EU AI Act High-Risk AI Classification: Is Your System High-Risk?
The difference between limited-risk and high-risk under the EU AI Act is the difference between a disclosure sticker and a full conformity assessment. Most companies don't know which bucket they're in — and classifying wrong in either direction is expensive.
Why Classification Is the Most Important Decision You'll Make
The EU AI Act is architecturally a risk-based regime. Most of the compliance burden — technical documentation, conformity assessments, logging systems, human oversight controls, and registration in the EU database — applies exclusively to high-risk AI systems. Get the classification right, and the compliance path is manageable. Misclassify yourself as limited-risk when you're actually high-risk, and you're exposed to enforcement action.
Two routes lead to the high-risk designation. The first is Annex III — a list of eight specific use-case categories. The second is the safety-component route, for AI embedded in products regulated under existing EU safety legislation. We'll cover both.
Route 1: The Eight Annex III Categories
Annex III of the EU AI Act defines eight categories of AI use that are presumptively high-risk. The classification turns on intended purpose, not on technical architecture. Ask: what is this system specifically deployed to do for EU users or deployers?
Biometric Identification and Categorisation
Real-time or post-hoc remote biometric identification of natural persons in public spaces. Also AI systems that categorise people based on biometric data to infer protected characteristics (race, political opinion, sexual orientation). Emotion-recognition systems in workplaces and educational institutions are prohibited entirely.
High exposure for: attendance tracking, access control, video interview AI with emotion scoring
Critical Infrastructure
AI used as safety components in the management or operation of critical digital infrastructure, road traffic, water, gas, heating, or electricity supply.
High exposure for: industrial IoT, energy grid management, smart city platforms
Education and Vocational Training
AI that determines access to, or assigns individuals to, educational and vocational training institutions. Also AI that evaluates learning outcomes or monitors students during assessments.
High exposure for: edtech admissions scoring, exam proctoring AI, skills assessment tools
Employment and HR
AI for recruitment and selection of natural persons — CV screening, ranking job applications, behavioural interview analysis, onboarding decisions, and termination or promotion decisions.
High exposure for: ATS AI ranking, AI interview analysis, performance management AI
Essential Private and Public Services
AI that evaluates credit-worthiness, determines access to life and health insurance, sets premiums. Also AI used by public authorities to assess eligibility for benefits, prioritise services, or detect fraud in public benefit applications.
High exposure for: fintech lending AI, insurtech underwriting models, social services case triage
Law Enforcement
AI used by law enforcement to assess risk of individuals becoming offenders, to profile individuals, or as polygraphs. Also AI for prediction, detection, and investigation of crimes, or assessment of evidence reliability.
High exposure for: risk scoring tools sold to police, predictive analytics for public safety
Migration, Asylum, and Border Control
AI for assessment of risks related to irregular immigration, verification of travel documents, or assistance with processing applications for asylum, visas, and residence permits.
High exposure for: document verification AI, immigration interview analysis platforms
Administration of Justice and Democratic Processes
AI that assists judicial authorities in researching, interpreting, and applying law to specific facts. Also AI used to influence elections and political advertising in personalised ways.
High exposure for: legaltech research tools with case-outcome predictions, political micro-targeting AI
Route 2: Safety Components of Regulated Products
Article 6(1) creates a second path to high-risk status. An AI system is high-risk if it is a safety component of a product covered by EU harmonisation legislation listed in Annex I — including medical devices, machinery, toys, aircraft, motor vehicles, and pressure equipment. If the AI component is required to undergo a third-party conformity assessment under that product legislation, it is high-risk under the AI Act too.
For most SaaS AI companies, this route is less relevant than Annex III. But it's the path to high-risk status for AI embedded in medical devices, industrial equipment control systems, or autonomous vehicle components.
The Intended-Purpose Test: The Key to Classification
Classification is not about what your AI can do. It's about what you intend it to do. A general-purpose AI that could theoretically rank job applications is not automatically high-risk. The same AI, deployed with instructions, marketing copy, and feature design specifically for CV ranking, is high-risk.
The Act defines intended purpose as the use for which a system is intended, including the specific context and conditions of use, as specified by the provider in documentation, instructions, or promotional material. This matters in three ways:
What you say in docs
If your technical documentation or user guide describes the system as 'AI that ranks candidates for interview selection', you're in Annex III regardless of whether the tool is theoretically general-purpose.
What your marketing claims
If your landing page says 'use AI to screen applications and surface your best candidates', regulators treat that as an intended-purpose declaration. Marketing copy is evidence.
