EU AI Act Compliance for the Public Sector: Government Bodies, Agencies, and Public Service Providers
Government deployers face mandatory FRIA (Article 27) and high-risk exposure across Annex III. Social scoring and predictive policing are banned now.
The public sector is the EU AI Act's most heavily affected deployer group. Governments have embedded AI into decisions that touch citizens at their most exposed: benefits eligibility, asylum claims, criminal risk assessment, judicial support, school admissions. The Act was designed, in part, with exactly these uses in mind.
Two things distinguish public-sector compliance from private-sector compliance. First, the Annex III high-risk list overlaps almost entirely with what government bodies actually do. Second, the Fundamental Rights Impact Assessment under Article 27 is mandatory for all public bodies deploying high-risk AI — not optional, not discretionary, not limited to certain use cases. That combination — broad high-risk exposure plus a mandatory pre-deployment assessment — makes the public sector the most structurally burdened deployer category in the regulation.
Under the Digital Omnibus agreed in May 2026, the high-risk obligations under Chapter III apply from 2 December 2027 for stand-alone Annex III systems (and from 2 August 2028 for AI embedded in regulated products under Annex I). The prohibited practices in Article 5 have applied since 2 February 2025 — several of them targeted directly at public-authority conduct.
Which AI Systems Are High-Risk in the Public Sector?
Article 6 creates two classification routes: Annex I (product safety legislation) and Annex III (specific high-risk use cases). The public sector intersects with at least six of Annex III's eight categories.
Annex III, point 1 — Biometrics Remote biometric identification in public spaces, biometric categorisation of natural persons, and emotion recognition. Border control agencies and law enforcement bodies using facial recognition, gait analysis, or biometric database matching need to assess both the high-risk classification and the prohibitions in Article 5 that overlap this territory (see below). Biometric systems in Annex III point 1 generally require the Annex VII notified-body conformity assessment route (Article 43), not the internal self-assessment route available for most other categories.
Annex III, point 3 — Education and Vocational Training AI systems used to determine access to educational institutions, evaluate learning outcomes, or assess students in ways that affect their educational pathways. Public schools, universities, and vocational bodies deploying AI-driven admissions or assessment tools fall within this category.
Annex III, point 4 — Employment and Workers Management AI systems used by public employment services for jobseeker profiling, employability assessment, and access to employment support. Where a public agency uses AI to determine eligibility for labour market services, point 4 applies.
Annex III, point 5 — Access to Essential Private and Public Services This is the category most central to public administration. AI systems used to evaluate eligibility for public benefits — housing support, welfare payments, disability assessments, social care allocation, emergency service dispatch priority — are high-risk. The scope is broad enough to reach a wide range of local government, social welfare, and public health applications.
Annex III, point 6 — Law Enforcement AI systems used for individual risk assessment in policing, systems to evaluate the reliability of evidence, and tools that profile individuals in a law enforcement context. Police services, prosecution services, and security agencies must assess their AI tools against this category. Note that predicting re-offending or crime solely on the basis of profiling is a prohibited practice under Article 5(1)(d), not a high-risk use case — the boundary matters for compliance.
Annex III, point 7 — Migration, Asylum, and Border Control AI systems used for risk assessment of migrants and asylum seekers, examination of applications, monitoring of irregular migration, and border surveillance. The tools used by border control agencies and asylum adjudication bodies land squarely in this category.
Annex III, point 8 — Administration of Justice and Democratic Processes AI systems intended to assist judicial authorities in researching and applying the law, or AI tools that affect democratic participation. Courts, tribunals, and bodies performing judicial functions are within scope.
The Article 6(3) Filter
An Annex III system is not automatically high-risk. Article 6(3) provides that a system performing only a narrow procedural task, improving a previously completed human activity without influencing assessment, or doing preparatory work may not meet the threshold — unless it profiles natural persons, in which case it is always high-risk. Providers and deployers who believe a system escapes the high-risk classification must document their reasoning and register the system.
