Skip to content
Confir.
Free trial
Blog

EU AI Act Compliance for Education: Schools, Universities, EdTech

Guide23 May 2026· 15 min read· 2,913 words

EU AI Act in education: Annex III point 3 covers admissions AI and exam proctoring as high-risk. Emotion-detecting proctoring prohibited since 2 Feb 2025.

The EU AI Act singles out education as one of its eight Annex III high-risk areas. Point 3 of Annex III covers four distinct AI uses in education, each carrying the full high-risk obligation stack. And sitting above those — since 2 February 2025 and already in force — is a flat prohibition that bans one of the most commercially active AI categories in European classrooms entirely. Getting this wrong is not an abstract compliance risk. The fine ceiling for breaching Article 5 is €35 million or 7% of worldwide annual turnover, whichever is higher.

This article maps which systems are prohibited, which are high-risk, and which are merely subject to limited-risk transparency. It then sets out what providers (EdTech vendors) and deployers (schools, universities, public education bodies) must actually do.

What Annex III Point 3 Covers: Four High-Risk Categories

Annex III point 3 of Regulation (EU) 2024/1689 designates as high-risk any AI system that does one of the following:

  1. Determines access to, or assignment within, educational or vocational training institutions. Admissions-scoring algorithms, ranked application filters, predicted-grade systems used for selective entry, and algorithmic streaming decisions all fall here when their output materially influences whether a person gains a place.

  2. Evaluates learning outcomes, including where that output steers the learning process. Automated essay-scoring used for summative assessment, AI-graded certification tests, and adaptive systems that use AI-derived competency scores to gate or accelerate a student's curriculum path are in scope.

  3. Assesses the appropriate level of education a person will receive. This covers AI tools that recommend — and where that recommendation shapes the actual decision — whether a student is placed into remedial, standard, or advanced tracks, or into a particular vocational programme.

  4. Monitors students and detects prohibited behaviour during tests. Exam-proctoring systems that use AI to flag suspected cheating are explicitly named at Annex III point 3. They are high-risk if they produce an output that influences examination results.

The Article 6(3) filter offers a narrow exit: a system technically within Annex III is not high-risk if it presents no significant risk of harm to health, safety, or fundamental rights — for example, a system that only performs a preparatory or narrow procedural task, or that improves a result a human has already produced. But any system that profiles natural persons cannot use this exit. EdTech vendors claiming the exemption must document the assessment and still register the system under Article 49.

One Hard Prohibition: Emotion Recognition in Educational Institutions

Before reaching the high-risk tier, note Article 5(1)(f). It prohibits, without exception, the use of AI systems to infer the emotions of natural persons in the workplace and in educational institutions, except for medical or safety reasons. This prohibition has applied since 2 February 2025.

Emotion-detecting proctoring — systems that scan facial expressions, gaze patterns, or micro-expressions to infer alertness, stress, or deception — is not high-risk. It is banned. A vendor offering such a product in an EU school or university after 2 February 2025 is in breach of the prohibition, not merely subject to the conformity assessment process. The fine ceiling is €35 million or 7% of worldwide annual turnover under Article 99(3).

The line matters in practice. A proctoring system that flags suspicious keyboard behaviour or unusual eye movement solely as a proxy for prohibited-behaviour detection (without inferring emotional states) remains high-risk under Annex III point 3, not prohibited. But any system marketed as detecting stress, engagement, or emotional state in a test-taking context crosses into Article 5 territory.

Provider vs Deployer: Who Carries Which Obligation

Most EdTech companies are providers — they develop and place AI systems on the market under their own name. Schools and universities are typically deployers — they use a provider's system in a professional context. The obligations differ substantially.

One trap warrants attention. Under Article 25, a deployer that substantially modifies a high-risk system, uses it outside its intended purpose, or places its own name on it, becomes a provider and inherits the full provider obligation stack. A university that takes a vendor's admissions-scoring model and retrains it on its own historical data has likely triggered this. So has a school that repackages an off-the-shelf proctoring tool as a bespoke institutional system.