What deployers actually use it for
If you know (or can reasonably foresee) that your tool is routinely used for Annex III purposes, you may still carry provider obligations even without explicit documentation.
The Classification Decision Tree
Run through these questions in order. Answer yes to any, and you need to treat your system as high-risk until you've completed a documented justification otherwise.
1. Is my AI system a safety component of a product covered by Annex I EU legislation?
Yes → High-risk (Article 6(1))
2. Does my AI system perform biometric identification or categorisation based on biometric data?
Yes → Likely high-risk; check if categorisation is real-time and in public spaces
3. Is my AI system used in recruitment, CV screening, candidate ranking, or employment decisions?
Yes → High-risk (Annex III §4)
4. Is my AI system used to evaluate creditworthiness, set insurance premiums, or assess access to financial services?
Yes → High-risk (Annex III §5)
5. Is my AI system used in education for admissions, scoring assessments, or exam proctoring?
Yes → High-risk (Annex III §3)
6. Is my AI system used in criminal risk scoring, law enforcement profiling, or public order applications?
Yes → High-risk (Annex III §6)
7. Is my AI system used by public authorities to determine access to benefits or social services?
Yes → High-risk (Annex III §5)
8. None of the above apply and my system is not a safety component
→ Proceed to limited-risk or minimal-risk classification
If You Are High-Risk: What You Must Do Before August 2026
High-risk classification triggers a full compliance programme. These are not optional enhancements — they're legal obligations that enforcement authorities will look for.
Documentation & Assessment
- ☐Maintain technical documentation per Annex IV (system description, data, training methodology, performance metrics, risk mitigation measures)
- ☐Conduct a conformity assessment against Chapter III requirements
- ☐Register the system in the EU database for high-risk AI (EU AI Act Article 60)
- ☐Appoint an EU authorized representative if you have no EU establishment
Operational Controls
- ☐Implement a risk management system that runs throughout the system lifecycle
- ☐Run data governance procedures and bias audits on training datasets
- ☐Enable automatic logging of all operations the system performs
- ☐Build human oversight measures so a human can interpret, override, or halt outputs
- ☐Write clear instructions for use that deployers can follow
If You Are Not High-Risk: Document Why
The worst outcome is an informal "we think we're limited-risk" with no written analysis. If a regulator or enterprise buyer asks for your classification reasoning, you want a documented assessment — not a verbal explanation that your lawyers have to reconstruct.
Your limited-risk analysis should include: which Annex III categories you reviewed, why each doesn't apply to your intended purpose, any use-case restrictions you've built into your terms to prevent high-risk deployment, and the date you conducted the review. Update it whenever your product substantially changes.
Frequently Asked Questions
We sell to enterprises who use our AI for HR. Does the high-risk classification fall on us or them?
Both, potentially. As the provider, you carry the technical documentation and conformity assessment obligations. As the deployer, your enterprise customer carries obligations around human oversight, logging, and fundamental rights impact assessments. The Act is explicit that provider and deployer obligations are separate and cumulative — one party's compliance doesn't discharge the other's.
We use our AI internally for hiring. Are we subject to high-risk rules?
Yes. Annex III §4 applies whether you sell the tool to others or use it exclusively in-house. A company running its own AI-powered applicant ranking system is a deployer of a high-risk AI system and carries the associated obligations, including human oversight measures and impact assessments where fundamental rights may be affected.
Is a recommendation engine (content, products) high-risk?
Generally no — a product recommendation or content recommendation engine doesn't fall into any Annex III category. The exception is if the recommendation engine determines access to essential services (e.g., a system that decides whether a user can purchase health insurance), which would pull it into category 5.
Can we self-classify, or do we need a third-party auditor?
For most high-risk AI systems, a self-conformity assessment is permitted under the Act. Third-party assessment is only mandatory for certain specific use cases (biometric AI systems, some remote biometric identification systems). However, the self-assessment still requires rigorous documentation, and many EU enterprise buyers request third-party audits contractually even when not legally required.
Classification Is a Decision, Not a Feeling
The EU AI Act doesn't let you drift into a risk tier through inaction. Classification is an affirmative decision that must be documented, grounded in your intended purpose, and reviewed when your product changes. The August 2026 enforcement deadline for high-risk AI is not an abstract future risk — it's the hard deadline by which providers must have their conformity assessments, technical documentation, and operational controls in place.
Run through the Annex III checklist for every AI feature that touches EU users. Write down why each category does or doesn't apply. If any does apply, start the compliance programme now — the documentation requirements alone take months to build properly.