High-risk AI or not? classification guide for deployers

Updated: June 2026

Introduction: why classification matters

The EU AI Act creates fundamentally different compliance obligations depending on risk classification. High-risk AI triggers the full Art. 26 deployerdeployerAn organization using an AI system under its own authority in its activities — carrying operator duties: use per instructions, oversight, input relevance, monitoring, notices.Open full entry → obligations: usage instructions compliance, human oversighthuman oversightDesigned-in human ability to monitor, intervene in, override or shut down an AI system — meaningful only when the human has authority, information and time to act.Open full entry →, data quality controls, post-market monitoringpost-market monitoringProvider-side duty to systematically collect and act on experience from systems in use — the product-regulation half of continuous monitoring.Open full entry →, log retention, individual transparencytransparencyOpenness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.Open full entry →, and in some cases DPIADPIAData Protection Impact Assessment — required before likely-high-risk processing (systematic profiling with significant effects, large-scale special categories, public monitoring); AI development triggers it constantly.Open full entry → and FRIAFRIAFundamental Rights Impact Assessment — required of public bodies and certain private deployers before using some high-risk AI systems under the EU AI Act.Open full entry →. Non-high-risk AI, depending on type, may require only transparency disclosures or nothing at all.

The classification decision is therefore one of the most consequential compliance choices an organisation makes. This guide walks through the classification methodology step by step.

Step 1: is the system an "AI system" under the EU AI Act?

Art. 3.1 defines an AI systemAI systemA machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs — predictions, content, recommendations or decisions — that can influence physical or virtual environments. The OECD-style definition followed by the EU AI Act.Open full entry → as "a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence real or virtual environments."

Key exclusions from the AI definition:

• Pure rule-based systems without any machine learningmachine learningThe dominant approach to AI: algorithms that improve at a task by learning patterns from data rather than following rules a human wrote.Open full entry → or inference component
• Statistical tools that apply fixed mathematical formulas without inference
• Traditional software automation that follows explicit programming

If your system is not an AI system under Art. 3.1, the EU AI Act does not apply.

Step 2: is the system prohibited under Art. 5?

Before assessing risk class, check against the eight prohibitions of Art. 5. If the system constitutes a prohibited AI practice, no risk classification exercise is needed, it must not be used.

Step 3: does the system fall under Annex i (safety-critical products)?

Check whether the AI system is a safety component of a product regulated by EU harmonisation legislation listed in Annex I (machinery, medical devices, vehicles, etc.). If yes, the system is high-risk under Art. 6.1.

Step 4: does the system fall under Annex III?

Check the system against all eight categories of Annex IIIAnnex IIIThe EU AI Act's list of high-risk use-case areas — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice.Open full entry →. The most commonly relevant for Dutch private-sector deployers:

Annex III category	Examples
Point 1: Biometric ID	Facial recognition for access control (note: some uses removed post-Omnibus)
Point 2: Critical infrastructure	AI managing power grid, water systems, banking systems
Point 3: Education	AI affecting admission decisions, exam proctoring with significant impact
Point 4: Employment/HR	CV screening, performance evaluation, promotion decisions
Point 5: Essential services	Credit scoring, insurance underwriting, benefit eligibility
Point 8: Democratic processes	Voter registration, election integrity tools

Step 5: does the Art. 6.3 exception apply?

Even if the system falls within Annex III categories, the Art. 6.3 exception may remove it from the high-risk classification if the providerproviderThe actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.Open full entry → can demonstrate: (1) the system does not make decisions with significant impact on natural persons or supports easily overridable human decisions; (2) no sensitive profiling; (3) limited potential harm.

Request the provider's Art. 6.3 documentation if they claim this exception. Verify it against your actual use case.

Step 6: is your use case adding risk?

Classification depends on how you use the system, not just what the system is capable of. A general-purpose language model used as the sole basis for credit decisions is high-risk in that deployment, even if the model itself is not specifically classified as a credit scoring system. Assess your specific use case against the Annex III categories, not just the system in the abstract.

Borderline cases

• HR scheduling software with AI: Scheduling AI that generates rosters a planner can freely modify, probably not high-risk. AI that determines working hours or contract terms, potentially high-risk under Annex III, point 4.
• Customer service chatbots: Limited risk AI (Art. 50 transparency). If the chatbot makes decisions about credit limits or contract changes, high-risk.
• Marketing recommendation engines: Not high-risk unless targeting vulnerable groups with exploitative techniques (Art. 5.1.b territory).

Compliance checklist

1. Have you confirmed each AI system meets the Art. 3.1 definition?
2. Have you assessed each system against Art. 5 before considering risk class?
3. Have you checked against both Annex I and all eight Annex III categories?
4. For potential Art. 6.3 systems: have you obtained the provider's written assessment?
5. Have you assessed your specific use case (not just the abstract system) against the classification criteria?
6. Is the classification rationale documented for each AI system?
7. Is there a re-classification process for when use cases change?