Skip to main content

Classifying High-Risk AI Under the EU AI Act 2026: Annex III Step by Step

Is your AI system high-risk? Annex III of Regulation (EU) 2024/1689 lists 8 areas — from HR software to credit scoring. With a self-assessment checklist, conformity assessment guidance and concrete SME examples.

Book a classification workshopFree Wito Digital Audit (WDA)

Definition (Art. 3(44) EU AI Act): A high-risk AI system is an AI system classified as high-risk under Article 6 of Regulation (EU) 2024/1689 — either because it performs a safety function in regulated products, or because it is used in one of the 8 areas listed in Annex III.

What are high-risk AI systems under the EU AI Act?

Regulation (EU) 2024/1689 — the EU AI Act — sorts AI systems into four risk classes. The second-highest class, the high-risk category, matters most to SMEs because it triggers strict compliance obligations, yet unlike prohibited AI systems it may still be operated legally — provided every requirement is met.

Article 6 of the EU AI Act defines two alternative routes to a high-risk classification. First, AI systems used as a safety component in products already covered by other CE-marking directives (such as medical devices, vehicles or toys). Second — and this is the decisive route for most mid-sized companies — AI systems used in one of the 8 areas of Annex III, regardless of which product they sit inside.

According to the Bitkom high-risk classification guide 2024, an estimated 12% of all AI systems in use across German SMEs qualify as high-risk. Most companies don't realise it — because they focus on the product rather than on how it is used.

What counts is not who built the AI system, but what it is used for in your own operations. A standard product from a large vendor, deployed for personnel selection, is still a high-risk system for you as the deployer (Art. 3(4) EU AI Act) — and you carry the deployer obligations under Art. 26 of the EU AI Act.

The European Commission guidelines on Annex III (delegated act, October 2024) clarify when an AI system used in an Annex III area is nonetheless not high-risk: namely, when it acts purely in a supporting role, makes no autonomous decisions, and the human decision-maker does not adopt its output automatically. In practice, this exemption under Art. 6(3) is to be interpreted narrowly.

8

Hochrisiko-Bereiche — Anhang III EU AI Act

Quelle: Verordnung (EU) 2024/1689, 2024
12%

aller KI-Systeme im Mittelstand sind Hochrisiko

Quelle: Bitkom 2025 Schätzung, 2025
80h

Ø Aufwand Konformitätsbewertung

Quelle: Wito Erfahrung 2025, 2025
71 Art.

EU-Datenbank-Pflicht für Hochrisiko-KI

Quelle: Verordnung (EU) 2024/1689, 2024

The 8 high-risk areas in Annex III — with SME examples

Annex III of Regulation (EU) 2024/1689 sets out an exhaustive list of the 8 areas in which an AI system is automatically deemed high-risk — unless an exemption under Art. 6(3) applies. The list was further specified by the European Commission's delegated act (October 2024). Here are the 8 areas with practical SME examples:

1. Biometrics — identification and categorisation

This covers AI systems for real-time or post-event biometric identification of individuals, as well as biometric categorisation by traits such as emotions, political views or vulnerability. SME examples: facial-recognition access control on the shop floor, AI-assisted employee monitoring via video with emotion detection. Practical note: simple time tracking via a fingerprint scanner with no AI classification is not a high-risk system; an AI that infers moods from a camera feed very much is.

2. Critical infrastructure — power grids, water, transport

AI systems used for the management and operation of critical infrastructure — power grids, water supply, heat supply, transport infrastructure — fall into this category. SME examples: municipal utilities using AI for load forecasting on the grid; mid-sized logistics firms with AI-controlled fleet management on public roads. This category affects most SMEs only indirectly.

3. Education — assessment and access decisions

AI systems that decide on access to educational institutions, evaluate learners or steer their learning paths. SME examples: software companies building AI-assisted examination systems for vocational schools; training providers using AI for automated course-place allocation. The education category is highly relevant for EdTech SMEs.