Three Prohibited Practices Public Bodies Must Avoid Immediately
Article 5 prohibitions have been in force since 2 February 2025. Breach is the most serious category — fines of up to €35,000,000 or 7% of total worldwide annual turnover, whichever is higher (Article 99(3)).
Social scoring by public authorities (Article 5(1)(c)): AI systems that evaluate natural persons over time based on social behaviour or personality characteristics, and that cause detrimental or unfavourable treatment unrelated to the context in which the data was originally generated, are banned. This directly targets public-authority scoring schemes that aggregate citizen data to assign social "ratings."
Predictive policing based solely on profiling (Article 5(1)(d)): AI systems that assess the likelihood of a person committing a crime solely on the basis of profiling or personality traits — without objective, individual facts — are prohibited. Law enforcement agencies deploying crime-prediction tools must verify that any prediction is grounded in objective, individuated evidence rather than pure profiling logic.
Real-time remote biometric identification in public spaces by law enforcement (Article 5(1)(h)): The use of real-time remote biometric identification systems (such as live facial recognition on camera feeds) in publicly accessible spaces for law enforcement purposes is prohibited, subject to narrow exceptions — specific missing-person searches, prevention of a specific and present serious threat, or recognition of a suspect of a serious crime listed in the Annex. Each exception requires prior judicial or administrative authorisation.
Your Obligations as a Public Sector Deployer
Most public bodies operate as deployers under Article 26 — you procure and put AI systems into service, but the system was developed by a technology provider. Some bodies develop AI in-house, in which case they are also providers under Article 16, with a heavier obligation set.
Article 26 — Deployer obligations for high-risk AI
As a deployer, you must:
- Use the system in accordance with the provider's instructions of use (Article 13 governs what those instructions must contain)
- Assign human oversight to qualified individuals with the competence, training, and authority to intervene, in line with the provider's guidance under Article 14
- Monitor the system's operation, detect risks and malfunctions, and flag serious incidents to the provider and, where required, to the competent authority
- Retain logs of the system's operation for a minimum of six months where those logs are technically feasible and under your control
- Inform the individuals subject to a decision made with assistance from a high-risk AI system — Article 26 establishes a transparency obligation to affected natural persons
Article 26 is the complete deployer article. All deployer obligations flow from it; there is no separate deployer provision elsewhere in the regulation.
Article 27 — The Fundamental Rights Impact Assessment (FRIA): mandatory for all public bodies
This is the provision that most sharply distinguishes public-sector compliance. The FRIA is mandatory for:
- All public bodies (bodies governed by public law) deploying any high-risk AI system, regardless of the Annex III category
- Private entities deploying AI systems classified under Annex III point 5(b) (creditworthiness/credit scoring) or point 5(c) (life and health insurance risk assessment and pricing)
For a public body, the FRIA cannot be waived. Before any high-risk AI system is put into service, the assessment must be completed, documented, and made available to market surveillance authorities on request.
The seven content areas required under Article 27(1): a description of the processes in which the system will be used; the time period and frequency of use; the categories of natural persons and groups likely to be affected; specific risks to fundamental rights of those persons; the measures taken to address those risks; the person(s) responsible for the assessment; and confirmation that the assessment is complete.
The FRIA is distinct from the GDPR Data Protection Impact Assessment (DPIA) under GDPR Article 35. They address different legal requirements — the DPIA focuses on data protection risks; the FRIA addresses a broader set of fundamental rights. For many high-risk public-sector deployments, both will be required. Article 27(4) explicitly allows the FRIA to build on an existing DPIA where scope overlaps, but the two cannot be collapsed into each other.
EU Database Registration (Article 49)
High-risk AI systems must be registered in the EU database established under Article 71 before they are placed on the market or put into service. Registration is the provider's primary obligation under Article 49, but public-authority deployers also register their use.
For most high-risk categories, registration entries are publicly accessible. However, law enforcement (Annex III point 6) and migration, asylum, and border control systems (point 7) are registered in a non-public section of the database — access is restricted to supervisory authorities. This is not an exemption from registration; it is a separate registration track.
Public bodies should verify, at procurement, that the provider has registered the system before deployment, and should complete their own deployer registration for the relevant Annex III use case. Failing to register is a non-compliance under Article 49, exposing both the provider and the public body to supervisory action.
Key Articles for Public Sector Compliance
| Article | What It Covers |
|---|---|
| Article 5 | Prohibited practices — in force 2 February 2025 |
| Article 6 | High-risk classification (Annex I and Annex III routes) |
| Article 9 | Risk management system (provider obligation, informing deployer procedures) |
| Article 13 | Transparency and instructions of use to deployers |
| Article 14 | Human oversight requirements |
| Article 26 | Deployer obligations for high-risk AI |
| Article 27 | Fundamental Rights Impact Assessment — mandatory for all public bodies |
| Article 43 | Conformity assessment (Annex VI self-assessment or Annex VII notified body) |
| Article 49 | Registration in the EU database (providers + public-authority deployers) |
| Article 73 | Provider reporting of serious incidents to authorities |
| Article 99 | Penalties |
Procurement: Building Compliance into Vendor Contracts
Public bodies typically acquire AI through regulated procurement. The EU AI Act creates new contractual requirements worth baking into tender specifications and framework agreements.
Before procurement: Specify that a vendor's AI product must be EU AI Act compliant for its intended use case, that the system must be registered under Article 49 before delivery, and that the provider must supply the Annex IV technical documentation package. Without that documentation, you cannot complete your FRIA or implement human oversight measures.
Contract terms: Establish clearly which party is the provider and which is the deployer, so obligations are unambiguous. Require the provider to notify you of any serious incidents (Article 73) affecting systems it supplies. Require the provider to notify and support any modifications that would trigger role-shift under Article 25 (converting the deployer into a provider).
Ongoing compliance: Require the provider to maintain and update technical documentation, and to supply instructions of use that reflect any system updates. Monitor that the system continues to be operated within the intended purpose defined in the provider's documentation.
A Practical Compliance Roadmap
Build an AI inventory first. Map every AI system currently deployed or in active procurement, including AI features embedded in ERP, case management, and screening tools. The classification analysis applies to embedded AI components as much as to standalone systems.
Classify each system against Annex III. Work through the Annex III categories most relevant to your operations (points 1, 3, 4, 5, 6, 7, 8) and apply the Article 6(3) filter. Document the classification rationale for every system — including those you conclude are not high-risk.
Check Article 5 prohibited practices first. Run every AI system past Article 5 before any classification analysis. Social scoring, predictive policing on pure profiling, and real-time public biometric identification have been banned since 2 February 2025 — this gate comes before Annex III.
Obtain Annex IV technical documentation from providers. For each high-risk system, contractually require and receive the provider's technical documentation package. Without it, you cannot complete the FRIA or implement the Article 26 oversight measures.
Complete the FRIA before deployment. For every high-risk system, complete the seven-section FRIA per Article 27. Document it, sign off at a senior level, and retain it for competent authority review. This is not a discretionary step for public bodies — it is mandatory.
Implement human oversight and monitor. Designate qualified individuals for each high-risk AI system with the competence, training, and authority to intervene or suspend use. Article 14 governs the oversight design; Article 26 governs your implementation, including log retention for at least six months and informing providers of any risk or malfunction.
Verify registration and train staff. Confirm that the provider has registered the system in the EU database (Article 49) before deployment. For law enforcement and migration systems, confirm registration in the non-public section. Staff who operate or oversee high-risk AI systems must receive appropriate training; AI literacy under Article 4 has applied since 2 February 2025 and is not limited to high-risk deployments.
How Confir Helps Public Sector Organisations
Public bodies deploying AI across multiple Annex III categories face a documentation burden that is substantial and time-sensitive. Confir's guided FRIA workflow is structured around Article 27's seven content areas — compliance teams work through each section systematically, producing a documented assessment tied to a specific registered AI system rather than a blank-page exercise.
The AIRC compliance area (Articles 5, 6, 43, and 50) uses rule-based, deterministic logic: same inputs, same classification, with the rule that fired shown in plain language. Each system is assessed individually with documented rationale, and the system register tracks Article 49 registration status — flagging where provider registration is outstanding before deployment proceeds.
Pricing starts at €600 per year, making the tooling accessible to smaller public bodies — local councils, regional agencies, public health bodies — that face the same compliance obligations as large central government departments.
Related guides
- Annex III high-risk use cases
- EU AI Act framework overview
- Article 27 public sector obligations
- compliance checklist for deployers
- Article 5 biometric restrictions
Frequently Asked Questions
Does the EU AI Act apply to all public sector AI, or only certain systems?
The Act's obligations are risk-based. Article 5 prohibited practices apply to all AI since 2 February 2025, and Article 4 AI literacy applies to all organisations dealing with AI. High-risk obligations under Chapter III apply specifically to systems classified as high-risk under Article 6. Many standard public sector tools — rule-based automation, conventional data analytics, simple search functions — are not AI systems for purposes of the regulation, or do not meet the high-risk threshold even if they are. The classification analysis must be done for each system individually, and the Article 6(3) filter should be applied before concluding a system is high-risk.
Is the FRIA the same as a GDPR DPIA?
No. The FRIA under Article 27 assesses the potential impact of an AI system on a broad set of fundamental rights — including non-discrimination, dignity, fair trial, and freedom of movement — before the system is deployed. The GDPR DPIA under Article 35 assesses data protection risks from a specific processing activity. Both may be required for the same deployment. Article 27(4) allows the FRIA to build on an existing DPIA where the scope overlaps, but completing a DPIA does not satisfy the FRIA obligation.
What constitutes a "public body" for the Article 27 FRIA obligation?
The Act uses the concept of a "body governed by public law" — broadly consistent with public authority status under national administrative law. Central government departments, regional and local authorities, public agencies, courts, tribunals, and publicly funded service delivery bodies all fall within scope. Where a private entity delivers a service that is typically a public function — welfare payments, asylum processing — it may also owe a FRIA as a deployer of that specific category.
What are the penalties for public sector non-compliance?
Financial penalties under Article 99 are primarily structured for private entities. For most non-compliance — failing to complete a FRIA, failing to implement human oversight, failing to register — the ceiling is €15,000,000 or 3% of worldwide annual turnover, whichever is higher (Article 99(4)). Deploying a prohibited AI system (Article 5 breach) carries the maximum: €35,000,000 or 7% (Article 99(3)). Public bodies may also face supervisory orders requiring withdrawal of the system and remediation. Political and reputational consequences can be equally significant.
Does registration in the EU database apply to public bodies?
Yes. Providers register high-risk AI systems in the EU database under Article 49 before placing them on the market. Public-authority deployers also register their specific use of a high-risk system. Law enforcement and migration/border-control systems (Annex III points 6 and 7) are registered in a non-public section of the database rather than the general register, but registration is still required.
If we procure AI from a vendor, are we the provider or the deployer?
If you procure an AI system from a vendor and deploy it in your operations without substantially modifying it or placing it on the market under your own name, you are a deployer under Article 26. The vendor who developed and placed the system on the market is the provider under Article 16. However, under Article 25, you become the provider if you substantially modify the system, place it on the market under your own name, or repurpose it in a way that changes its intended use. Many public bodies that customise AI tools or build on API services may unknowingly cross this line.
When do the high-risk AI obligations apply to public bodies?
Under the Digital Omnibus agreed in May 2026, high-risk obligations for stand-alone Annex III systems apply from 2 December 2027 (deferred from the original 2 August 2026 date). For AI embedded in regulated products under Annex I, the date is 2 August 2028. Article 5 prohibited practices have applied since 2 February 2025. That is the immediate deadline — any public body still operating a system that could constitute social scoring, predictive policing based solely on profiling, or real-time public biometric identification is already out of compliance.
Last reviewed June 2026.
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →