RatedWithAI

RatedWithAI

Accessibility scanner

AI RegulationJune 28, 2026

EU AI Act High-Risk AI Classification: Is Your System High-Risk?

The difference between limited-risk and high-risk under the EU AI Act is the difference between a disclosure sticker and a full conformity assessment. Most companies don't know which bucket they're in — and classifying wrong in either direction is expensive.

8 Categories
Annex III lists the high-risk domains — check each one against your intended use
Aug 2026
High-risk AI system obligations become enforceable for providers
€15M / 3%
Maximum fine for high-risk AI violations (whichever is higher)

Why Classification Is the Most Important Decision You'll Make

The EU AI Act is architecturally a risk-based regime. Most of the compliance burden — technical documentation, conformity assessments, logging systems, human oversight controls, and registration in the EU database — applies exclusively to high-risk AI systems. Get the classification right, and the compliance path is manageable. Misclassify yourself as limited-risk when you're actually high-risk, and you're exposed to enforcement action.

Two routes lead to the high-risk designation. The first is Annex III — a list of eight specific use-case categories. The second is the safety-component route, for AI embedded in products regulated under existing EU safety legislation. We'll cover both.

Route 1: The Eight Annex III Categories

Annex III of the EU AI Act defines eight categories of AI use that are presumptively high-risk. The classification turns on intended purpose, not on technical architecture. Ask: what is this system specifically deployed to do for EU users or deployers?

1

Biometric Identification and Categorisation

Real-time or post-hoc remote biometric identification of natural persons in public spaces. Also AI systems that categorise people based on biometric data to infer protected characteristics (race, political opinion, sexual orientation). Emotion-recognition systems in workplaces and educational institutions are prohibited entirely.

High exposure for: attendance tracking, access control, video interview AI with emotion scoring

2

Critical Infrastructure

AI used as safety components in the management or operation of critical digital infrastructure, road traffic, water, gas, heating, or electricity supply.

High exposure for: industrial IoT, energy grid management, smart city platforms

3

Education and Vocational Training

AI that determines access to, or assigns individuals to, educational and vocational training institutions. Also AI that evaluates learning outcomes or monitors students during assessments.

High exposure for: edtech admissions scoring, exam proctoring AI, skills assessment tools

4

Employment and HR

AI for recruitment and selection of natural persons — CV screening, ranking job applications, behavioural interview analysis, onboarding decisions, and termination or promotion decisions.

High exposure for: ATS AI ranking, AI interview analysis, performance management AI

5

Essential Private and Public Services

AI that evaluates credit-worthiness, determines access to life and health insurance, sets premiums. Also AI used by public authorities to assess eligibility for benefits, prioritise services, or detect fraud in public benefit applications.

High exposure for: fintech lending AI, insurtech underwriting models, social services case triage

6

Law Enforcement

AI used by law enforcement to assess risk of individuals becoming offenders, to profile individuals, or as polygraphs. Also AI for prediction, detection, and investigation of crimes, or assessment of evidence reliability.

High exposure for: risk scoring tools sold to police, predictive analytics for public safety

7

Migration, Asylum, and Border Control

AI for assessment of risks related to irregular immigration, verification of travel documents, or assistance with processing applications for asylum, visas, and residence permits.

High exposure for: document verification AI, immigration interview analysis platforms

8

Administration of Justice and Democratic Processes

AI that assists judicial authorities in researching, interpreting, and applying law to specific facts. Also AI used to influence elections and political advertising in personalised ways.

High exposure for: legaltech research tools with case-outcome predictions, political micro-targeting AI

Route 2: Safety Components of Regulated Products

Article 6(1) creates a second path to high-risk status. An AI system is high-risk if it is a safety component of a product covered by EU harmonisation legislation listed in Annex I — including medical devices, machinery, toys, aircraft, motor vehicles, and pressure equipment. If the AI component is required to undergo a third-party conformity assessment under that product legislation, it is high-risk under the AI Act too.

For most SaaS AI companies, this route is less relevant than Annex III. But it's the path to high-risk status for AI embedded in medical devices, industrial equipment control systems, or autonomous vehicle components.

The Intended-Purpose Test: The Key to Classification

Classification is not about what your AI can do. It's about what you intend it to do. A general-purpose AI that could theoretically rank job applications is not automatically high-risk. The same AI, deployed with instructions, marketing copy, and feature design specifically for CV ranking, is high-risk.

The Act defines intended purpose as the use for which a system is intended, including the specific context and conditions of use, as specified by the provider in documentation, instructions, or promotional material. This matters in three ways:

What you say in docs

If your technical documentation or user guide describes the system as 'AI that ranks candidates for interview selection', you're in Annex III regardless of whether the tool is theoretically general-purpose.

What your marketing claims

If your landing page says 'use AI to screen applications and surface your best candidates', regulators treat that as an intended-purpose declaration. Marketing copy is evidence.

What deployers actually use it for

If you know (or can reasonably foresee) that your tool is routinely used for Annex III purposes, you may still carry provider obligations even without explicit documentation.

The Classification Decision Tree

Run through these questions in order. Answer yes to any, and you need to treat your system as high-risk until you've completed a documented justification otherwise.

1. Is my AI system a safety component of a product covered by Annex I EU legislation?

Yes → High-risk (Article 6(1))

2. Does my AI system perform biometric identification or categorisation based on biometric data?

Yes → Likely high-risk; check if categorisation is real-time and in public spaces

3. Is my AI system used in recruitment, CV screening, candidate ranking, or employment decisions?

Yes → High-risk (Annex III §4)

4. Is my AI system used to evaluate creditworthiness, set insurance premiums, or assess access to financial services?

Yes → High-risk (Annex III §5)

5. Is my AI system used in education for admissions, scoring assessments, or exam proctoring?

Yes → High-risk (Annex III §3)

6. Is my AI system used in criminal risk scoring, law enforcement profiling, or public order applications?

Yes → High-risk (Annex III §6)

7. Is my AI system used by public authorities to determine access to benefits or social services?

Yes → High-risk (Annex III §5)

8. None of the above apply and my system is not a safety component

→ Proceed to limited-risk or minimal-risk classification

If You Are High-Risk: What You Must Do Before August 2026

High-risk classification triggers a full compliance programme. These are not optional enhancements — they're legal obligations that enforcement authorities will look for.

Documentation & Assessment

  • Maintain technical documentation per Annex IV (system description, data, training methodology, performance metrics, risk mitigation measures)
  • Conduct a conformity assessment against Chapter III requirements
  • Register the system in the EU database for high-risk AI (EU AI Act Article 60)
  • Appoint an EU authorized representative if you have no EU establishment

Operational Controls

  • Implement a risk management system that runs throughout the system lifecycle
  • Run data governance procedures and bias audits on training datasets
  • Enable automatic logging of all operations the system performs
  • Build human oversight measures so a human can interpret, override, or halt outputs
  • Write clear instructions for use that deployers can follow

If You Are Not High-Risk: Document Why

The worst outcome is an informal "we think we're limited-risk" with no written analysis. If a regulator or enterprise buyer asks for your classification reasoning, you want a documented assessment — not a verbal explanation that your lawyers have to reconstruct.

Your limited-risk analysis should include: which Annex III categories you reviewed, why each doesn't apply to your intended purpose, any use-case restrictions you've built into your terms to prevent high-risk deployment, and the date you conducted the review. Update it whenever your product substantially changes.

Frequently Asked Questions

We sell to enterprises who use our AI for HR. Does the high-risk classification fall on us or them?

Both, potentially. As the provider, you carry the technical documentation and conformity assessment obligations. As the deployer, your enterprise customer carries obligations around human oversight, logging, and fundamental rights impact assessments. The Act is explicit that provider and deployer obligations are separate and cumulative — one party's compliance doesn't discharge the other's.

We use our AI internally for hiring. Are we subject to high-risk rules?

Yes. Annex III §4 applies whether you sell the tool to others or use it exclusively in-house. A company running its own AI-powered applicant ranking system is a deployer of a high-risk AI system and carries the associated obligations, including human oversight measures and impact assessments where fundamental rights may be affected.

Is a recommendation engine (content, products) high-risk?

Generally no — a product recommendation or content recommendation engine doesn't fall into any Annex III category. The exception is if the recommendation engine determines access to essential services (e.g., a system that decides whether a user can purchase health insurance), which would pull it into category 5.

Can we self-classify, or do we need a third-party auditor?

For most high-risk AI systems, a self-conformity assessment is permitted under the Act. Third-party assessment is only mandatory for certain specific use cases (biometric AI systems, some remote biometric identification systems). However, the self-assessment still requires rigorous documentation, and many EU enterprise buyers request third-party audits contractually even when not legally required.

Classification Is a Decision, Not a Feeling

The EU AI Act doesn't let you drift into a risk tier through inaction. Classification is an affirmative decision that must be documented, grounded in your intended purpose, and reviewed when your product changes. The August 2026 enforcement deadline for high-risk AI is not an abstract future risk — it's the hard deadline by which providers must have their conformity assessments, technical documentation, and operational controls in place.

Run through the Annex III checklist for every AI feature that touches EU users. Write down why each category does or doesn't apply. If any does apply, start the compliance programme now — the documentation requirements alone take months to build properly.