AI in Visa Applications: High-Risk Under Annex III Point 7
Visa-examination AI is high-risk under Annex III point 7. Art 9, 10, 14, 27 FRIA obligations apply; registration is non-public. Deadline: 2 December 2027.
An AI system that examines a visa application — scoring the applicant's eligibility, flagging credibility concerns, or recommending approval or refusal — is high-risk under the EU AI Act from the moment it touches the outcome. Annex III point 7 covers AI "intended to be used by or on behalf of competent public authorities to assist in the examination of applications for asylum, visa and residence permits and associated complaints with respect to eligibility of natural persons." There is no ambiguity here and no discretionary threshold to clear. The classification is automatic.
That matters because the obligation stack for high-risk AI is substantial: a documented risk management system, training-data governance, technical documentation, human-oversight design, a Fundamental Rights Impact Assessment, registration in the EU database, and penalties of up to €15 million or 3% of worldwide turnover under Article 99(4) for non-compliance. The compliance deadline for stand-alone Annex III systems is 2 December 2027, deferred from the original August 2026 date under the Digital Omnibus political agreement reached in May 2026.
Why Annex III Point 7 Applies — and Why the Art 6(3) Filter Rarely Saves You
Article 6(1) makes high-risk classification automatic for systems listed in Annex III. Article 6(3) provides a narrow escape: a system in scope is not high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights — for instance, if it performs only a narrow procedural task, improves a result already produced by a human, or does purely preparatory work without influencing the substantive decision.
For visa AI, that filter closes fast. A system that scores an applicant's economic ties to the country of origin, assesses document authenticity, ranks applications by fraud risk, or flags inconsistencies in testimony for officer review is influencing the substance of the decision. Each of those outputs shapes whether a person gains access to territory, work, education, or family reunification. Any system that profiles natural persons — Article 6(3) states this explicitly — is always high-risk regardless of how the operator frames the use.
The only visa-adjacent tools that plausibly escape Annex III point 7 are purely administrative ones: OCR of form fields, file-completeness checks, translation of supporting documents. A chatbot that answers applicants' questions about required documents is limited-risk under Article 50. But the moment a system's output reaches the case officer and shapes the recommendation, it is in scope.
One additional boundary to keep clear: if a visa application system uses biometric categorisation to infer sensitive attributes — nationality proxies, ethnicity, or religion — from facial images or travel history, it enters the territory of Article 5(1)(g), which prohibits AI that categorises natural persons based on biometric data to deduce or infer sensitive characteristics. High-risk is not the worst outcome for such a system; prohibited is.
The Obligation Stack for Providers
Providers are organisations that place a visa-examination AI system on the market or put it into service under their own name. Their obligations under Articles 8 through 16 run in sequence.
Risk management (Article 9). Before deployment, providers must establish a continuous risk management system — not a one-time assessment. For visa AI, this means identifying the specific risks that arise from influencing asylum and residence decisions: discriminatory output correlated with nationality or ethnicity, degraded accuracy on applicant groups underrepresented in training data, and manipulation of document-authenticity scores through adversarial inputs. The system must be kept active throughout the AI system's lifecycle, updated when the system is retrained or its context changes.
Data and data governance (Article 10). Visa decision models are typically trained on historical adjudication records. Those records embed the biases of prior human decisions: processing delays correlated with origin country, approval rates shaped by bilateral political relationships, inconsistent credibility assessments across different interviewing officers. Article 10 requires providers to document training data composition, examine it for biases that could produce discriminatory output, and apply technical measures to mitigate those biases where identified. Accuracy must be reported disaggregated across relevant sub-groups — for visa AI, that means origin country, visa type, and demographic categories as far as the data permits. A model with 90% overall accuracy but 55% accuracy for applicants from a specific region fails this standard.
Note that Article 10 governs data and data governance. Staff competence — ensuring officers understand how to work with the system — is a separate requirement under Article 4 (AI literacy), which has been in force since 2 February 2025.
Technical documentation (Article 11, Annex IV). Providers must prepare and maintain a technical file covering system architecture, training methodology, validation procedures, performance benchmarks, and the intended use. The file must be available to competent authorities on request. For visa AI deployed across multiple member states, the documentation must be sufficient for each relevant national authority to assess compliance independently.
Transparency to deployers (Article 13). Providers must supply deploying authorities with clear information on the system's intended use, performance characteristics, known limitations, and the human oversight process. If the system degrades in accuracy for certain applicant populations, that must be stated explicitly — not buried in a technical annex.
Human oversight by design (Article 14). This is the obligation that shapes the architecture of visa AI more than any other. The system must be designed so that a qualified person can effectively oversee its operation, understand what it is doing, intervene, correct, or override. For visa AI, that means: outputs must be interpretable to a case officer (not a black-box score without explanation); the officer must be able to override without procedural barriers; and the system must clearly signal situations where its confidence is low or where the case falls outside the training distribution. Designing around Article 14 is not an afterthought — it must be part of the system's architecture from the start.
Accuracy, robustness, cybersecurity (Article 15). Visa AI must achieve consistent accuracy across applicant groups throughout its operational life. Providers must design for resilience against adversarial inputs — document forgeries that could fool authenticity classifiers, prompt injection in text-based fields, or data poisoning in training pipelines.
Conformity assessment (Article 43). Before placing the system on the market, providers must complete a conformity assessment. For most Annex III systems, this is an internal self-assessment against Articles 9 through 15, documented in a technical file, followed by signing the EU Declaration of Conformity under Article 47 and affixing the CE marking under Article 48. Providers then register the system in the EU database under Article 49.
Registration in the Non-Public Section of the EU Database (Article 49)
This is a specific and important feature of migration-domain AI. Most high-risk AI systems are registered in the public section of the EU database (Article 71). Systems used for migration, asylum, and border control — including visa examination AI — are registered in the non-public section, accessible only to the Commission, the AI Office, and relevant national authorities. The rationale is straightforward: public disclosure of the systems in use at a border or in a visa office creates security risks.
Providers register before placing the system on the market. Public-authority deployers register separately when they put the system into service. Both registrations are required; they are not interchangeable.
Deployer Obligations: What the Visa Authority Must Do
The immigration authority deploying a visa-examination AI system is a deployer under Article 26. Deployer obligations are less extensive than provider obligations, but they are real and enforceable.
Under Article 26, the authority must: use the system in accordance with the provider's instructions; ensure that case officers responsible for human oversight have the necessary competence, training, and authority; verify that input data (application materials, interview records) is representative and fit for the system's intended use; monitor operation and report serious incidents under Article 73 through the provider; and keep logs of operation for at least six months under Article 26.
Where the deployer is a public body — which all competent immigration authorities are — it must also conduct a Fundamental Rights Impact Assessment (FRIA) under Article 27 before putting the system into service.
The Article 27 FRIA for Immigration Authorities
The FRIA is not a light formality. Article 27 requires public-body deployers to assess, before deployment, how the high-risk AI system affects the fundamental rights of the persons it touches. For a visa-examination system, those rights include:
- Article 21 of the EU Charter — non-discrimination on grounds of nationality, ethnicity, religion, sex, or other protected characteristics. The FRIA must consider whether the system produces systematically different outcomes for applicants from different origin countries, or whether design choices introduce proxies for protected characteristics.
- Article 7 of the EU Charter — respect for private and family life. A visa denial separates families. The FRIA must assess whether the system's outputs are calibrated to the specific visa type and its relationship to family reunification rights.
- Article 18 of the EU Charter — right to asylum. Any visa-adjacent system that touches asylum applicants faces the highest scrutiny; the FRIA must map the system's role against the procedural guarantees of the EU asylum acquis.
- Article 8 of the EU Charter / GDPR — data protection. Visa applications contain sensitive personal data. The FRIA must address how the system processes that data, what the legal basis is, and how data-subject rights (access, rectification, restriction) are operationalised.
The FRIA must be documented in writing, updated when the system is materially modified, and made available to the competent authority. For migration-domain systems, it is registered in the non-public section of the EU database, consistent with the Article 49 registration.
The Penalty Exposure
Non-compliance with the high-risk obligations — failing to complete a risk management system, skipping the FRIA, deploying without a conformity assessment, designing out human oversight — carries a maximum fine of €15,000,000 or 3% of total worldwide annual turnover, whichever is higher (Article 99(4)). For public authorities that do not have "turnover" in the commercial sense, the fixed-sum ceiling applies. For technology providers that supply the system, the percentage tier bites harder.
The fine ceiling for breaching the Article 5 prohibitions — if biometric categorisation of sensitive attributes is involved — is higher still: €35,000,000 or 7% of worldwide turnover under Article 99(3).
The compliance deadline is 2 December 2027 for stand-alone Annex III systems. That is not a distant horizon for a system that requires training-data audits, architecture changes to embed Article 14 oversight mechanisms, documentation under Annex IV, a FRIA, and two separate database registrations. Starting in the second half of 2025 or early 2026 is not early — it is on schedule.