Provider Obligations (Articles 9–17)

An EdTech company that places a high-risk system on the EU market must, before CE marking:

  • Article 9 — maintain a risk management system across the product's entire lifecycle. For admissions AI, this must address discriminatory outcomes across protected characteristics: gender, ethnicity, disability, socioeconomic background. Historical training data reflecting past admissions decisions may encode institutional bias; the risk management system must surface and address this.
  • Article 10 — establish data governance over training, validation, and test datasets. Datasets must be relevant, sufficiently representative, and reviewed for errors and biases. Where a qualification-grading model has been trained on demographically skewed cohorts, this is the provision that bites.
  • Article 11 — produce full Annex IV technical documentation: architecture, training methodology, accuracy metrics disaggregated by demographic subgroup, known limitations, intended use cases, and contraindications.
  • Article 13 — provide deploying institutions with the information they need to operate the system lawfully: its purpose, capabilities, performance limitations, and the conditions under which human oversight is required.
  • Article 14 — design the system so deployers can meaningfully override, intervene in, or stop it. No admissions or examination decision may be delegated entirely to an AI system without preserved human review capability.
  • Article 15 — document and maintain accuracy, robustness, and cybersecurity. Proctoring systems must resist adversarial manipulation — students will probe the scoring logic.
  • Article 17 — operate a quality management system covering the whole lifecycle.

Conformity assessment for Annex III point 3 systems follows the Annex VI internal self-assessment route (a notified body is required for biometric systems under point 1, not for education systems under point 3). After internal assessment, the provider registers the system in the EU database under Article 49 and issues the Article 47 EU declaration of conformity.

Deployer Obligations (Articles 26 and 27)

Schools and universities using a provider's high-risk AI tool carry their own statutory duties under Article 26:

  • Use the system according to the provider's instructions for use, not for purposes the provider has not documented.
  • Ensure human oversight is operational — the institution, not the algorithm, makes the final decision in high-stakes individual cases.
  • Monitor the system's operation and report any serious incidents or malfunctions to the provider (and, where applicable, to the competent authority) under the Article 73 timelines: within 15 days from awareness of a serious incident; within 2 days where widespread infringement or critical-infrastructure risk is involved.
  • Keep logs of the system's operation for at least 6 months under Article 26.

Schools and universities are also almost always public bodies for the purposes of Article 27. That means deploying any high-risk AI system triggers a Fundamental Rights Impact Assessment (FRIA) before deployment begins. The FRIA covers: the system's purpose; the population of persons affected; the fundamental rights at risk (non-discrimination, academic freedom, due process, privacy, children's rights where minors are involved); mitigation measures; oversight arrangements; and available redress. Article 27(4) allows the FRIA to cross-reference an existing GDPR Data Protection Impact Assessment — but it cannot replace it. The two instruments cover different ground, and both are required where personal data processing is at scale.

Emotion Recognition Prohibition vs Proctoring: The Practical Test

Institutions evaluating proctoring vendors should run this two-step test before procurement:

Step 1 — Does the system infer emotional states? If the vendor markets the system as detecting stress, engagement, concentration, or deception through facial or physiological analysis, the answer is almost certainly yes. That makes it prohibited under Article 5(1)(f), regardless of what the vendor calls it. Do not deploy it.

Step 2 — Does the remaining functionality influence examination results? If the system monitors keystroke patterns, environmental cues, or gaze deviation purely to flag potential rule violations for human review — and a human invigilator makes the actual determination — classification as high-risk under Annex III point 3 is still likely, but the system is at least lawful. Require the provider to produce the Article 11 technical documentation, conformity assessment records, and Article 49 registration confirmation before deploying.

General EdTech: Minimal and Limited Risk

Not everything in an educational technology stack is high-risk. AI tutoring assistants that deliver formative feedback without determining grades, learning recommendation engines that suggest study materials, and scheduling or administrative chatbots are generally minimal-risk — no mandatory obligations attach.

