What makes an AI system high-risk under the EU AI Act?

An AI system is high-risk if it is listed in Annex III or serves as a safety component of a product regulated under Annex I EU harmonisation legislation. Annex III covers biometrics, employment, credit scoring, law enforcement, and education among others.

Are all AI systems in Annex III automatically high-risk?

No. Article 6(3) provides an exception for AI systems that perform narrow procedural tasks, improve previously completed human activities, or serve preparatory purposes without posing significant risk.

When do high-risk AI obligations take effect?

The high-risk obligations under Chapter III apply from 2 August 2026.

Does the EU AI Act apply to AI developed outside the EU?

Yes. The Act applies to providers placing AI on the EU market and deployers located within the EU, regardless of where the provider is established.

Quick answer

High-risk AI systems are those listed in Annex III of the EU AI Act or used as safety components of products covered by EU harmonisation legislation. They must meet strict requirements for risk management, data governance, transparency, and human oversight.

Updated June 2026 · MmowW AI Compliance

What Is High-Risk AI Under the EU AI Act? Classification Guide (2026)

Q: What are the penalties for non-compliance with high-risk requirements?

Fines can reach up to 3% of global annual turnover or 15 million euros, whichever is higher.

Understanding High-Risk AI Under the EU AI Act

The EU AI Act (Regulation 2024/1689) establishes a risk-based framework that places the most demanding obligations on systems classified as high-risk. For any organisation deploying or developing AI in the European Union, understanding whether a system falls into this category is the first step toward compliance.

Article 6 of the EU AI Act sets out two pathways through which an AI system can be classified as high-risk. The first covers AI systems that serve as safety components of products already regulated under EU harmonisation legislation listed in Annex I (such as medical devices, machinery, and aviation). The second covers standalone AI systems listed in Annex III, which spans eight broad areas of application.

Annex III: The Eight Areas of High-Risk AI

Category	Examples
1. Biometrics	Remote biometric identification, emotion recognition in workplaces and education
2. Critical infrastructure	AI managing electricity, gas, water supply, or digital infrastructure
3. Education and vocational training	Systems determining access to education, evaluating learning outcomes
4. Employment and worker management	CV screening, interview evaluation, promotion decisions, performance monitoring
5. Access to essential services	Credit scoring, insurance pricing, emergency dispatch prioritisation
6. Law enforcement	Individual risk assessment tools, polygraphs, crime analytics, profiling
7. Migration, asylum, and border control	Risk assessment of irregular migration, visa processing
8. Administration of justice	AI assisting judicial authorities in fact-finding or applying the law

Obligations for High-Risk AI Systems

Once classified as high-risk, the provider must satisfy requirements in Chapter III, Section 2:

Establishing a risk management system throughout the AI system lifecycle (Article 9)
Meeting data governance standards for training, validation, and testing datasets (Article 10)
Preparing technical documentation before market placement (Article 11)
Designing the system for automatic event logging during operation (Article 12)
Ensuring transparency and providing instructions of use to deployers (Article 13)
Designing for effective human oversight (Article 14)
Achieving appropriate accuracy, robustness, and cybersecurity (Article 15)

The Article 6(3) Exception

Not every AI system appearing in Annex III is automatically high-risk. Article 6(3) provides an exception: a system is not high-risk if it performs a narrow procedural task, improves the result of a previously completed human activity, detects decision-making patterns without replacing human assessment, or performs a preparatory task for an assessment relevant to Annex III use cases.

Providers relying on this exception must document their assessment and notify the relevant national authority before placing the system on the market.

Practical Steps for Classification

Identify whether your AI system is a safety component of a product covered by Annex I legislation
If not, check whether the system falls within any of the eight Annex III categories
If it does, assess whether the Article 6(3) exception applies
Document your classification decision with supporting reasoning
If classified as high-risk, begin implementing Chapter III requirements

Timeline and Enforcement

The EU AI Act entered into force on 1 August 2024. Prohibited AI practices apply from 2 February 2025. High-risk AI system obligations apply from 2 August 2026. National competent authorities handle market surveillance, with penalties for non-compliance reaching up to 3% of global annual turnover or 15 million euros.

Understanding the Risk-Based Approach

The EU AI Act adopts a proportional, risk-based regulatory architecture. This means that the regulatory burden placed on providers and deployers scales with the severity of potential harm an AI system can cause to health, safety, and fundamental rights. This approach was deliberately chosen to avoid stifling innovation in low-risk applications while maintaining strong protections where AI poses genuine threats.

The risk-based approach draws from established EU regulatory traditions in product safety, financial services, and data protection. The CE marking framework for products, the GDPR's risk-based obligations, and the Capital Requirements Directive's proportionality all informed the AI Act's design. Organisations already familiar with these frameworks will recognise the underlying logic.

Why Classification Matters

Classification is not merely a bureaucratic exercise. It determines the entire compliance trajectory for an AI system. A high-risk classification triggers requirements spanning the complete AI lifecycle: from initial design and data governance through testing, deployment, monitoring, and eventual decommission. Getting the classification wrong in either direction creates serious problems. Underclassifying a high-risk system exposes the organisation to enforcement action and potential harm. Overclassifying a minimal-risk system wastes resources on unnecessary compliance activities.

The European Commission has emphasised that classification should be based on the intended purpose and context of use, not the underlying technology. A neural network used for weather prediction and the same architecture used for criminal risk assessment receive fundamentally different classifications because the risk to fundamental rights differs dramatically.

International Context

The EU AI Act does not exist in isolation. ISO/IEC 42001 provides an AI management system standard that supports systematic risk identification and treatment. The NIST AI RMF 1.0 offers four core functions (Govern, Map, Measure, Manage) that complement EU classification. The OECD AI Principles provide a values-based foundation referenced by over 40 countries. Organisations operating globally benefit from aligning their classification processes with all three frameworks simultaneously, as the underlying risk concepts are consistent even where terminology differs.

National implementations may add requirements beyond the EU baseline. Member states retain authority to designate national competent authorities, establish sandboxes, and interpret certain provisions. Monitoring national transposition is part of ongoing compliance management.

Common Classification Pitfalls

Focusing on technology rather than purpose and context of use
Assuming open-source or research exemptions apply to commercial deployments
Overlooking the safety component pathway through Annex I
Misapplying the Article 6(3) exception without proper documentation
Failing to reassess when the system purpose or context changes
Treating classification as a one-time activity rather than an ongoing process

Building a Classification Capability

Organisations with multiple AI systems should establish a centralised classification function. This involves creating a classification methodology document, training relevant personnel, maintaining an AI system inventory, establishing a classification review board, and integrating classification into the AI development lifecycle. The investment in this capability pays dividends through consistent, defensible classification decisions across the portfolio.

Documentation should be sufficiently detailed that a regulator reviewing it years later can understand the reasoning. Include the system description, intended purpose, deployment context, analysis against each classification criterion, conclusion, date, assessor identity, and next review date. This documentation forms part of the broader technical documentation required by Article 11 and Annex IV.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.