Check my compliance →
AIActComply / Blog / Is Your AI System High-Risk? A Plain-Language Guide to Annex III

Is Your AI System High-Risk? A Plain-Language Guide to Annex III

The EU AI Act's Annex III lists 8 categories of high-risk AI systems. This guide explains each category with real examples, covers the Article 6(3) exception, and explains what high-risk classification means for your company.

Published 24 March 2026

The EU AI Act classifies AI systems into four risk tiers: prohibited, high-risk, limited risk, and minimal risk. Most companies fall somewhere in the middle. Whether your AI systems are “high-risk” determines whether the heavier August 2026 obligations apply to you.

High-risk systems are defined by two routes: Annex II (safety components in regulated products like medical devices and vehicles) and Annex III (standalone AI systems in sensitive domains). This guide covers Annex III, which is where most software-deploying companies need to look.

The 8 Annex III categories

1. Biometrics

AI systems used for biometric identification, categorisation, or emotion recognition. This covers:

Practical scope: If your company uses facial recognition for attendance tracking, or any emotion-detection tool in a workplace or customer interaction context, this category likely applies.

2. Critical infrastructure

AI systems used to manage or operate critical infrastructure, including digital infrastructure. Energy grids, water management, financial systems, and transport networks all fall here.

Practical scope: Most standard software companies are not in this category unless their AI systems directly manage safety-critical physical systems.

3. Education and vocational training

AI systems that determine access to educational institutions, assess students, or evaluate qualifications. This includes:

Practical scope: EdTech companies, universities, and corporate training platforms that use AI for evaluation or access decisions.

4. Employment, workers management, and access to self-employment

This is one of the most commercially relevant categories. It covers AI used in:

Practical scope: Any company using an AI tool to filter job applications, rank candidates, or assess employee performance sits in this category. This includes using third-party tools like AI-powered ATS systems or workforce analytics platforms.

5. Access to essential private services and public services and benefits

AI systems that assess creditworthiness, set insurance premiums, or determine access to housing. Also covers public sector tools that determine eligibility for social benefits.

Practical scope: Financial institutions, insurance companies, and public sector organisations. Less relevant for most private-sector technology companies.

6. Law enforcement

AI systems used to assess recidivism risk, profiling, or determining the likelihood of a person committing a crime. Access to classified AI tools in law enforcement contexts.

Practical scope: Relevant to law enforcement agencies and their vendors. Not typically applicable to standard enterprise software.

7. Migration, asylum, and border control management

AI systems used to assess risk in immigration or asylum applications, or to detect emotions or verify documents at border crossings.

Practical scope: Government agencies and vendors providing tools to them.

8. Administration of justice and democratic processes

AI systems used to assist judicial authorities, interpret law, or influence electoral processes.

Practical scope: Legal technology companies and court-adjacent software. Narrowly scoped.

The Article 6(3) exception

Not every system that falls into an Annex III category is automatically high-risk. Article 6(3) provides an exception when the AI system:

In practice, this means an AI tool that summarises CVs for a recruiter to read is in a different position from one that ranks and filters candidates automatically. The former might qualify for the exception; the latter almost certainly does not.

Important: If you rely on the Article 6(3) exception, you must document why you believe it applies. That documentation is part of your risk classification record.

What high-risk classification means in practice

If your AI system is high-risk under Annex III, by 2 August 2026 you need:

You are also responsible for informing affected persons that an AI system was used in a decision affecting them, and for providing a mechanism to contest that decision.

The practical employment example

Employment AI is worth calling out specifically because it is so common. If your HR team uses any of the following, you are likely a high-risk AI deployer:

The obligation falls on you as the deployer even if the AI functionality is embedded in a third-party tool. You cannot delegate compliance to the software vendor. You must have your own usage policy, your own oversight mechanism, and your own record of the system in use.

Not sure which risk category applies to you?

Answer 20 questions about your AI systems. AIActComply applies the Act's classification logic and generates a Risk Classification Memo with full article references.

Classify my AI systems →
Ready to get compliant?
Get all your EU AI Act documents in 30 minutes
Answer 20 questions. AIActComply generates your AI Literacy Policy, Risk Classification Memo, Usage Policy, and Transparency Notice — prefilled, in 11 EU languages. €99 one-time.
Start now →