Is My AI System High-Risk Under the EU AI Act?

The short answer: run five questions in sequence. If your system hits a "stop" before the end, you know your tier and your obligations. If it clears all five, you have minimal risk — no mandatory requirements beyond good practice.

This walkthrough follows the exact logic of Regulation (EU) 2024/1689. The compliance deadline for the high-risk tier is 2 December 2027 for stand-alone systems — deferred from the original 2 August 2026 date under the Digital Omnibus agreed in May 2026. That is not a reason to delay classification. The documentation alone takes months to assemble, and registration in the EU database under Article 49 must happen before deployment.

---

The Five-Step Classification Test

Step 1: Is it a prohibited practice under Article 5?

Article 5 lists practices that are banned outright, regardless of how the system is designed or who deploys it. Prohibited practices have been unlawful since 2 February 2025.

You stop here — unacceptable risk — if your system:

• Deploys subliminal techniques or deliberately exploits vulnerabilities (age, disability, social circumstances) to distort behaviour in ways that cause harm (Article 5(1)(a)–(b))
• Conducts social scoring by public authorities that leads to detrimental treatment in unrelated contexts (Article 5(1)(c))
• Predicts the risk of a person committing a criminal offence solely based on profiling or personality traits, without reference to actual human-observed behaviour (Article 5(1)(d))
• Scrapes facial images from the internet or CCTV to build or expand a biometric database (Article 5(1)(e))
• Infers emotions in the workplace or in educational settings — with narrow exceptions for medical or safety reasons (Article 5(1)(f))
• Performs biometric categorisation that deduces sensitive attributes such as political opinion, religious belief, sexual orientation, or race (Article 5(1)(g))
• Uses real-time remote biometric identification in publicly accessible spaces for law enforcement purposes — except under the narrow conditions in Article 5(2) (Article 5(1)(h))

Concrete yes/no examples:

• A workplace productivity tool that infers employee frustration from keystroke patterns → Prohibited (emotion inference in the workplace, Art 5(1)(f))
• A law enforcement tool that predicts recidivism from demographic and social-media data alone → Prohibited (profiling-based crime risk prediction, Art 5(1)(d))
• A HR chatbot that screens applications against job requirements → Not prohibited; proceed to Step 2

If your system is prohibited, stop. There is no compliance path — discontinue or redesign the system before 2 February 2025 (that date has already passed).

---

Step 2: Is it a safety component of an Annex I product requiring third-party conformity assessment?

Article 6(1) creates a separate high-risk pathway for AI systems that are a safety component of a product governed by the Union harmonisation legislation listed in Annex I — and where that product is itself subject to third-party conformity assessment.

Annex I covers, among others: machinery (Regulation (EU) 2023/1230), medical devices (MDR 2017/745), in vitro diagnostic medical devices (IVDR 2017/746), radio equipment (RED 2014/53/EU), aircraft (EASA Regulation (EU) 2018/1139), and automotive vehicles. If your AI system forms part of the safety function of such a product — rather than being a standalone tool — it is high-risk under Article 6(1).

The compliance deadline for this pathway is 2 August 2028 (not December 2027 — the Digital Omnibus set a distinct later date for Annex I products).

Concrete yes/no examples:

• An AI algorithm embedded in a medical imaging device (classified as Class IIa or above under MDR) that flags potential tumours for radiologist review → High-risk via Art 6(1). Conformity assessment is integrated with the MDR CE-marking process; the AI Act obligations layer on top.
• A general analytics dashboard sold as a separate SaaS product that a hospital happens to purchase → Not embedded in the product; does not trigger Art 6(1). Proceed to Step 3.

---

Step 3: Does it fall within an Annex III area?

Article 6(2) provides that AI systems listed in Annex III are high-risk. Annex III contains eight areas:

1. Biometrics — remote biometric identification; biometric categorisation; emotion recognition (where not prohibited)
2. Critical infrastructure — safety components in digital infrastructure, road traffic, water, energy supply
3. Education and vocational training — systems that determine access, assess students, monitor exam conduct
4. Employment and workers management — recruitment, screening, promotion, termination, task allocation, monitoring of performance and behaviour (Annex III point 4)
5. Access to essential private and public services — creditworthiness and credit scoring (not fraud detection); health and life insurance risk assessment and pricing; emergency dispatch prioritisation; public benefits eligibility (Annex III point 5)
6. Law enforcement — risk of offending or re-offending, polygraphs, evidence reliability assessment, crime analytics
7. Migration, asylum, border control — risk assessment, examination of applications, document verification
8. Administration of justice and democratic processes — assisting judicial authorities in applying the law; influencing elections or referenda

Concrete yes/no examples:

• A resume-ranking tool that scores candidates for shortlisting → Annex III point 4(a) — employment, recruitment. High-risk.
• A credit-scoring model that prices a consumer loan → Annex III point 5(b) — creditworthiness assessment. High-risk.
• A fraud-detection system that flags suspicious transactions (without scoring an individual's creditworthiness) → Explicitly excluded from Annex III point 5(b). Not high-risk via this route.
• A chatbot that handles general customer enquiries → Not in any Annex III area. Proceed to Step 4.

