Khairos AI

EU AI Act Compliance

Annex III EU AI Act: The 8 High-Risk Categories Explained

If your company uses AI in hiring, credit scoring, or benefits decisions, you may already be operating a high-risk system under Annex III of the EU AI Act. Here is what each category means in practice.

· 6 min read · By Khairos AI

Why Annex III Is the Number That Matters

The Annex III EU AI Act list is the single most important document for European SME deployers to understand before the August 2026 deadline. It defines eight categories of AI systems that carry the heaviest compliance obligations under the Act, including mandatory conformity assessments, technical documentation, human oversight measures, and registration in the EU database under Article 49. Get this list wrong in either direction and you either face fines of up to €15 million or 3% of global turnover, or you over-invest compliance resources where none are needed.

Let's walk through all eight categories with worked examples and a practical decision framework.

Category 1: Biometrics

This covers AI systems used for biometric identification, categorisation, or emotion recognition. Think facial recognition used to verify employee identity at building access points, or a tool that claims to infer a job candidate's personality from facial micro-expressions during a video interview.

The emotion recognition sub-category is especially relevant to HR teams. Under Article 50, providers and deployers must notify individuals when emotion recognition is active. But if the system is also making or influencing decisions about employment, it crosses into Annex III territory with much heavier obligations.

Worked example: A Dutch logistics company uses a vendor tool to screen drivers via facial liveness checks. If that tool also scores alertness or emotional state and feeds the score into shift assignment, it likely qualifies as Annex III.

Category 2: Critical Infrastructure

AI systems used as safety components in the management of critical infrastructure fall here. This includes energy grids, water supply, transport networks, and digital infrastructure.

For most SMEs, this category is not directly relevant unless you are a subcontractor or operator in a regulated infrastructure sector. If you run software for a water utility's predictive maintenance, check carefully.

Category 3: Education and Vocational Training

Any AI system that determines access to, or significantly influences decisions about, educational or vocational training falls under this category. Automated scoring of student assessments, adaptive learning systems that track and gate progress, and AI proctoring tools used during examinations are all potential Annex III systems.

Worked example: A Belgian training provider uses an AI proctoring platform during certification exams. If that platform's output is used to pass or fail candidates, it is almost certainly Annex III. The provider, as the deployer, carries obligations under Article 26 including human oversight, logging, and transparency to affected individuals.

Category 4: Employment, Worker Management, and Access to Self-Employment

This is the category that most directly affects HR Directors and People teams. It covers AI used in recruitment, CV screening, interview analysis, performance monitoring, and decisions about promotion or termination.

The scope is deliberately wide. If an AI tool ranks candidates, scores performance, or flags employees for review, it likely qualifies. This is not limited to full automation. A tool that assists a human decision but whose output heavily shapes outcomes still counts.

Worked example: A 50-person Rotterdam-based fintech uses an applicant tracking system with AI-powered CV ranking. The vendor markets it as a time-saving tool, not a decision-maker. Under Annex III, the deployer's intent does not override the functional reality. If the AI scores and ranks candidates and humans rarely override the top five, the system is high-risk.

Deployers in this category must conduct a Fundamental Rights Impact Assessment (FRIA) as required by Article 27, keep logs accessible for at least six months, and inform workers that they are subject to AI-assisted decisions.

Category 5: Essential Private and Public Services

This covers AI used in credit scoring, insurance risk assessment, emergency services dispatch prioritisation, and the evaluation of eligibility for social benefits or public assistance.

For SMEs in financial services, this is critical. An AI tool that generates credit recommendations, flags insurance claims as potentially fraudulent, or scores loan applications qualifies here, even if a human makes the final call.

Worked example: A Dutch credit union uses a third-party AI scoring model integrated into its loan origination software. The credit union is the deployer. It must verify the system has a CE mark, obtain technical documentation from the provider, and implement human oversight mechanisms before August 2026.

Category 6: Law Enforcement

AI systems used by law enforcement for risk assessments, profiling, or evidence evaluation. This category applies almost exclusively to public-sector organisations. Private SMEs will rarely touch it unless they provide SaaS tools used by police or security agencies.

If you sell software to government clients, this is worth a brief audit of your downstream use cases.

Category 7: Migration, Asylum, and Border Control

Systems used for assessing visa applications, verifying asylum claims, predicting immigration risk, or identifying individuals at borders. Again, primarily public sector, but private contractors providing tools to immigration authorities fall within scope.

Category 8: Administration of Justice and Democratic Processes

AI used to assist courts in researching case law, predicting outcomes, or supporting arbitration. Also includes AI used in political campaigning or voting systems. Narrow applicability for most SMEs, but worth knowing if you operate in legal tech or civic technology.

Is YOUR System Annex III? A Practical Decision Framework

Work through these four questions in order.

Step 1: Does the AI system fall within one of the eight categories above? If no, it is likely not high-risk under Annex III (though it may still carry obligations under Article 50 or 4). If yes, continue.

Step 2: Does the system make or significantly influence decisions about individuals? Pure analytics dashboards that describe historical data without recommending action generally fall outside Annex III. Systems that score, rank, recommend, flag, or filter individuals do not.

Step 3: Are natural persons affected in ways that could harm their rights, access to opportunities, or financial standing? If yes, you are almost certainly inside Annex III.

Step 4: Did you build the system, or are you deploying a third-party system? If you are the deployer of a third-party system, your obligations sit primarily under Article 26. You must verify the provider has fulfilled their obligations, implement human oversight, conduct the FRIA where required, and maintain usage logs.

This four-step check will catch the majority of high-risk scenarios. For edge cases, the EU AI Act full text via EUR-Lex includes recitals that provide interpretive guidance on borderline systems.

What Happens After You Identify a High-Risk System

Once you confirm a system is Annex III, the compliance path is structured but manageable. The core steps for deployers are:

  1. Obtain and review technical documentation and the EU declaration of conformity from your provider.
  2. Implement human oversight so that affected individuals can challenge or request review of AI-assisted decisions.
  3. Complete a FRIA if the system falls into Categories 3, 4, or 5 and you are a public-sector deployer or a private deployer using a system that interacts with public services.
  4. Train staff on the system's purpose, limitations, and the correct escalation path. Article 4 of the Act requires AI literacy measures for all personnel involved with AI systems.
  5. Establish logging that preserves inputs and outputs for at least six months.
  6. Register in the EU high-risk AI database once that infrastructure is live.

The August 2026 deadline for most Annex III obligations is real. But companies that start the inventory process now, even a simple spreadsheet of tools, vendor names, and primary use cases, will find the remaining steps straightforward.

Start by running your AI tool inventory through the four-step framework above. If you want a faster result, the free 2-minute compliance check at comply.khairos.ai maps your tools against Annex III automatically and flags the obligations that apply to your organisation specifically.

Need help getting compliant?

The free 2-minute compliance check shows you exactly where your gaps are. No email gate to see your score.

Start the free check →