High-Risk AI System: Definition under the EU AI Act
High-risk AI system under EU AI Act Article 6: Annex I and Annex III routes, the Article 6(3) exemption, and the 2 December 2027 deadline plus 3% penalty.
Under Regulation (EU) 2024/1689, a high-risk AI system is an AI system that either (1) is itself — or is a safety component of — a product covered by the Union harmonisation legislation listed in Annex I that requires third-party conformity assessment (Article 6(1)), or (2) is intended to be used in one of the areas listed in Annex III (Article 6(2)). Meeting either gateway is enough.
High-risk is the second-most-restrictive of the four tiers in risk classification, formally defined as the high-risk tier. Only the prohibited practices of Article 5 rank higher in restriction; everything permitted but heavily regulated sits here, carrying the heaviest substantive obligation stack in the Act.
Classification is a use-driven question, not a technology question. The same model can be high-risk in one deployment and minimal-risk in another, because Annex III is organised by intended purpose and area of use. The threshold below all of this is whether your software even qualifies as an AI system under Article 3. Getting the classification right determines whether the full Chapter III obligation stack — and a EUR 15 million / 3% of worldwide turnover penalty exposure — applies to you.
The EU AI Act Definition
The statutory rule lives in Article 6 of Regulation (EU) 2024/1689, split into two independent gateways. The full mechanics live in Article 6 classification, and the enumerated use areas in Annex III.
The two statutory routes
| Route | Legal basis | Trigger | Example |
|---|---|---|---|
| Product-embedded | Article 6(1) | AI is, or is a safety component of, an Annex I product needing third-party conformity assessment | AI in a Class IIa medical device |
| Stand-alone | Article 6(2) | AI intended for use in one of the eight Annex III areas | CV-screening for recruitment |
Article 6(1): Annex I product-embedded
An AI system is high-risk where it is intended to be used as a safety component of a product, or is itself a product, covered by the Union harmonisation legislation listed in Annex I, and that product (or the AI as a safety component) is required to undergo a third-party conformity assessment under that Annex I legislation. Both conditions must hold.
Annex I covers product sectors such as machinery, medical devices, in vitro diagnostic devices, toys, lifts, radio equipment, civil aviation and motor vehicles — the existing CE-marking world.
Article 6(2): Annex III stand-alone
An AI system is high-risk where it is intended to be used in one of the eight areas enumerated in Annex III, regardless of any product legislation. This is the route most software companies will travel.
Note the conceptual layering: a general-purpose AI model (Chapter V, Articles 51 to 55) is governed separately. High-risk classification applies to the system built on top of such a model, assessed by its intended purpose.
How a System Becomes High-Risk
The Annex III eight areas
Annex III enumerates eight areas:
- Biometrics.
- Critical infrastructure.
- Education and vocational training.
- Employment, workers management and access to self-employment.
- Access to essential private and public services (including creditworthiness and credit scoring, and risk-pricing in life and health insurance).
- Law enforcement.
- Migration, asylum and border control.
- Administration of justice and democratic processes.
A system used in any of these is high-risk unless it qualifies for the narrow exemption below.
The Article 6(3) exemption
A system that falls within an Annex III area is not high-risk where it does not pose a significant risk of harm to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision-making. This is Article 6(3).
The exemption is condition-bound. It applies only where the system:
- performs a narrow procedural task; or
- improves the result of a previously completed human activity; or
- detects decision-making patterns or deviations from prior patterns without replacing or influencing the human assessment without proper review; or
- performs a preparatory task to an assessment relevant to an Annex III use case.
A provider that concludes its Annex III system is exempt must document that assessment before placing it on the market and register the system. The burden of proof sits with the provider, and authorities can demand the documented reasoning. The exemption is not a loophole: most systems that genuinely drive an Annex III decision — screen candidates, score credit, triage applications — will not qualify, because they materially influence the outcome.
Profiling is always high-risk
There is a bright-line carve-out. A system that performs profiling of natural persons is always high-risk. It can never use the Article 6(3) exemption, even if it would otherwise qualify.
The Obligation Stack That Attaches
Classification as high-risk triggers the Chapter III, Section 2 requirements, owed primarily by the provider (Article 16) with a defined deployer slice (Article 26). Treat these as a single connected workflow, not a checklist: documentation (Article 11) evidences the risk management (Article 9), which feeds the conformity assessment (Article 43) and registration (Article 49).
Lifecycle and data requirements
- Risk management system across the lifecycle — introduce as the Article 9 obligations, the continuous, iterative process that anchors the rest of the stack.
- Data and data governance for training, validation and testing sets — Article 10.
Documentation, oversight and accuracy
- Technical documentation drawn up before placing on the market and kept up to date — Article 11, with the minimum content set out in Annex IV.
- Automatic logging / record-keeping over the system's lifetime to ensure traceability — Article 12.
- Transparency and provision of information to deployers, including instructions for use — Article 13.
- Human oversight designed into the system so natural persons can effectively oversee it — Article 14.
- Accuracy, robustness and cybersecurity at appropriate levels throughout the lifecycle — Article 15.
Pre-market gates: conformity assessment and registration
- Conformity assessment before placing on the market — Article 43 — followed by an EU declaration of conformity and CE marking.
- Registration in the EU database before placing on the market or putting into service — Article 49.
When the High-Risk Rules Apply (Deadlines)
Annex III stand-alone systems
For stand-alone Annex III systems (Article 6(2)), the Digital Omnibus reached provisional political agreement on 6 to 7 May 2026 (COREPER text confirmed around 13 May 2026) to defer the application date from 2 August 2026 to 2 December 2027.
