The EU AI Act classifies AI systems into four risk tiers: prohibited, high-risk, limited risk, and minimal risk. Most companies fall somewhere in the middle. Whether your AI systems are “high-risk” determines whether the heavier August 2026 obligations apply to you.
High-risk systems are defined by two routes: Annex II (safety components in regulated products like medical devices and vehicles) and Annex III (standalone AI systems in sensitive domains). This guide covers Annex III, which is where most software-deploying companies need to look.
The 8 Annex III categories
1. Biometrics
AI systems used for biometric identification, categorisation, or emotion recognition. This covers:
- Remote biometric identification systems (facial recognition in public spaces)
- Systems that categorise people based on biometric data (age, gender, ethnicity)
- Emotion recognition systems used in employment or education contexts
Practical scope: If your company uses facial recognition for attendance tracking, or any emotion-detection tool in a workplace or customer interaction context, this category likely applies.
2. Critical infrastructure
AI systems used to manage or operate critical infrastructure, including digital infrastructure. Energy grids, water management, financial systems, and transport networks all fall here.
Practical scope: Most standard software companies are not in this category unless their AI systems directly manage safety-critical physical systems.
3. Education and vocational training
AI systems that determine access to educational institutions, assess students, or evaluate qualifications. This includes:
- Tools that screen applications to educational programmes
- AI proctoring systems that monitor exam conduct
- Systems that assess or score student performance
Practical scope: EdTech companies, universities, and corporate training platforms that use AI for evaluation or access decisions.
4. Employment, workers management, and access to self-employment
This is one of the most commercially relevant categories. It covers AI used in:
- Recruiting and CV screening
- Selecting candidates for interviews
- Evaluating employee performance
- Making or informing promotion or dismissal decisions
- Monitoring employee behaviour (productivity tracking, sentiment analysis)
Practical scope: Any company using an AI tool to filter job applications, rank candidates, or assess employee performance sits in this category. This includes using third-party tools like AI-powered ATS systems or workforce analytics platforms.
5. Access to essential private services and public services and benefits
AI systems that assess creditworthiness, set insurance premiums, or determine access to housing. Also covers public sector tools that determine eligibility for social benefits.
Practical scope: Financial institutions, insurance companies, and public sector organisations. Less relevant for most private-sector technology companies.
6. Law enforcement
AI systems used to assess recidivism risk, profiling, or determining the likelihood of a person committing a crime. Access to classified AI tools in law enforcement contexts.
Practical scope: Relevant to law enforcement agencies and their vendors. Not typically applicable to standard enterprise software.
7. Migration, asylum, and border control management
AI systems used to assess risk in immigration or asylum applications, or to detect emotions or verify documents at border crossings.
Practical scope: Government agencies and vendors providing tools to them.
8. Administration of justice and democratic processes
AI systems used to assist judicial authorities, interpret law, or influence electoral processes.
Practical scope: Legal technology companies and court-adjacent software. Narrowly scoped.
The Article 6(3) exception
Not every system that falls into an Annex III category is automatically high-risk. Article 6(3) provides an exception when the AI system:
- Is intended for a narrow procedural task only
- Does not meaningfully affect the outcome of a human decision
- Is designed to improve a human decision without replacing it
- Performs a preparatory task that a human will review before any action is taken
In practice, this means an AI tool that summarises CVs for a recruiter to read is in a different position from one that ranks and filters candidates automatically. The former might qualify for the exception; the latter almost certainly does not.
Important: If you rely on the Article 6(3) exception, you must document why you believe it applies. That documentation is part of your risk classification record.
What high-risk classification means in practice
If your AI system is high-risk under Annex III, by 2 August 2026 you need:
- A Usage Policy that defines permitted uses, human oversight requirements, and input data standards
- Logging of the system’s operation (most commercial tools generate logs automatically, but you need to ensure retention and access)
- A named person responsible for monitoring the system
- Verification that the provider has a CE mark and EU declaration of conformity
You are also responsible for informing affected persons that an AI system was used in a decision affecting them, and for providing a mechanism to contest that decision.
The practical employment example
Employment AI is worth calling out specifically because it is so common. If your HR team uses any of the following, you are likely a high-risk AI deployer:
- An ATS (applicant tracking system) with AI ranking or scoring features
- A LinkedIn recruiter tool with AI shortlisting
- An AI tool that screens written assessments or video interviews
- A workforce analytics platform that flags employees for performance review
The obligation falls on you as the deployer even if the AI functionality is embedded in a third-party tool. You cannot delegate compliance to the software vendor. You must have your own usage policy, your own oversight mechanism, and your own record of the system in use.
Not sure which risk category applies to you?
Answer 20 questions about your AI systems. AIActComply applies the Act's classification logic and generates a Risk Classification Memo with full article references.
Classify my AI systems →