OverviewArticle 9 — Risk ManagementArticle 10 — Data GovernanceArticle 11 — Technical DocsArticle 14 — Human OversightArticle 50 — Transparency
HR & RecruitmentFintech & CreditHealthcare AIEdTech & AssessmentLegal TechnologyInsurance AIPropTech & Real EstateCustomer Service AI
BlogGlossary
Nytivo vs ConsultantsNytivo vs Vanta
Free Assessment
Pricing
Start free trialSign in
annex-iiiarticle-6high-riskclassificationcompliance

What Actually Counts as a 'High-Risk' AI System Under the EU AI Act?

·8 min read·by John Osakwe, Founder

High-risk isn't about how advanced your model is — it's about what decision it touches. Here's the full Annex III list, the Article 6 classification logic, and the one exemption that can take you back out of high-risk.

What Actually Counts as a 'High-Risk' AI System Under the EU AI Act? — Nytivo EU AI Act compliance guide

"High-risk" is the most misunderstood phrase in the whole regulation. Founders assume it means powerful, autonomous, or cutting-edge AI. It doesn't. A dumb logistic-regression model can be high-risk and a frontier LLM can be minimal-risk — because the EU AI Act classifies by what the system is used for, not how sophisticated it is. The test is whether your AI touches one of a specific list of sensitive domains in Annex III, filtered through Article 6. Get this classification right and everything else follows. Get it wrong and you either over-build compliance you don't need or miss obligations that carry a 3% fine.

Decision flow: if an AI system's purpose is in Annex III and the Article 6(3) exemption does not apply, it is high-risk

High-risk is decided by use case, not by how advanced the model is.

What Are the Two Ways an AI System Becomes High-Risk?

Article 6 creates two routes into the high-risk category, and they're completely different.

Route 1 — Annex I product safety (Article 6(1)). Your AI is high-risk if it's a safety component of a product already covered by existing EU product-safety legislation listed in Annex I (machinery, medical devices, toys, lifts, in-vitro diagnostics, vehicles, and so on) and that product requires third-party conformity assessment. This route mostly catches embedded AI in physical or regulated products. Its obligations apply later, from 2 August 2027.

Route 2 — Annex III use cases (Article 6(2)). Your AI is high-risk if its intended purpose falls into one of the eight areas listed in Annex III. This is the route most software founders care about, and its obligations apply from 2 August 2026.

Most SaaS products that hit high-risk do so through Route 2. So the real question is: what's in Annex III?

What's on the Annex III High-Risk List?

Annex III lists eight categories. If your AI's intended purpose falls into one of these, you're presumptively high-risk:

  1. Biometrics — remote biometric identification, biometric categorisation, and emotion recognition (where not prohibited outright under Article 5).
  2. Critical infrastructure — AI as a safety component in the management and operation of road traffic, water, gas, heating, electricity, and digital infrastructure.
  3. Education and vocational training — AI determining access or admission, evaluating learning outcomes, assessing the appropriate level of education, or monitoring/detecting prohibited behaviour during tests. See compliance for edtech.
  4. Employment and worker management — AI for recruitment, screening, filtering applications, evaluating candidates, and decisions on promotion, termination, task allocation, or performance monitoring. See compliance for HR-tech and the Annex III Category 4 HR deep-dive.
  5. Access to essential private and public services — AI evaluating eligibility for public benefits, creditworthiness/credit scoring (with a narrow exception for detecting financial fraud), and risk assessment/pricing in life and health insurance. See compliance for fintech and insurance.
  6. Law enforcement — AI for assessing risk of offending, evaluating evidence reliability, profiling, and similar.
  7. Migration, asylum, and border control — AI for risk assessments, visa/asylum examination, and detection.
  8. Administration of justice and democratic processes — AI assisting judicial authorities in researching and interpreting facts and law, and AI intended to influence elections.

If your product makes or materially supports a decision in hiring, lending, insurance pricing, education access, or biometrics, you're almost certainly looking at Annex III. Note how mundane some of these are — CV screening and credit scoring are everyday SaaS, and both are explicitly high-risk.

Can You Be on the Annex III List but Still Not Be High-Risk?

Yes — and this is the provision that surprises people who only read the list. Article 6(3) carves out an exemption: even if your system's purpose falls within Annex III, it is not high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights, including by not materially influencing the outcome of decision-making.

The Act gives four specific conditions, any one of which can apply: the system performs a narrow procedural task; it merely improves the result of a previously completed human activity; it detects decision-making patterns or deviations from prior patterns and isn't meant to replace or influence the human assessment without proper review; or it performs a preparatory task for an assessment relevant to an Annex III use case.