4. Employment — candidate screening and performance evaluation

This is the most important Annex III area for SMEs: any AI system used for candidate selection, personnel decisions or performance evaluation counts as high-risk. It includes automated CV-screening tools, AI-assisted interview analysis (voice or facial-expression evaluation), AI-based performance ratings, and algorithmic task allocation (e.g. in platform work). SME examples: HR software with an AI ranking feature for applications, Microsoft 365 Viva Insights with AI performance scoring, automated recruiting via LinkedIn with AI matching. According to the BMWK classification guidance 2024, the employment category is the most common high-risk use case in German SMEs.

5. Essential services — credit, insurance, public authorities

AI systems that decide on access to essential private and public services. These include creditworthiness assessment, insurance-premium calculation, emergency-service prioritisation (e.g. 112 dispatch centres) and welfare decisions. SME examples: fintech startups with AI credit scoring, insurance-broker software with AI risk classification. This category is central for financial-services providers and fintechs.

6. Law enforcement

AI systems used by law-enforcement authorities for lie detection, risk assessment or profiling. Generally not relevant for private-sector SMEs — except vendors of software for public authorities.

7. Migration, asylum and border control

AI systems for the vetting of migrants and asylum seekers or for border protection. Again, primarily relevant for public authorities and government contractors, not for the typical SME.

8. Justice and democratic processes

AI systems that support or influence court decisions, elections or democratic processes. As a rule not relevant for commercial SMEs — but relevant for LegalTech providers selling AI tools to judges or lawyers.

An important clarification from the Bitkom high-risk classification guide 2024: the Annex III listing is exhaustive — an AI system that is used in none of these 8 areas and is not a safety component in regulated products is not a high-risk system, no matter how complex or powerful it is. A generative AI text assistant for marketing copy is therefore not a high-risk system, even if it delivers highly accurate results.

Ein KI-System gilt als Hochrisiko, wenn es in einem der in Anhang III genannten Bereiche eingesetzt wird, sofern keine Ausnahme nach Absatz 3 oder 4 greift.
Europäisches Parlament und Rat der Europäischen Union, Verordnung (EU) 2024/1689 über künstliche Intelligenz — Art. 6 Abs. 2, EUR-Lex / Amtsblatt der EU, 2024

Self-assessment checklist: is your AI system high-risk?

Before commissioning a costly formal conformity assessment, a structured self-assessment is worthwhile. The following 7 questions help you make a preliminary judgement about an AI system's high-risk status. They do not replace legal advice, but they give a well-founded first orientation based on Art. 6 and Annex III of the EU AI Act, together with the European Commission guidelines on Annex III (2024).

Question 1: Is the AI system used in an Annex III area?

Using the 8 areas described above, check whether your AI system's primary purpose falls into one of these categories. What matters is the actual purpose in operation, not the product's marketing name. An "AI HR assistant" is a high-risk system if it ranks applications — even if the vendor markets it as a "communication tool".

Question 2: Does the system make autonomous decisions, or only give recommendations?

The exemption under Art. 6(3) applies when the AI system acts purely in a supporting role and human decision-makers do not adopt its output automatically. If an AI merely suggests a ranking of candidates and the final decision always rests with a person — and this is documented and lived in practice — an exemption may be possible. But if the system's output is adopted by default, or the decision pressure effectively sits with the system, no exemption is available.

Question 3: Is there an exemption under Art. 6(3)?

Art. 6(3) of the EU AI Act provides an exemption where the AI system is used for a narrowly defined supporting purpose without materially influencing decisions. According to the Heinrich Böll Foundation EU AI Act practical guide 2024, this exemption is rarely applicable in practice — the burden of proof lies with the deployer, who must demonstrate that the system has no material influence on the decision.

Question 4: Does the system have access to personal data?

This is not a high-risk criterion in itself, but a strong indicator: AI systems in Annex III areas typically process personal data. If so, the GDPR and the EU AI Act apply cumulatively — an important factor for the compliance effort.

Question 5: Are the system's decisions implemented automatically?

