High-risk AI or not? classification guide for deployers
Whether an AI system is high-risk depends on Art. 6: it is high-risk if it is a safety component under Annex I or falls within an Annex III use case (such as employment, credit, or essential services). The Art. 6.3 exception can apply where the system performs only a narrow, non-decisive task.
Updated: June 2026
Introduction: why classification matters
The EU AI Act creates fundamentally different compliance obligations depending on riskriskIn the EU AI Act's terms, the combination of the probability that a harm occurs and the severity of it if it does. The link between a principle (via the harm that would breach it) and a control (the measure that reduces it). Naming the harm and assessing its risk is required by Art. 9 before any mitigation measure is chosen. See harm, control, residual risk.Open full entry → classification. High-risk AI triggers the full Art. 26 deployerdeployerAn organization using an AI system under its own authority in its activities — carrying operator duties: use per instructions, oversight, input relevance, monitoring, notices.Open full entry → obligations: usage instructions compliance, human oversighthuman oversightDesigned-in human ability to monitor, intervene in, override or shut down an AI system — meaningful only when the human has authority, information and time to act.Open full entry →, data quality controls, post-market monitoringpost-market monitoringProvider-side duty to systematically collect and act on experience from systems in use — the product-regulation half of continuous monitoring.Open full entry →, log retention, individual transparencytransparencyOpenness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.Open full entry →, and in some cases DPIADPIAData Protection Impact Assessment — required before likely-high-risk processing (systematic profiling with significant effects, large-scale special categories, public monitoring); AI development triggers it constantly.Open full entry → and FRIAFRIAFundamental Rights Impact Assessment — required of public bodies and certain private deployers before using some high-risk AI systems under the EU AI Act.Open full entry →. Non-high-risk AI, depending on type, may require only transparency disclosures or nothing at all.
The classification decision is therefore one of the most consequential compliance choices an organization makes. This guide walks through the classification methodology step by step.
Step 1: is the system an "AI system" under the EU AI Act?
Art. 3.1 defines an AI systemAI systemA machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs — predictions, content, recommendations or decisions — that can influence physical or virtual environments. The OECD-style definition followed by the EU AI Act.Open full entry → as "a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence real or virtual environments."
Key exclusions from the AI definition:
- Pure rule-based systems without any machine learningmachine learningThe dominant approach to AI: algorithms that improve at a task by learning patterns from data rather than following rules a human wrote.Open full entry → or inferenceinferenceThe stage where a trained model produces outputs on new inputs, as opposed to the training stage where it learns its parameters.Open full entry → component
- Statistical tools that apply fixed mathematical formulas without inference
- Traditional software automation that follows explicit programming
If your system is not an AI system under Art. 3.1, the EU AI Act does not apply.
Step 2: is the system prohibited under Art. 5?
Before assessing risk class, check against the eight prohibitions of Art. 5. If the system constitutes a prohibited AI practice, no risk classification exercise is needed, it must not be used.
Step 3: does the system fall under Annex i (safety-critical products)?
Check whether the AI system is a safety component of a product regulated by EU harmonization legislation listed in Annex I (machinery, medical devices, vehicles, etc.). If yes, the system is high-risk under Art. 6.1.
Step 4: does the system fall under Annex III?
Check the system against all eight categories of Annex IIIAnnex IIIThe EU AI Act's list of high-risk use-case areas — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice.Open full entry →. The most commonly relevant for Dutch private-sector deployers:
| Annex III category | Examples |
|---|---|
| Point 1: Biometric ID | Facial recognition for access controlcontrolThe concrete, testable measure that reduces a specific risk, and through that risk protects the principle behind it. Also called a risk management measure, risk response, or risk treatment. Always traceable to the risk it addresses: under EU AI Act Art. 9 every control must map back to a specific risk, and controls recorded separately from their risks is a recognized compliance failure. It works in one of three types: preventive, detective, or corrective. See risk, control types, evidence.Open full entry → (note: some uses removed post-Omnibus) |
| Point 2: Critical infrastructure | AI managing power grid, water systems, banking systems |
| Point 3: Education | AI affecting admission decisions, exam proctoring with significant impact |
| Point 4: Employment/HR | CV screening, performance evaluation, promotion decisions |
| Point 5: Essential services | Credit scoring, insurance underwriting, benefit eligibility |
| Point 8: Democratic processes | Voter registration, election integrity tools |
Step 5: does the Art. 6.3 exception apply?
Even if the system falls within Annex III categories, the Art. 6.3 exception may remove it from the high-risk classification if the providerproviderThe actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.Open full entry → can demonstrate: (1) the system does not make decisions with significant impact on natural persons or supports easily overridable human decisions; (2) no sensitive profilingprofilingAutomated processing of personal data to evaluate or predict aspects of a person, such as performance, behavior or location, as defined in the GDPR.Open full entry →; (3) limited potential harmharmThe concrete damage an AI system can do that a responsible-AI principle exists to prevent: in the EU AI Act's terms, harm to a person's health, safety, or fundamental rights. Harm is the bridge between an abstract principle and a governable risk; governance becomes operational the moment an organization names the specific harms it wants to prevent. For fairness, a harm is a group receiving systematically worse outcomes because of a characteristic that should not have counted. See principle, risk.Open full entry →.
Request the provider's Art. 6.3 documentation if they claim this exception. Verify it against your actual use case.
Step 6: is your use case adding risk?
Classification depends on how you use the system, not just what the system is capable of. A general-purpose language model used as the sole basis for credit decisions is high-risk in that deployment, even if the model itself is not specifically classified as a credit scoring system. Assess your specific use case against the Annex III categories, not just the system in the abstract.
Borderline cases
- HR scheduling software with AI: Scheduling AI that generates rosters a planner can freely modify, probably not high-risk. AI that determines working hours or contract terms, potentially high-risk under Annex III, point 4.
- Customer service chatbots: Limited risk AI (Art. 50 transparency). If the chatbot makes decisions about credit limits or contract changes, high-risk.
- Marketing recommendation engines: Not high-risk unless targeting vulnerable groups with exploitative techniques (Art. 5.1.b territory).
Compliance checklist
- Have you confirmed each AI system meets the Art. 3.1 definition?
- Have you assessed each system against Art. 5 before considering risk class?
- Have you checked against both Annex I and all eight Annex III categories?
- For potential Art. 6.3 systems: have you obtained the provider's written assessment?
- Have you assessed your specific use case (not just the abstract system) against the classification criteria?
- Is the classification rationale documented for each AI system?
- Is there a re-classification process for when use cases change?