If your system is not in Annex III, skip to Step 4 (the limited-risk check).

---

Step 4: Does the Article 6(3) exemption apply?

Not every system that falls nominally within Annex III is automatically high-risk. Article 6(3) provides that an Annex III system is not high-risk if it does not pose a significant risk of harm to the health, safety, or fundamental rights of natural persons — including by not materially influencing the outcome of decision-making. The exemption applies where the system:

• Performs a narrow procedural task (e.g. converting a document format, routing a message);
• Improves the result of a previously completed human activity (e.g. spell-checking text a human already drafted);
• Detects decision-making patterns without replacing or influencing human assessment (e.g. an analytics report that surfaces trends for human interpretation, with no individual-level recommendations); or
• Performs preparatory work for a decision that a human takes independently of the system's output.

The hard limit: any system that profiles natural persons — even if it otherwise fits one of the four exemption limbs — remains high-risk. There is no exemption path for profiling.

If you claim the Article 6(3) exemption, two obligations survive:

1. You must document the assessment — a written record explaining which exemption condition applies and why the system poses no significant risk of harm.
2. You must still register the system in the EU database under Article 49.

Concrete yes/no examples:

• An HR analytics tool that produces aggregate turnover statistics by department, without scoring individual employees → Could qualify under "preparatory work / pattern detection without influencing individual assessment." Document it carefully.
• A tool that automatically ranks job applicants and filters out those below a threshold score before a human reviews the shortlist → The system does influence the outcome of individual decisions. Exemption does not apply. High-risk.
• A credit bureau system that compiles raw financial data for a human analyst who then makes their own scoring decision → Potentially narrow procedural / preparatory. The exemption is arguable — but only with rigorous documentation showing the system output is not used as an input to the credit decision.

If the exemption applies: document, register, and you are done with high-risk obligations.

If the exemption does not apply (or you are in Annex III without a valid exemption claim): high-risk. You inherit the full obligation stack — risk management system (Article 9), data governance (Article 10), technical documentation per Annex IV (Article 11), logging (Article 12), transparency to deployers (Article 13), human oversight (Article 14), accuracy and robustness (Article 15), conformity assessment (Article 43), EU Declaration of Conformity (Article 47), CE marking (Article 48), and registration (Article 49). Providers bear the primary burden; deployers must verify compliance and maintain their own obligations under Article 26 before deployment.

---

Step 5: Does it trigger Article 50 transparency obligations?

If your system cleared Steps 1–4 without landing in a prohibited or high-risk category, the final question is whether it interacts with natural persons in a way that triggers the limited-risk transparency obligations of Article 50.

Article 50 applies from 2 August 2026 — the general application date, which was not deferred by the Digital Omnibus.

The disclosure duties apply to:

• Chatbots and AI-generated conversational output: users must be informed they are interacting with an AI system (Article 50(1)), unless the context makes it obvious.
• Emotion recognition and biometric categorisation systems: operators must inform individuals exposed to them (Article 50(3)).
• Deepfakes and synthetic media: providers must mark AI-generated or manipulated audio, visual, or audiovisual content as artificially generated or manipulated (Article 50(4)).
• AI-generated text on matters of public interest: publishers must label it as AI-generated (Article 50(4)).

If your system does none of these, you are in the minimal-risk tier. No mandatory EU AI Act obligations apply, though voluntary codes of practice are encouraged.

Concrete yes/no examples:

• A customer-service chatbot that answers billing queries → Limited-risk. Must disclose AI interaction to users (Article 50(1)).
• An internal document-drafting tool used entirely by trained staff who know it is an AI tool → Likely minimal risk; the "obvious from context" exception in Article 50(1) may apply, but document your reasoning.
• A marketing tool that generates product-description copy published on a commercial website → Article 50(4) labelling may apply if it covers matters of public interest; standard e-commerce copy likely falls outside that scope.

---

The Risk-Tier Summary

---

What "High-Risk" Actually Requires

Once a system is classified as high-risk, the obligation stack is non-trivial. These apply to providers (companies that develop or place the system on the market under their own name) under Article 16; deployers (companies that use the system in a professional context under their authority) carry their own obligations under Article 26.