The exception is Article 50, which applies from 2 August 2026. Any AI system that interacts directly with students and could be mistaken for a human — including chatbot tutors and AI teaching assistants — must disclose its automated nature clearly and in real time. This is a transparency obligation, not a conformity assessment requirement. It applies whether or not the system is deployed by a public institution.

Foundation model (GPAI) providers whose models power EdTech products — products built on or incorporating models from external providers — face their own obligations under Articles 53 and 55, which have applied since 2 August 2025. But those obligations sit with the model vendor, not the institution using the EdTech product.

GDPR Intersection

Education institutions processing student data through AI systems face layered data-protection obligations alongside the AI Act. The standard legal basis for public education bodies is Article 6(1)(e) GDPR (public task), but this must be grounded in a specific statutory mandate — a general interest in education is not sufficient.

Where AI systems process special-category data — learning support plans, neurodivergence information, health conditions affecting assessment adjustments — Article 9 GDPR processing conditions apply in addition. The DPIA obligation under Article 35 GDPR runs in parallel with the AI Act's FRIA obligation under Article 27. Where minors are involved, data minimisation is especially important: Article 8 GDPR sets the age threshold for children's consent to data processing, and national laws vary in how they implement it.

Article 22 GDPR restricts fully automated decisions with significant legal or similarly significant effect. In practice, this means admissions algorithms may not produce binding outcomes without a human decision-maker in the loop — a requirement that mirrors and reinforces the Article 14 human-oversight obligation under the AI Act.

The Deadline That Moved

The original EU AI Act set 2 August 2026 as the date when high-risk Annex III obligations would fully apply. That date has moved. Under the Digital Omnibus — a political agreement between the European Parliament and Council reached on 7 May 2026 — stand-alone high-risk AI systems under Annex III face a revised deadline of 2 December 2027. The August 2026 date now governs Article 50 limited-risk transparency obligations and the Act's general application; it no longer governs the Annex III high-risk stack.

For EdTech providers, this is not a reason to pause compliance work. Technical documentation under Article 11, risk management under Article 9, and accuracy testing under Article 15 each take months to assemble properly. Providers that start the conformity assessment process in late 2026 will face a compressed timeline. The FRIA obligation for deploying institutions is tied to the same December 2027 date — but public universities with existing AI procurement cycles should build FRIA requirements into vendor contracts now.

The prohibition under Article 5(1)(f) — emotion recognition in educational institutions — is unaffected by the Digital Omnibus. It has applied since 2 February 2025.

Key Obligations by Actor

ActorSystem TypeKey Obligations
EdTech providerAdmissions AI (Annex III pt 3)Art 9, 10, 11, 13, 14, 15, 17; Annex VI conformity; Art 49 registration
EdTech providerExam-proctoring AI (no emotion detection)Same as above; confirm no Art 5(1)(f) breach
EdTech providerEmotion-detecting proctoringProhibited — Art 5(1)(f); remove from EU market
EdTech providerAI tutoring chatbotArt 50 disclosure (from 2 Aug 2026)
University / school (deployer)Any Annex III pt 3 systemArt 26, Art 27 FRIA, GDPR DPIA, Art 26(6) logs
University / school (deployer)AI tutoring chatbotArt 50 transparency notice to students

How Confir Helps

Confir's classification and assessment workflow is rule-based and deterministic — the same intake answers produce the same risk tier, with the rule that fired shown in plain language. For education sector teams, two elements are most relevant.

First, the classification intake walks compliance officers through the Article 6 and Annex III logic for each AI system in their stack, deriving the risk tier and the provider-or-deployer role from plain-English scenario questions. For institutions with mixed portfolios — admissions AI from one vendor, proctoring from another, chatbot tutoring from a third — this produces a ranked inventory within one session, typically under two hours.

