Quick answer

The EU AI Act classifies AI systems in education and vocational training as high-risk under Annex III category 3. This includes systems for admissions decisions, student assessment, learning analytics, proctoring, and cheating detection. Providers must implement risk management, bias testing, human oversight, and transparency measures.

Updated June 2026 · MmowW AI Compliance

EU AI Act High-Risk AI in Education: Student Assessment and Admissions

Education as a High-Risk Domain Under Annex III

Annex III, category 3 of the EU AI Act (Regulation (EU) 2024/1689) classifies AI systems in education and vocational training as high-risk. The Regulation recognises that AI systems in this domain can determine access to education and professional courses, influence the level of education individuals receive, and materially affect their career opportunities and life outcomes.

The specific systems covered include those intended to be used to determine access to or admission or assignment of natural persons to educational and vocational training institutions at all levels. Also captured are AI systems intended to evaluate learning outcomes, including those used to steer the learning process, and AI systems intended to assess the appropriate level of education for an individual and materially influence the level of education and training they will receive or be able to access.

AI systems used to monitor and detect prohibited behaviour of students during tests, commonly known as proctoring and cheating detection systems, are also classified as high-risk under this category. This classification reflects the significant impact these systems can have on individual students, including the risk of false accusations and the stress and anxiety associated with continuous algorithmic surveillance during examinations.

Admissions and Access to Education

AI systems that determine or materially influence admissions decisions represent one of the most consequential applications in education. A system that ranks applicants, filters applications based on predicted success, or recommends admission or rejection directly affects an individual's access to educational opportunities.

The risk management requirements of Article 9 apply with particular force to admissions AI. These systems must be assessed for risks of discrimination based on socioeconomic background, ethnicity, gender, disability, and other protected characteristics. Historical admissions data often reflects past inequalities, and AI systems trained on such data may perpetuate or amplify those inequalities if appropriate mitigation measures are not implemented.

Data governance under Article 10 requires that training, validation, and testing datasets be relevant and sufficiently representative. For admissions systems, this means the data must adequately represent the diversity of the applicant pool, including underrepresented groups. Providers must document the datasets used and the measures taken to address potential biases.

The transparency obligations of Article 13 require that educational institutions deploying admissions AI have sufficient information to understand how the system processes applications and reaches its outputs. This information must be clear and comprehensive enough that the institution can exercise meaningful human oversight and provide explanations to applicants about the admissions process.

Student Assessment and Learning Analytics

AI systems used to evaluate learning outcomes and steer the learning process are classified as high-risk when they materially influence the education an individual receives. This includes adaptive learning platforms that adjust content difficulty based on student performance, AI-powered grading systems, and analytics tools that recommend students be placed in different tracks or levels.

The accuracy and robustness requirements of Article 15 are particularly important for assessment AI. An AI grading system must demonstrate consistent and reliable performance across different student populations and subject areas. The technical documentation must specify the system's accuracy metrics, including error rates and the conditions under which performance may vary.

Learning analytics systems that track student engagement, predict dropout risk, or recommend interventions present a distinct set of compliance challenges. While these systems can provide valuable support to educators, they also risk creating self-fulfilling prophecies where students identified as at-risk receive less challenging content, further widening achievement gaps. The risk management system must identify and address these feedback loop risks.

Assessment AI must comply with Article 14's human oversight requirements. A teacher or examiner must be positioned to review and override AI-generated grades or assessments. The system must not produce final academic assessments without meaningful human involvement. This does not mean a human must review every AI output, but the oversight structure must be designed so that anomalies are detected and corrective action is taken.

Proctoring and Cheating Detection Systems

AI-powered proctoring systems, which monitor students during examinations using webcam footage, keystroke analysis, browser activity tracking, and other surveillance techniques, are explicitly captured by Annex III category 3. These systems raise particular concerns about privacy, proportionality, and the potential for discriminatory outcomes.

Common proctoring AI issues include higher false-positive rates for students with darker skin tones, students with disabilities that cause atypical eye movements or facial expressions, and students in shared living spaces where background noise or movement triggers alerts. The risk management obligations of Article 9 require providers to identify and mitigate these specific risks.

The data governance requirements of Article 10 apply to the biometric and behavioural data collected by proctoring systems. Training datasets must adequately represent diverse student populations to ensure equitable performance. Where proctoring systems incorporate biometric processing, the additional requirements applicable to biometric AI under Annex III category 1 may also apply.

Cheating detection systems that analyse writing patterns, citation practices, or content similarity must comply with transparency requirements. Students should be informed that their work will be subject to automated analysis, the nature of the analysis, and the consequences of a positive detection. False accusations of academic dishonesty can have severe consequences for students, making the accuracy requirements of Article 15 and the human oversight requirements of Article 14 particularly important in this context.

Bias Risks and Student Rights in Educational AI

Educational AI systems operate in a context where bias can have lasting effects on young people's opportunities and life trajectories. A biased admissions system may systematically exclude talented students from disadvantaged backgrounds. A biased assessment system may consistently undergrade students from certain demographic groups. A biased proctoring system may disproportionately flag students with disabilities for suspected cheating.

Article 10(2) specifies that data governance measures must take into account the specific geographical, contextual, behavioural, or functional setting within which the AI system is intended to be used. For educational AI, this means accounting for the diversity of educational contexts across EU Member States, including different curricula, assessment traditions, language environments, and student demographics.

Students and their parents or legal guardians are among the natural persons most directly affected by educational AI. While the AI Act does not create individual rights for affected persons to challenge AI decisions directly (unlike the GDPR's Article 22), the transparency obligations ensure that educational institutions have the information needed to explain AI-assisted decisions and to respond to complaints.

The fundamental rights impact assessment under Article 27 applies to public educational institutions deploying high-risk AI. Given that the vast majority of primary, secondary, and higher education in the EU is publicly funded, this requirement will apply broadly. The assessment must identify the categories of students likely to be affected, the specific risks to their rights, and the measures in place to address those risks.

Practical Compliance Steps for EdTech Providers

EdTech providers should begin compliance preparation by classifying each product and feature against Annex III category 3. An adaptive learning platform may contain both high-risk components (those that materially influence the level of education received) and non-high-risk components (those that merely provide supplementary study materials). Only the high-risk components trigger the full compliance requirements.

Bias auditing should be systematic and ongoing. Providers should test their systems across demographic groups including gender, ethnicity, socioeconomic background, disability status, and language background. The results of these audits should be documented in the technical documentation and communicated to deployers through the instructions of use.

Providers should design their systems to support meaningful human oversight. This means providing educators with clear explanations of AI outputs, easy-to-use override mechanisms, and dashboards that highlight cases where human review is particularly important. The system architecture should facilitate rather than undermine the educator's role as the ultimate decision-maker.

Data governance for student data requires particular care. Student data is often sensitive and subject to special protections under the GDPR, including the provisions applicable to children's data under Article 8 and Recital 38. Providers must ensure that data collection is minimised to what is necessary, that data is processed lawfully, and that appropriate security measures are in place.

Documentation should be prepared with educational institution deployers in mind. Instructions of use should be written in language accessible to educators and administrators, not solely technical specialists. Performance metrics should be presented in educational terms, such as grade accuracy rates and false-positive rates for cheating detection, rather than abstract statistical measures.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.