A freshness caveat that matters: as of June 2026 this deferral is agreed but not yet law. It still needs a European Parliament plenary vote, formal Council adoption and Official Journal publication. Until then, the statute as enacted still reads 2 August 2026 for high-risk Annex III. Plan against the agreed 2 December 2027 date while treating 2 August 2026 as the live statutory text.
Annex I product-embedded systems
For Annex I product-embedded high-risk systems (Article 6(1)), the Digital Omnibus agreed to defer from 2 August 2027 to 2 August 2028. The same not-yet-law caveat applies.
Both new dates are fixed calendar dates. The standards-contingent "stop the clock" proposal — which would have tied the delay to the availability of harmonised standards — was rejected. Never describe the delay as conditional on standards being ready.
What did not move
For context: the Article 5 prohibitions have applied since 2 February 2025; GPAI obligations (Articles 51 to 55) since 2 August 2025; and a new 2 December 2026 deadline was added (the CSAM / "nudifier" ban plus content-marking duties). The high-risk deferral did not touch any of those.
The practical takeaway: the deferral buys preparation time, not a reprieve. Risk management, data governance and technical documentation are multi-quarter programmes that should start now.
Worked Examples
Recruitment screening (Annex III, employment)
An AI tool that filters, ranks or scores job applicants is high-risk under Annex III point 4(a) (employment and workers management), because it is used to recruit or select natural persons. It materially influences the hiring outcome, so the Article 6(3) exemption will not apply. The provider must meet the full high-risk obligation stack before placing it on the EU market.
Credit scoring (Annex III, essential services)
An AI system used to evaluate the creditworthiness of natural persons or establish their credit score is high-risk under Annex III point 5(b) (access to essential private services). One carve-out to state accurately: systems used to detect financial fraud are explicitly outside this point.
AI in a medical device (Annex I)
AI that is a safety component of a Class IIa-or-above medical device — which requires third-party (notified-body) conformity assessment under the Medical Device Regulation listed in Annex I — is high-risk via Article 6(1), the product route, not the Annex III route. This system follows the 2 August 2028 deadline.
The cross-cutting lesson: route matters for both the legal basis and the deadline. Annex III stand-alone (Article 6(2), 2 December 2027 agreed) versus Annex I embedded (Article 6(1), 2 August 2028 agreed).
How Confir Helps
Confir runs the Article 6 high-risk test for you. Its rule-based, deterministic engine walks the Annex I and Annex III routes and the Article 6(3) conditions from structured intake answers and produces a documented, reproducible classification — the same logic every time, no model inference, no hallucination. Because the same inputs always yield the same finding, the output is suited to the provider's burden of proof under Article 6(3): you can show authorities the documented reasoning behind every classification, and re-run it on demand when a system or its intended purpose changes.
Frequently Asked Questions
What is a high-risk AI system under the EU AI Act?
Under Article 6 of Regulation (EU) 2024/1689, a high-risk AI system is one that is either a safety component of an Annex I regulated product requiring third-party conformity assessment, or is used in one of the eight areas listed in Annex III — such as employment, credit scoring, or law enforcement. High-risk is the most heavily regulated permitted tier.
What are the categories of high-risk AI in Annex III?
Annex III lists eight areas: biometrics; critical infrastructure; education and vocational training; employment and workers management; access to essential private and public services (including credit scoring and insurance pricing); law enforcement; migration, asylum and border control; and administration of justice and democratic processes. A system used in any of these is high-risk unless it qualifies for the Article 6(3) exemption.
Is my AI system automatically high-risk if it falls under Annex III?
Not always. Article 6(3) exempts an Annex III system that does not pose a significant risk to health, safety or fundamental rights — for example, one performing a narrow procedural task or improving a completed human activity. But the exemption never applies to profiling of natural persons, which is always high-risk. Providers must document any exemption assessment.
What obligations apply to a high-risk AI system?
High-risk systems must meet Chapter III requirements: risk management (Article 9), data governance (Article 10), technical documentation (Article 11 and Annex IV), record-keeping (Article 12), transparency (Article 13), human oversight (Article 14), and accuracy and robustness (Article 15). Before market entry they must pass conformity assessment (Article 43) and be registered in the EU database (Article 49).
When do high-risk AI system rules apply?
As enacted, high-risk Annex III obligations apply from 2 August 2026. The Digital Omnibus agreed in May 2026 would defer this to 2 December 2027, and Annex I product-embedded systems to 2 August 2028 — but as of June 2026 this is agreed, not yet law, and still needs Parliament and Council adoption. Until then the 2 August 2026 date stands.
Is a recruitment or hiring AI tool high-risk?
Yes. AI used to filter, rank, screen or evaluate job applicants is high-risk under Annex III point 4 (employment and workers management). Because such a tool materially influences the hiring outcome, it cannot rely on the Article 6(3) exemption, and the provider must meet the full high-risk obligation stack before placing it on the EU market.
What are the penalties for non-compliant high-risk AI systems?
Breaching high-risk obligations can draw fines up to EUR 15 million or 3% of worldwide annual turnover, whichever is higher (Article 99(4)). Supplying incorrect or misleading information to authorities can draw up to EUR 7.5 million or 1% (Article 99(5)). For SMEs and start-ups, the lower of the fixed amount and percentage applies (Article 99(6)).
Related terms
- the high-risk tier — the tier definition and where high-risk sits among the four levels.
- Article 6 classification — the full Annex I and Annex III classification mechanics and the Article 6(3) test.
- Annex III — the eight enumerated high-risk use areas in detail.
- AI system — the Article 3 threshold question that must be answered before classification.
- risk classification — how the four tiers are assigned across the Act.
- the Article 9 obligations — the risk management system that anchors the high-risk obligation stack.
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →