, especially in employment, education, or public services.
• Relying solely on vendor claims of “AI Act compliant” without requesting technical documentation or conducting your own mapping.
• Ignoring transitional rules for systems already on the market before August 2026.

Action checklist

• Inventory all AI use cases across departments and map them against the Annex III categories and screening questions above.
• Document classification decisions (including any derogation claims) and retain for authorities.
• Determine whether your organisation is a provider, deployer, or both for each system.
• For high-risk systems, prioritise risk management, data governance, and technical documentation roadmaps.
• Review procurement contracts and vendor documentation to ensure upstream providers meet their obligations.
• Plan and conduct (or update) a FRIA where required; start with the template at FRIA template: what to include in a fundamental rights impact assessment.
• Build internal AI literacy for staff involved in high-risk deployments.
• Monitor official guidance from the AI Office and AI Act Service Desk for harmonised standards and FRIA templates as they become available.
• Run a pilot assessment using a structured evidence tool to identify gaps before the 2026 deadline.

Ready to map your use cases? Use the free Evidence Scanner to classify systems against Annex III and generate an initial obligations checklist, or download the FRIA sample report to see what a completed assessment looks like in practice. Start at FRIA template: what to include in a fundamental rights impact assessment.

Sources All legal statements are drawn from the AI Act Regulation (EU) 2024/1689, the AI Act Service Desk timeline and Article 113 pages, and official Commission overviews on digital-strategy.ec.europa.eu and ai-act-service-desk.ec.europa.eu. This page provides operational guidance only and is not legal advice.