EU AI Act Annex III: the eight high-risk categories explained

Annex III of the EU AI Act lists eight categories of AI use that classify as high-risk under Chapter III. If your AI system falls in any of these categories, the heaviest obligations of the Act apply: conformity assessment, technical documentation, data governance, human oversight, accuracy and robustness, post-market monitoring, incident reporting. The penalty for high-risk non-compliance is €15M or 3% of global turnover under Article 99(4). Annex III obligations apply on 2 December 2027 after the AI Omnibus moved the date from the original 2 August 2026. The substance of the high-risk regime did not change; only the application date moved.

The eight Annex III categories

  1. Biometric identification and categorization (remote biometric ID, biometric categorization inferring sensitive attributes, emotion recognition).
  2. Critical infrastructure (AI for managing road traffic, water, gas, heating, electricity supply, digital infrastructure).
  3. Education and vocational training (admissions decisions, grading, assessment of education level, monitoring during tests).
  4. Employment, workers management, and access to self-employment (recruitment, candidate filtering, evaluation, task allocation, monitoring).
  5. Access to essential private and public services (credit scoring, insurance pricing for life and health, evaluation of public-assistance eligibility, emergency dispatch).
  6. Law enforcement (risk assessment of natural persons, evidence reliability assessment, profiling).
  7. Migration, asylum, and border control (eligibility decisions, security risk assessment, identity verification).
  8. Administration of justice and democratic processes (judicial research tools, alternative dispute resolution, election outcome influence).

Which categories hit SaaS most often

Categories 3 (education), 4 (employment), and 5 (essential services) account for the majority of high-risk SaaS exposure. Category 1 (biometric) catches a smaller set, mostly identity-verification and emotion-analysis tools. Categories 6, 7, 8 mostly apply to public-sector AI but commercial SaaS sold into law enforcement, immigration agencies, or courts inherit those obligations. Category 2 (critical infrastructure) catches IoT and SCADA AI but rarely B2B SaaS. The vertical-specific implications are in our Industry pages.

The exemption under Article 6(3)

Article 6(3) provides a narrow exemption: an AI system in an Annex III area is NOT considered high-risk if it performs only one of: a narrow procedural task; an improvement of completed human activity; detection of decision-making patterns or deviations without intent to replace or influence the human assessment; or preparatory task to the actual decision. The exemption is fact-specific and conservative. Most SaaS that triggers an Annex III category will be high-risk under Article 6(1), not exempt under 6(3).

Obligations for high-risk systems

If your system is in Annex III and not exempt under 6(3), the full Chapter III applies: Article 9 risk management system, Article 10 data governance, Article 11 technical documentation, Article 12 logging, Article 13 instructions for use, Article 14 human oversight, Article 15 accuracy and robustness, Article 17 quality management system, Article 43 conformity assessment, Article 47 EU declaration of conformity, Article 48 CE marking, Article 49 registration in the EU database, Article 61 quality management for providers, Article 72 post-market monitoring, Article 73 incident reporting. The compliance lift is several hundred engineering and compliance hours per system.

Conformity assessment routes

Article 43 provides two conformity assessment routes for Annex III systems: (a) internal control (Annex VI) for most cases - the provider self-assesses against the standards; (b) involvement of a notified body (Annex VII) for systems in points 1(a), 1(b), 1(c) of Annex III (most biometric uses) and where harmonised standards are not yet available. Most SaaS use the self-assessment route. Notified body capacity is the constraint for the small number of cases requiring external assessment - queues are currently 9 to 18 months.

Frequently asked questions

When does Annex III take effect?

2 December 2027 for most Annex III categories. The AI Omnibus moved the date from the original 2 August 2026. The high-risk regime is still the largest single compliance lift in the Act, and the eighteen months between now and December 2027 is the realistic minimum to do the work properly.

What is the penalty for Annex III non-compliance?

Up to €15M or 3% of global turnover under Article 99(4) for failures to comply with high-risk obligations.

Does Article 6(3) save me from Annex III?

Rarely - the exemption is narrow and conservative. Most SaaS triggering an Annex III category will remain high-risk. The exemption applies mainly to narrow procedural automation rather than substantive AI features.

Do I need a notified body?

Only for specific cases - mainly biometric identification and categorization where harmonised standards are not yet available. Most Annex III SaaS use Article 43 internal-control self-assessment.

Can my Annex III classification change?

Yes - the European Commission can add or remove use cases from Annex III via delegated acts. Stay current with European AI Office guidance.

Sources

Last updated: 2026-06-09