High-Risk AI or Not? Classification Guide for Deployers
Updated: June 2026 — full revision to Validai quality standard
Introduction: Why Classification Matters
The EU AI Act creates fundamentally different compliance obligations depending on risk classification. High-risk AI triggers the full Art. 26 deployer obligations: usage instructions compliance, human oversight, data quality controls, post-market monitoring, log retention, individual transparency, and in some cases DPIA and FRIA. Non-high-risk AI — depending on type — may require only transparency disclosures or nothing at all.
The classification decision is therefore one of the most consequential compliance choices an organisation makes. This guide walks through the classification methodology step by step.
Step 1: Is the System an "AI System" Under the EU AI Act?
Art. 3.1 defines an AI system as "a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence real or virtual environments."
Key exclusions from the AI definition:
- Pure rule-based systems without any machine learning or inference component
- Statistical tools that apply fixed mathematical formulas without inference
- Traditional software automation that follows explicit programming
If your system is not an AI system under Art. 3.1, the EU AI Act does not apply.
Step 2: Is the System Prohibited Under Art. 5?
Before assessing risk class, check against the eight prohibitions of Art. 5. If the system constitutes a prohibited AI practice, no risk classification exercise is needed — it must not be used.
Step 3: Does the System Fall Under Annex I (Safety-Critical Products)?
Check whether the AI system is a safety component of a product regulated by EU harmonisation legislation listed in Annex I (machinery, medical devices, vehicles, etc.). If yes, the system is high-risk under Art. 6.1.
Step 4: Does the System Fall Under Annex III?
Check the system against all eight categories of Annex III. The most commonly relevant for Dutch private-sector deployers:
| Annex III category | Examples |
|---|---|
| Point 1: Biometric ID | Facial recognition for access control (note: some uses removed post-Omnibus) |
| Point 2: Critical infrastructure | AI managing power grid, water systems, banking systems |
| Point 3: Education | AI affecting admission decisions, exam proctoring with significant impact |
| Point 4: Employment/HR | CV screening, performance evaluation, promotion decisions |
| Point 5: Essential services | Credit scoring, insurance underwriting, benefit eligibility |
| Point 8: Democratic processes | Voter registration, election integrity tools |
Step 5: Does the Art. 6.3 Exception Apply?
Even if the system falls within Annex III categories, the Art. 6.3 exception may remove it from the high-risk classification if the provider can demonstrate: (1) the system does not make decisions with significant impact on natural persons or supports easily overridable human decisions; (2) no sensitive profiling; (3) limited potential harm.
Request the provider's Art. 6.3 documentation if they claim this exception. Verify it against your actual use case.
Step 6: Is Your Use Case Adding Risk?
Classification depends on how you use the system, not just what the system is capable of. A general-purpose language model used as the sole basis for credit decisions is high-risk in that deployment, even if the model itself is not specifically classified as a credit scoring system. Assess your specific use case against the Annex III categories — not just the system in the abstract.
Borderline Cases
- HR scheduling software with AI: Scheduling AI that generates rosters a planner can freely modify — probably not high-risk. AI that determines working hours or contract terms — potentially high-risk under Annex III, point 4.
- Customer service chatbots: Limited risk AI (Art. 50 transparency). If the chatbot makes decisions about credit limits or contract changes — high-risk.
- Marketing recommendation engines: Not high-risk unless targeting vulnerable groups with exploitative techniques (Art. 5.1.b territory).
Compliance Checklist
- Have you confirmed each AI system meets the Art. 3.1 definition?
- Have you assessed each system against Art. 5 before considering risk class?
- Have you checked against both Annex I and all eight Annex III categories?
- For potential Art. 6.3 systems: have you obtained the provider's written assessment?
- Have you assessed your specific use case (not just the abstract system) against the classification criteria?
- Is the classification rationale documented for each AI system?
- Is there a re-classification process for when use cases change?