For providers, the core requirements are:

• Article 9 — Risk management system: an ongoing process, updated continuously throughout the system's lifecycle.
• Article 10 — Data governance: documented controls over training, validation, and test data — including bias examination.
• Article 11 — Technical documentation (per Annex IV): everything a notified body or market-surveillance authority would need to assess compliance.
• Article 13 — Transparency to deployers: instructions for use that allow deployers to understand what the system does, its limitations, and how to implement human oversight.
• Article 14 — Human oversight: design the system so a human can understand, monitor, intervene, and override its outputs.
• Article 15 — Accuracy, robustness, cybersecurity: documented performance levels; resilience against errors and adversarial inputs.
• Article 43 — Conformity assessment: internal self-assessment (Annex VI) for most Annex III categories; notified-body assessment (Annex VII) for biometrics (Annex III point 1) and some other cases.
• Article 47 — EU Declaration of Conformity: formal document signed before placing the system on the market.
• Article 49 — Registration: entry in the EU database before deployment.
• Article 72 — Post-market monitoring: a plan to collect and review data on system performance after deployment.
• Article 73 — Serious incident reporting: report incidents to market-surveillance authorities.

For deployers specifically, Article 27 requires a Fundamental Rights Impact Assessment (FRIA) before deploying certain high-risk systems — specifically those used by or on behalf of public bodies, and those involving creditworthiness assessment (Annex III point 5(b)) or life/health insurance pricing (Annex III point 5(c)).

The fine for failing to comply with these obligations is up to €15 million or 3% of total worldwide annual turnover, whichever is higher (Article 99(4)). For companies that qualify as SMEs or start-ups, the fine is capped at the lower of the percentage or the fixed amount — a proportionality protection written into Article 99(6).

---

How Confir Helps

Confir runs exactly this five-step classification in its intake flow — encoded as deterministic, rule-based logic. You answer plain-English scenarios about your system's function, use case, and deployment context; Confir derives the risk tier and your role (Provider under Article 16, Deployer under Article 26, or both) using explicit rules, with the rule that fired visible and auditable. Same intake always produces the same result — no variance, no hallucination.

Once classification is confirmed, Confir drives the full assessment: Article 9 risk management, Article 11 technical documentation, Article 14 oversight controls, Article 27 FRIA for qualifying deployers, conformity assessment under Article 43, and Article 49 registration. The output is a print-ready compliance package. Pricing starts at €600/year; no consultants, no six-month implementation.

---

Frequently Asked Questions

Does internal use exempt my system from the EU AI Act?

No. The Act applies to AI systems placed on the market or put into service in the EU, regardless of whether deployment is internal or commercial. A system that evaluates employee performance (Annex III point 4) is high-risk whether sold externally or used only within your own organisation. Internal deployers carry the Article 26 obligations: verify supplier compliance, ensure human oversight, keep logs for at least six months under Article 26.

My system makes recommendations, but a human makes the final decision. Does that change my classification?

Classification under Articles 5 and 6 is based on the system's function and intended use, not on whether a human approves the output. A recruitment tool that ranks candidates is high-risk (Annex III point 4(a)) even if a manager reviews the shortlist before any hire. The human oversight requirement in Article 14 is an obligation triggered by high-risk classification, not a mechanism for avoiding it.

The Article 6(3) exemption looks attractive. How narrow is it really?

Very narrow. A system that produces any individual-level output — a score, a recommendation, a ranking — that feeds into a decision about a natural person will struggle to meet the "not influencing the outcome of decision-making" test. The exemption is intended for genuine utilities: format conversion, aggregated statistics, preparatory document processing. If there is meaningful doubt, treat the system as high-risk and document it; the cost of misclassification (Art 99(4): up to €15M/3%) exceeds the cost of a conformity assessment.

What is the difference between a provider and a deployer?

A provider (Article 16) develops or places the AI system on the market under its own name. A deployer (Article 26) uses the system under their authority in a professional context. A SaaS company selling an AI hiring tool is a provider; a company using that tool to screen candidates is a deployer. Under Article 25, a deployer becomes a provider — with all the attendant obligations — if it places its own name on the system, substantially modifies it, or changes its intended purpose.

When is the deadline for high-risk compliance?

For stand-alone high-risk AI systems covered by Annex III: 2 December 2027, under the Digital Omnibus political agreement of May 2026 (previously 2 August 2026). For high-risk AI embedded in regulated products under Annex I: 2 August 2028. Prohibited practices under Article 5 have been banned since 2 February 2025. Limited-risk transparency under Article 50 applies from 2 August 2026.

What penalties apply if I misclassify a high-risk system as minimal-risk?

Up to €15 million or 3% of total worldwide annual turnover, whichever is higher — Article 99(4). For SMEs and start-ups, Article 99(6) caps the fine at the lower of the two figures. The documentation you produce during classification is your primary defence in a market-surveillance audit; without it, regulators will treat the misclassification as negligent.

Do I still have obligations if the Article 6(3) exemption applies?

Yes. You must document the exemption assessment in writing (explaining which of the four conditions applies and why the system poses no significant risk of harm) and register the system in the EU database under Article 49. The full obligation stack — risk management, conformity assessment, etc. — does not apply, but registration is not waivable.

---

Related guides

• Article 6 designation pathway
• risk classification levels guide
• biometric identification use cases
• Article 6 classification decision tree
• Annex III high-risk use cases
• Article 8 compliance requirements