Where the output of an AI system feeds directly into operational processes — for example an automatic rejection of candidates or an automatic credit decline — that is a strong indicator of missing human oversight, and therefore of a clear high-risk classification with no exemption available.

Question 6: Is the system used on people, or only internally?

AI systems that make decisions about people (applicants, customers, patients) carry a higher risk level than purely internal optimisation AI with no link to individuals. An internal warehouse-management AI system is typically not high-risk; an AI system that makes credit decisions about customers is.

Question 7: Are the decisions reversible?

Not directly relevant to the high-risk classification, but relevant to the risk assessment within the conformity assessment: irreversible decisions (e.g. permanent rejection of a loan application, dismissal) substantially raise the requirements for human oversight and explainability of the system.

Reading the result: If you answered Question 1 with yes and cannot demonstrate a clear exemption for Questions 2 and 3, your AI system is in all probability high-risk. The next step is then a formal conformity assessment under Art. 43 of the EU AI Act — either as a self-assessment or with an external notified body, depending on the type of system.

What changes with high-risk status? Obligations under Art. 9–15 EU AI Act

Once an AI system is classified as high-risk, the requirements of Articles 9 to 15 of Regulation (EU) 2024/1689 apply. These obligations bind both providers (who develop the system and place it on the market) and — in a graduated form — deployers (who put the system into use). Here are the key obligations at a glance:

Art. 9 — Risk management system

Providers of high-risk AI systems must establish and document a continuous risk management system. This covers the identification and analysis of known and foreseeable risks, the assessment of risks under intended use and foreseeable misuse, and the implementation of risk-mitigation measures. The risk management system is not a one-off document but a living process with regular reviews.

Art. 10 — Data-quality requirements

Training, validation and testing datasets must be relevant, representative, sufficiently free of errors and complete. For SMEs that buy rather than build high-risk AI, this means the provider must meet these requirements — but as a deployer you must ensure you operate the system with high-quality input data.

Art. 11 — Technical documentation

Providers must draw up extensive technical documentation and keep it up to date. It must contain all the information needed to assess the system's conformity — system architecture, training data, performance metrics, risks and remedial measures. The documentation must be retained for 10 years after the system is placed on the market.

Art. 12 — Record-keeping (logging)

High-risk AI systems must have automatic logging capabilities that make it possible to trace how the system operates throughout its entire lifecycle. For deployers this means: you must keep the logs and hold them ready for audits.

Art. 13 — Transparency and information obligations

High-risk AI systems must be designed so that their use is sufficiently transparent. This includes instructions for use that are intelligible to deployers and provide information on the intended purpose, performance, limitations, data inputs and oversight measures.

Art. 14 — Human oversight

High-risk AI systems must be designed so they can be effectively overseen by natural persons. The system must enable oversight staff to understand what it is doing, to intervene or to stop it. For deployers this is the most operationally demanding requirement: you must establish internal processes that ensure human decision-makers genuinely review the AI outputs.

Art. 15 — Accuracy, robustness and cybersecurity

High-risk AI systems must be demonstrably sufficiently accurate, robust and cybersecure. This includes resilience against manipulation, faulty inputs and adversarial attacks. Conformity assessment under Art. 43: for most high-risk systems in Annex III areas, the conformity assessment can be carried out as a self-assessment (internal conformity assessment). A third-party notified body is mandatory only for biometric systems and certain critical-infrastructure AI. According to Wito experience 2025, a complete internal conformity assessment for a mid-sized deployer takes an average of 80 hours — spread across reviewing the provider's technical documentation, internal process documentation and the risk register.