Second, the Article 27 FRIA workflow covers all required sections — affected population, fundamental rights at risk, mitigation measures, oversight arrangements, redress mechanisms — and generates a print-ready assessment document. Public bodies that need to complete FRIAs before procurement decisions can run the assessment in parallel with vendor due diligence.

Confir is priced from €600/year. There is no consultant required and no six-month implementation.

Frequently Asked Questions

Does emotion-detecting proctoring qualify as high-risk AI, or is it something else?

It is prohibited — not high-risk. Article 5(1)(f) bans AI systems that infer the emotions of natural persons in educational institutions (and workplaces), except for medical or safety reasons. This applies since 2 February 2025. Systems that scan facial expressions or physiological signals to infer alertness, stress, or deception during examinations fall squarely within this ban. The fine ceiling is €35 million or 7% of worldwide annual turnover under Article 99(3). A proctoring system that detects suspicious behaviour without inferring emotional states remains subject to Annex III point 3 as high-risk — different obligations, different fine tier (€15 million or 3% under Article 99(4)), but lawful to use.

Which AI uses in education are high-risk under Annex III point 3?

Four categories: AI that determines admission or assignment to an educational institution; AI that evaluates learning outcomes (including steering the learning process based on those evaluations); AI that assesses the appropriate level of education a person should receive; and AI that monitors students and detects prohibited behaviour during tests (exam proctoring). Any system whose output materially influences one of these decisions and that profiles natural persons cannot escape the high-risk classification via the Article 6(3) exemption filter.

Do secondary schools and vocational training bodies face the same obligations as universities?

Yes. Annex III point 3 does not distinguish by education level or institution type. A secondary school using AI to stream students into academic or vocational tracks faces the same high-risk compliance obligations as a university using AI for admissions. The practical difference is role: schools are almost always deployers, not providers, so the primary obligations are Article 26 deployer duties and the Article 27 FRIA.

When does a university become a provider instead of a deployer?

Under Article 25, a deployer becomes a provider — with the full Article 9–17 obligation stack — if it substantially modifies a high-risk system, uses it for a purpose outside its documented intended use, or places its own name or trademark on it. Retraining a vendor's admissions model on an institution's own historical data is the most common trigger. Institutions doing this need to conduct their own conformity assessment under Annex VI before continued use.

Can a GDPR DPIA substitute for the Article 27 FRIA?

No. Article 27(4) allows the FRIA to cross-reference an existing DPIA and build on it, but the two are legally distinct instruments. The DPIA (GDPR Article 35) focuses on data processing risks; the FRIA focuses on the broader impact on fundamental rights — non-discrimination, academic freedom, due process, and children's rights — that extend beyond the data-processing dimension. Both are required where an institution is a public body deploying high-risk AI and processing personal data at scale.

What is the compliance deadline for high-risk education AI?

Under the Digital Omnibus agreed in May 2026, stand-alone high-risk AI systems under Annex III face a deadline of 2 December 2027 (pushed back from the original 2 August 2026 date). Article 50 limited-risk transparency obligations — relevant for AI tutoring chatbots — still apply from 2 August 2026. The Article 5(1)(f) prohibition on emotion recognition in educational institutions has applied since 2 February 2025 and is unaffected by the deferral.

What should a university do if its EdTech provider cannot show a valid conformity assessment?

Require the provider to supply the Article 11 technical documentation, Annex VI conformity assessment records, and Article 49 EU database registration confirmation before deployment. If the provider cannot produce these by the time obligations apply, using the system exposes the institution to enforcement action by the national market surveillance authority under the deployer's duty of due diligence. Build these requirements into procurement contracts now, so they are contractually enforceable when the deadline arrives.

Related guides

Manage your EU AI Act compliance in one place

Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.

Start free trial →

Related guides

Guide

EU AI Act Compliance for Banking and Financial Services

EU AI Act banking compliance: creditworthiness AI (Annex III 5(b)), life/health insurance (5(c)), fraud carve-out, DORA, FRIA. Deadline 2 December 2027.