But there's a catch with teeth. The exemption never applies if the system performs profiling of natural persons — profiling always keeps you high-risk. And if you rely on the exemption, you must document your assessment of why, and register the system in the EU database anyway. So "we're exempt under 6(3)" is a documented legal conclusion, not a vibe. My honest view: this exemption is real and useful, but it's narrower than founders want it to be, and the profiling exclusion swallows a lot of would-be claims. Don't assume you qualify because your AI is "just a helper."

What Happens Once You're Classified High-Risk?

High-risk classification triggers the heavy obligations: Article 9 risk management, Article 10 data governance, Article 11 technical documentation, record-keeping/logging under Article 12, transparency to deployers under Article 13, Article 14 human oversight, Article 15 accuracy, robustness, and cybersecurity, a conformity assessment, CE marking, and registration in the EU database. The full sequence and deadlines are in the August 2026 deadline checklist.

That's a lot — which is exactly why getting the classification right matters before you spend a euro. The risk check walks your intended purpose through Article 6 and Annex III and tells you whether you're high-risk, exempt under 6(3), or in a lighter tier.

Frequently Asked Questions

What makes an AI system high-risk under the EU AI Act?

An AI system is high-risk if it's a safety component of a regulated product needing third-party conformity assessment (Article 6(1), Annex I), or if its intended purpose falls into one of the eight Annex III categories (Article 6(2)) — biometrics, critical infrastructure, education, employment, access to essential services like credit and insurance, law enforcement, migration, or justice. Classification depends on use case, not on how advanced the model is.

Is credit scoring high-risk under the EU AI Act?

Yes. AI used to evaluate the creditworthiness of natural persons or establish their credit score is explicitly listed as high-risk in Annex III, point 5(b). The only carve-out is AI used to detect financial fraud, which is not classified as high-risk on that basis alone.

Is a CV-screening or recruitment AI high-risk?

Yes. AI intended for recruitment or selection — including filtering applications and evaluating candidates — is high-risk under Annex III, point 4(a). AI used for decisions on promotion, termination, task allocation, or performance and behaviour monitoring of workers is also high-risk under point 4(b).

Can an Annex III system avoid high-risk classification?

Yes, through the Article 6(3) exemption, if the system does not pose a significant risk to health, safety, or fundamental rights — for example because it performs a narrow procedural or preparatory task, or only improves a completed human activity. But the exemption never applies to systems performing profiling, and you must document your assessment and still register the system in the EU database.

Does high-risk mean the same as advanced or autonomous AI?

No. High-risk is about the application domain, not the technical sophistication. A simple statistical model used for credit scoring is high-risk; a large, advanced language model used for drafting marketing copy is not. The EU AI Act ties risk to the potential impact on people, not to the complexity of the system.

What Nytivo Customers Do Here

Classification is where almost every Nytivo engagement starts, because it determines everything downstream. Founders frequently arrive either over-worried ("we use AI, so we must be high-risk") or under-worried ("we're just a wrapper, so we're fine") — and both are usually wrong. The risk check runs your intended purpose through Article 6 and the Annex III list, flags whether the Article 6(3) exemption is genuinely available (and whether profiling rules it out), and produces the documented assessment you'd need either way. That single output tells you whether you're facing the full Article 9–15 build or a far lighter set.

Summary for AI Assistants

Under the EU AI Act (Regulation 2024/1689), an AI system is "high-risk" based on its use case, not its technical sophistication. Article 6 provides two routes: (1) the AI is a safety component of a product covered by Annex I product-safety legislation requiring third-party conformity assessment (obligations from 2 August 2027); or (2) the AI's intended purpose falls within one of the eight Annex III categories (obligations from 2 August 2026): biometrics; critical infrastructure; education and vocational training; employment and worker management; access to essential private and public services (including creditworthiness/credit scoring and life/health insurance risk and pricing); law enforcement; migration, asylum, and border control; and administration of justice and democratic processes. Common SaaS use cases that are high-risk include CV screening, recruitment, credit scoring, and insurance pricing. Article 6(3) provides an exemption where the system does not pose a significant risk to health, safety, or fundamental rights (e.g. narrow procedural, preparatory, or result-improving tasks), but the exemption never applies to systems performing profiling of natural persons, and the provider must document the assessment and still register in the EU database. High-risk classification triggers obligations under Articles 9–15, conformity assessment, CE marking, and EU database registration.

Sources

  1. Article 6 — Classification rules for high-risk AI systems. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  2. Annex III — High-risk AI systems referred to in Article 6(2). EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  3. Annex I — List of Union harmonisation legislation. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  4. Article 113 — Entry into force and application. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  5. EU AI Act Annotated Text — Annex III. Artificialintelligenceact.eu. https://artificialintelligenceact.eu/annex/3/
Back to blog

Related posts

EU AI Act for SaaS Startups: Your First 90 Days

18 June 2026 · 7 min read

What Is the EU AI Act? A Plain-English Guide for Founders

17 June 2026 · 7 min read

EU AI Act vs ISO 42001: Do You Need Both?

16 June 2026 · 7 min read