Frequently asked questions on high-risk classification under the EU AI Act

Not immediately in the sense of an emergency measure — but promptly, in the sense of a structured review. The deadline for full high-risk compliance is 2 August 2026. That means companies must have completed the conformity assessment, have the technical documentation in place and have the risk management system implemented by then. Anyone who starts with a preliminary self-assessment today and, if the suspicion is confirmed, launches a structured compliance process can realistically meet the deadline. Anyone who waits cannot.
For most deployers of high-risk AI systems under Annex III, an internal self-assessment is possible — which means the costs arise primarily internally through staff effort (an average of 80 hours, per Wito experience 2025). With external support from a specialist consultant, additional external costs of typically EUR 8,000 to 25,000 arise — depending on the system's complexity and the extent of existing documentation. For systems that require third-party assessment (biometric systems, certain critical-infrastructure AI), costs can rise to EUR 30,000 to 100,000. Early classification helps avoid the most expensive scenario.
Usually the company itself: for high-risk AI systems in most Annex III areas, the conformity assessment is carried out as an internal self-assessment (Art. 43(2) EU AI Act). The national market surveillance authority (in Germany expected to be the Bundesnetzagentur) only steps in when complaints come in, during spot checks, or in the event of reported incidents. In other words: the authority reviews your self-assessment after the fact — it does not produce it for you. Exception: an accredited third-party notified body is mandatory for remote biometric identification systems.
Annex III is an integral part of Regulation (EU) 2024/1689, located directly after the main body of the regulation. It contains the exhaustive list of the 8 high-risk areas — from biometrics to justice. You can find the current full text on EUR-Lex (eur-lex.europa.eu) under the identifier CELEX 32024R1689. Importantly: the list in Annex III can be extended by delegated acts of the European Commission — which means an AI system that is not high-risk today can fall into the Annex III scope through a future addition. Ongoing monitoring of regulatory developments is therefore permanently necessary.
Yes, in two ways: first, through regulatory change — when the European Commission adds new areas to Annex III by delegated act. Second, through a change of purpose — when a company uses an AI system that was originally deployed for a non-critical purpose in an Annex III area. Anyone who expands how an AI system is used in operations must therefore carry out a fresh classification review. This is a key reason why the AI inventory should be reviewed regularly (at least annually).
For most Annex III use cases no external auditor is legally required — an internal self-assessment suffices. External support is nevertheless advisable for several reasons: first, because the self-assessment must be documented extensively and presupposes experience with the regulatory framework. Second, because in a dispute (complaints, an authority's review) a self-assessment supported externally is more credible than a purely internal one. Third, because external consultants typically bring benchmarks from comparable projects that substantially reduce the effort.
That depends on the purpose — not on the tool itself. ChatGPT, Claude and similar language models are regulated as general-purpose AI models (GPAI) under Art. 51 et seq. of the EU AI Act. If an SME uses these models for marketing copy, internal knowledge queries or customer support, they are not a high-risk system. But if a company uses the same model for automated credit decisions, candidate screening or medical-diagnosis support, it is operated as a high-risk system — because the deployer builds a high-risk application from a general-purpose model. The classification follows the purpose, not the model.
A preliminary self-classification based on the 7-question checklist typically takes 2 to 4 hours for a single AI system. A complete formal classification with documentation — serving as the basis for a later conformity assessment — takes between 8 and 20 hours, depending on the system's complexity and the available provider documentation. Anyone who has to classify a full AI inventory of 10 to 15 systems should reckon with a total effort of 30 to 60 hours — reducible through external support and standardised templates.

Book a classification workshop

Wito AI guides SMEs through the structured classification of their AI systems under EU AI Act Annex III — with a self-assessment checklist, gap analysis and complete documentation as the basis for the conformity assessment. In half a day, you gain clarity on every AI system in use.

Book a classification workshopFree Wito Digital Audit (WDA)
  • Complete AI inventory + classification
  • Documentation as a conformity basis
  • BAFA-eligible consulting service

EU AI Act High-Risk AI Classification 2026: Annex III's 8 Areas Explained

Ressource

KI-Tools Vergleich

→ Jetzt lesen
Ressource

Fördermittel-Kompass

→ Jetzt lesen
Ressource

ROI-Calculator

→ Jetzt lesen
Assessment

KI-Reifegrad-Check

→ Jetzt lesen