Annex III: when your SaaS feature is actually high-risk under the EU AI Act

# Annex III: when your SaaS feature is actually high-risk under the EU AI Act

The most expensive mistake I see SaaS teams make is calling a high-risk feature "limited-risk" because they want to avoid the conformity assessment. The second most expensive mistake is the opposite: calling everything high-risk because the rule sounds scary, and burying yourself in paperwork you do not actually need.

Annex III of the EU AI Act lists eight high-risk areas. If your AI feature falls into one of them, you are subject to a different and heavier set of obligations than the Article 50 transparency duties. If your feature does not fall into any of them, you are likely limited-risk or minimal-risk, and the compliance burden is much lighter.

This post is the decision tree the Disclos team uses on every audit, plus eight examples from real SaaS we have audited.

The eight Annex III areas, in plain English

  1. Biometric identification and categorisation. Face recognition, voice recognition for identification, gait recognition. Not biometric verification (one-to-one match like fingerprint unlock).
  2. Critical infrastructure. Water, gas, electricity, traffic management. Mostly outside SaaS.
  3. Education and vocational training. Admissions, grading, monitoring during exams, predicting academic outcomes.
  4. Employment and worker management. CV screening, performance evaluation, task allocation, termination decisions, monitoring.
  5. Access to essential public and private services. Creditworthiness scoring, public benefits eligibility, emergency services dispatch, health and life insurance pricing or coverage decisions.
  6. Law enforcement. Risk assessment of individuals, polygraph-style systems, evidence reliability assessment.
  7. Migration, asylum, border control. Risk assessment, document verification, visa processing.
  8. Administration of justice and democratic processes. Researching facts, interpreting laws, influencing voters.

For SaaS, the areas that come up most often are 1, 3, 4, 5. The rest rarely apply unless you sell to specific verticals.

The decision tree

I run every AI feature through three questions:

Question 1: Does the feature make a decision about a person, or is it just a tool the person uses?

If the feature recommends, ranks, scores, or classifies a person, you are probably in Annex III territory. If the feature helps the person draft a document, summarise their own text, or generate an image, you are probably not.

A grammar checker is not high-risk. A grammar checker that scores a job applicant's writing quality and feeds that score into a hiring decision is.

Question 2: Does the decision affect the person's access to something significant?

Significant means: a job, a benefit, an education slot, credit, insurance, healthcare. If the answer is yes, you are high-risk. If the AI helps the person decide which restaurant to eat at, you are not.

Question 3: Is the person aware the decision is happening, and can they contest it?

If the answer is no on either side, you are deeper into high-risk territory and likely also into prohibited territory under Article 5 (manipulative AI). Article 5 risk is unrelated to Annex III but worth flagging in the same audit.

Eight examples from real SaaS audits

These are anonymised but real. I have audited each one in the last six months.

A: Recruitment SaaS with AI CV screening. Annex III(4) employment. High-risk. Needs conformity assessment, technical file, human oversight policy, registration in EU database.

B: HR SaaS with AI-generated job descriptions. The AI helps the recruiter write the JD. The recruiter posts it. No decision about applicants. Limited-risk under Article 50(2) (synthetic content disclosure). Not high-risk.

C: Customer support SaaS with AI auto-reply suggestions. The AI suggests responses, the human support agent picks one. No automated decision about the customer. Limited-risk under Article 50(1) if the support agent's reply is sent as AI-authored, otherwise minimal-risk.

D: Lending platform with AI credit scoring. Annex III(5) creditworthiness. High-risk. This one is unambiguous. Full conformity assessment required.

E: EdTech platform with AI tutoring that does not grade. The AI explains concepts to students. No grading, no admission decision, no exam monitoring. Limited-risk under Article 50(1). Disclose the AI, done.

F: EdTech platform with AI grading of essays. Annex III(3) education. High-risk. Even if a teacher reviews the AI's grade before final submission, the AI is doing the substantive grading work, and that triggers Annex III.

G: HealthTech SaaS that helps doctors draft patient notes. Doctor reviews and signs every note. The AI does not diagnose or recommend treatment. Limited-risk under Article 50(2) for synthetic content. Not Annex III.

H: HealthTech SaaS that triages patient symptoms and recommends urgency level. This one is borderline. If the recommendation is non-binding and a clinician makes the final call, it can be limited-risk. If the recommendation determines who gets seen and in what order, it is Annex III(5) access to essential services. We classified this one as high-risk in the audit and recommended the team build the human-in-the-loop properly before launch.

The cost difference between getting this right and getting it wrong

If you correctly classify a feature as limited-risk, you ship a disclosure and document the decision. Time investment: half a day.

If you correctly classify a feature as high-risk, you build a risk management system, a technical file under Article 11, a human oversight policy, accuracy and robustness testing, post-market monitoring, and you register in the EU database. Time investment: 6 to 12 weeks for a small team.

If you misclassify high-risk as limited-risk, you are operating in violation. Article 99(3) sets the penalty for non-compliance with high-risk obligations: up to 15 million euros or 3 percent of worldwide annual turnover.

If you misclassify limited-risk as high-risk, you burn six weeks of engineering time you did not need to burn.

The classification step is the highest leverage step in the whole EU AI Act compliance process. Get it right.

How the Disclos team does this

Every 5-day audit we run starts with mapping every AI feature in the product against Annex III. We use the same decision tree above, applied feature by feature, documented in writing so you can hand the file to a regulator or a board member without rebuilding the reasoning from memory.

The classification is in the PDF deliverable. The reasoning is in the PDF deliverable. The proof of how we made each call is in the PDF deliverable. That is what you are paying 997 euros for. Refund guaranteed if your SaaS is not compliant by 2 August 2026.

You can also run the same classification yourself with the classify.py script in our open-source repo. Free, MIT licensed, answers five questions and returns the risk category. Use it for a first-pass triage, then decide whether you want us to do the formal audit.

Either path: do the classification step before you do anything else. It changes everything downstream.

Last updated: 2026-06-04