How Confir Helps
Confir's rule-based, deterministic engine handles the parts of this that most teams approach with a spreadsheet and dread. Classification — confirming that a visa-examination system lands in Annex III point 7 and understanding whether Article 6(3) applies — is a structured checklist, not a judgment call. The system asks the right questions and derives the finding from explicit logic. Same intake, same result, every time.
From there, Confir drives the structured compliance assessment: data governance under Article 10, human-oversight design under Article 14, and the Article 27 FRIA — the assessment that public-authority deployers cannot skip. The FRIA module walks through the fundamental-rights analysis specific to the system's use case and produces a documented output that satisfies both Article 27 and the database registration requirement.
For providers, Confir generates the Article 11 / Annex IV technical documentation pack and the Article 47 Declaration of Conformity — the two documents that sit at the centre of the conformity assessment process.
No consultants. Self-serve, from €600 per year.
Frequently Asked Questions
Does Annex III point 7 apply to private companies that provide visa-processing software to governments?
Yes. Annex III point 7 covers AI systems "intended to be used by or on behalf of" competent public authorities. A private company that builds and sells a visa risk-scoring system to an immigration ministry is the provider of a high-risk AI system. All provider obligations under Articles 9–16 apply to it. The immigration authority is the deployer and carries the Article 26 and Article 27 obligations. Both parties have independent compliance duties.
What is the Article 6(3) filter, and does it apply to visa AI?
Article 6(3) allows a provider to self-assess that an Annex III system is not, in fact, high-risk — if it does not pose a significant risk of harm to health, safety, or fundamental rights. The filter covers narrow procedural tools, systems that improve a result already produced by humans, or systems that detect decision patterns without replacing or influencing human assessment. For visa AI, this filter is available only to genuinely administrative systems (completeness checks, OCR, translation). Any system that scores, ranks, or recommends on visa eligibility is influencing the substantive decision and cannot use the Article 6(3) exit.
What is the Article 27 FRIA, and who must complete it?
The Fundamental Rights Impact Assessment, required by Article 27, applies to deployers that are public bodies or deployers using a system that falls under specific Annex III categories including migration and border control. Immigration authorities must complete the FRIA before putting a visa-examination system into service. The assessment must cover the rights affected — non-discrimination, family life, asylum, data protection — document the conclusions, and be registered in the non-public section of the EU database (Article 49). It must be updated whenever the system is materially modified.
Why is the EU database registration non-public for visa systems?
Article 49 requires registration of high-risk AI systems in the EU database established under Article 71. For migration, asylum, and border-control systems, the Act specifies registration in the non-public section — accessible to the Commission, the AI Office, and national competent authorities, but not to the general public. The logic is security: publishing the technical characteristics of border-screening or visa-scoring systems would allow bad actors to optimise their applications or documents against the system's known logic.
What are the penalty ceilings for non-compliance?
Non-compliance with the high-risk obligations — missing the FRIA, failing to implement Article 14 human-oversight design, skipping the conformity assessment — exposes both providers and deploying authorities to a maximum of €15,000,000 or 3% of total worldwide annual turnover under Article 99(4), whichever is higher. If a system crosses into prohibited territory under Article 5 — biometric categorisation of sensitive attributes to infer nationality or ethnicity — the ceiling rises to €35,000,000 or 7% under Article 99(3).
When is the compliance deadline?
2 December 2027 for stand-alone high-risk AI systems under Annex III, including visa-examination AI. This date reflects the Digital Omnibus political agreement reached in May 2026, which deferred the original 2 August 2026 high-risk deadline. The later date of 2 August 2028 applies to high-risk AI embedded as safety components in products regulated under Annex I (medical devices, machinery, etc.) — that route does not apply to visa AI.
Is the Article 5 prohibited-practice risk relevant to visa AI?
It can be. Article 5(1)(g) prohibits AI systems that use biometric data to deduce or infer sensitive characteristics, including ethnicity or nationality as a proxy for protected attributes. A visa AI that uses facial imagery, travel patterns, or other biometric-adjacent signals to infer characteristics that then feed the eligibility assessment is at risk of crossing this line. That is not a high-risk finding — it is a prohibition, in force since 2 February 2025, with no compliance pathway. Providers and deployers should explicitly map their feature sets against Article 5(1)(g) before the system goes anywhere near a case officer's screen.
Related guides
- Article 6 high-risk classification
- determine your AI system's risk level
- EU AI Act risk classification framework
- high-risk AI obligations
- Article 9 risk management requirements
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →