Most EU AI Act coverage focuses on the GPAI rules (for model builders) or the Article 50 transparency requirements (for chatbots and deepfakes). The Annex III rules for high-risk AI systems get less attention, but they cover more companies. If your company uses AI to screen job applicants, approve credit, triage insurance claims, or monitor employee performance, you are likely deploying a high-risk AI system under EU law.
The EU Digital Omnibus (provisional political agreement, May 7, 2026, formal adoption expected June/July 2026) extended the Annex III compliance deadline by 16 months, from August 2, 2026 to December 2, 2027. That is still 18 months away. Enough time to build a compliant program if you start now, not enough time to ignore it.
TL;DR: Annex III of the EU AI Act lists 8 categories of high-risk AI. The EU Digital Omnibus (provisional agreement, May 7, 2026) pushed the full compliance deadline for standalone Annex III systems to December 2, 2027. Providers must complete conformity assessment, build technical documentation, and register before that date. Deployers must implement human oversight, maintain logs, and notify affected employees. Prohibited AI practices (Article 5) are already enforceable since February 2, 2025. Those did not move.
The 8 Annex III categories
Annex III defines high-risk AI by use case, not by technical architecture. The same underlying model can be high-risk in one context and not in another.
1. Biometric identification and categorization
AI systems used for remote biometric identification of natural persons (verifying or identifying who someone is from their face, gait, or other biometric data). This includes:
- Facial recognition used for physical access control or timekeeping
- Real-time biometric identification in publicly accessible spaces (nearly always prohibited under Article 5, with narrow law enforcement exceptions)
- Post-hoc biometric identification: identifying a person from recorded footage after the fact (allowed for law enforcement, subject to authorization)
- Biometric categorization that infers sensitive attributes (political opinions, religious beliefs, sexual orientation, racial origin) from biometric data: prohibited outright under Article 5
Note: biometric verification (checking that you are who you claim to be, like a passport scan matched to a selfie) is generally not high-risk under Annex III. The high-risk rules target identification (finding who someone is in a crowd) and sensitive categorization.
2. Critical infrastructure management
AI systems used as safety components in the management and operation of critical infrastructure, including energy grids, water supply, transport networks, and digital infrastructure. Applies when AI failure could endanger health, safety, or essential services at scale.
Most small teams are not in this category. Exceptions: IoT platforms that feed into utility management systems, industrial control software that interfaces with grid operations, or fleet management AI used by transport operators.
3. Education and vocational training
AI systems used to:
- Determine access to educational and vocational training institutions
- Assess students during examinations (AI proctoring that can determine exam outcomes)
- Evaluate learning outcomes in ways that affect access to education
- Monitor and detect student behavior (cheating detection systems that trigger consequences)
Not covered: AI tutoring tools, recommendation engines suggesting courses, grammar checkers used for feedback.
4. Employment and worker management
This is the category most relevant to companies outside healthcare and finance. It covers AI used to:
- Recruit or select job applicants (resume screening, interview analysis, automated ranking of candidates)
- Make or significantly influence decisions about promotion, assignment, or termination
- Monitor and evaluate employee performance and behavior
- Allocate tasks to workers and determine their conditions of work
The EU AI Act employment category overlaps significantly with US laws: Illinois AIVRA (for video interviews), Colorado SB 205 (high-risk AI decisions about employment), and EEOC guidance on AI in hiring. Companies operating in both jurisdictions face compliance obligations from multiple directions.
Most affected tools: HireVue, Pymetrics, Workday AI, SAP SuccessFactors AI modules, Greenhouse AI scoring, any custom-built resume ranking system.
5. Essential private services: credit, insurance, and similar
AI used to evaluate access to or terms of essential services:
- Credit scoring and loan assessment AI
- Insurance risk assessment and pricing AI
- Actuarial models that determine insurance eligibility
- AI that assesses creditworthiness for utilities or rental applications
This covers fintech credit decisioning AI, AI that determines insurance premiums, and AI used by banks to approve or price credit products.
6. Law enforcement
AI systems used by law enforcement authorities to:
- Assess the risk of an individual offending or reoffending
- Conduct risk assessments for use in criminal investigations
- Profile individuals in the course of detection, investigation, or prosecution
Applies primarily to public authorities. Private companies building tools for law enforcement agencies are providers of high-risk AI. Pure commercial tools (fraud detection for private banks, private security AI) are generally not in this category unless they feed into law enforcement processes.
7. Migration, asylum, and border control
AI systems used to:
- Assess risk of irregular migration
- Verify authenticity of travel documents
- Process asylum applications (AI that assists in assessing applications)
- Evaluate whether border crossing should be permitted
Applies primarily to public authorities. Vendors building AI for border agencies or immigration authorities are subject to the high-risk rules as providers.
8. Administration of justice and democratic processes
AI used to assist courts in researching law, facts, or applying the law to facts. Also covers AI that influences the outcome of elections or referendums (voter profiling, political micro-targeting), though these applications often also fall under the Article 5 prohibitions.
Decision table: is your AI high-risk?
| If your AI does this... | Annex III category | High-risk? |
|---|---|---|
| Screens job applications | Employment (4) | Yes |
| Monitors employee productivity | Employment (4) | Yes |
| Scores creditworthiness | Essential services (5) | Yes |
| Prices insurance policies | Essential services (5) | Yes |
| Identifies faces in real-time | Biometric (1) | Usually prohibited (Article 5) |
| Matches faces to a database post-event | Biometric (1) | Yes (law enforcement) |
| Determines access to a university course | Education (3) | Yes |
| Proctors online exams | Education (3) | Yes |
| Recommends courses to learners | Education (3) | No |
| Detects fraud for a private bank | Not listed | No |
| Detects fraud for law enforcement | Law enforcement (6) | Yes |
| Drafts emails using AI | None | No |
| Summarizes legal documents internally | None | No |
| Assists a judge in researching case law | Justice (8) | Yes |
| Optimizes energy usage in a building | None | No |
| Controls a power grid | Critical infrastructure (2) | Yes |
What providers must do before December 2, 2027
Providers are companies that develop and place high-risk AI systems on the EU market. This includes software vendors who sell AI tools used in high-risk contexts, even if they do not do the final deployment themselves.
1. Risk management system (Article 9) Implement and maintain an ongoing risk management process for the AI system. This is not a one-time risk assessment but a continuous process that must run through the system's lifetime.
2. Data governance (Article 10) Training, validation, and testing data must meet quality criteria. Data must be relevant, representative, and free of errors that could introduce bias affecting protected groups. You must document the data sources and the measures taken to identify and address biases.
3. Technical documentation (Article 11 + Annex IV) Prepare documentation covering: general description of the system, intended purpose, elements of the system, changes made, system performance metrics, datasets used, risk management, and human oversight measures. This documentation must be ready for regulators on request.
4. Automatic logging (Article 12) High-risk AI systems must generate logs automatically. The logs must enable post-hoc monitoring of the system's operation and must be kept for defined periods (6 months minimum for deployers; providers determine retention for their documentation).
5. Transparency and instructions for use (Article 13) Provide deployers with clear instructions covering: the identity of the provider, the capabilities and limitations of the system, the performance metrics and their test conditions, any known risks, the human oversight measures needed, and the technical measures to support oversight.
6. Human oversight (Article 14) Design the system so humans can effectively oversee it. This means the system must allow human intervention, must not prevent humans from overriding outputs, and must communicate to users when the system cannot reliably perform. Oversight is not optional. If your system is designed to bypass or minimize human review, it is non-compliant.
7. Accuracy, robustness, cybersecurity (Article 15) The system must achieve appropriate accuracy for its intended purpose, be robust against errors and attempts to manipulate outputs, and meet cybersecurity requirements proportionate to the risks.
8. Conformity assessment Conduct an internal conformity assessment (third-party assessment required only for biometric systems and a subset of critical infrastructure AI). Issue an EU Declaration of Conformity. Affix CE marking.
9. Register in the EU AI Act database Register the system before placing it on the EU market. The EU AI Office maintains the database.
What deployers must do before December 2, 2027
Deployers are companies that use a high-risk AI system in a professional context in the EU, even if they did not build it.
1. Fundamental rights impact assessment (FRIA) Deployers who are public authorities, or who deploy AI for credit scoring or insurance risk assessment on behalf of public bodies, must conduct a fundamental rights impact assessment before deployment. Private employers using hiring AI are not yet required to conduct a formal FRIA, but documenting the risk review is strongly recommended.
2. Human oversight Assign qualified persons to oversee the AI system. Ensure they have the authority and practical ability to override or stop outputs. Train them in the system's capabilities and known limitations.
3. Maintain use logs Deployers must retain the logs generated by the AI system for at least 6 months (longer if the sector requires it; financial records and HR records often impose longer retention). These logs are subject to regulatory inspection.
4. Notify employees If you use high-risk AI systems that affect employees (performance monitoring, task allocation, promotion or termination decisions), you must inform those employees. This applies to category 4 systems (employment).
5. Data protection For high-risk AI systems that process personal data, your existing GDPR obligations apply. The AI Act and GDPR obligations run in parallel. Article 22 GDPR rights to human review of automated decisions overlap with the AI Act's human oversight requirement. Maintain both.
6. Register (if applicable) Deployers who are public bodies deploying Annex III AI (categories 1-6 and 8) must register in the EU AI Act database in addition to the provider registration.
Transitional period: what the EU Digital Omnibus changed
The EU Digital Omnibus (provisional agreement, May 7, 2026; formal adoption pending) significantly extended the compliance timeline for Annex III high-risk AI systems:
- Standalone Annex III AI systems (most employment, credit, education, biometric AI not embedded in a regulated product): compliance deadline moved from August 2, 2026 to December 2, 2027.
- High-risk AI embedded in Annex I regulated products (medical devices, machinery, lifts, etc. covered by existing EU harmonization law): compliance deadline moved to August 2, 2028.
- Prohibited AI practices (Article 5): not affected. Enforceable since February 2, 2025.
- GPAI obligations (Articles 53-55): not affected. August 2, 2026 remains.
The "no significant changes" exemption still applies. If a system already on the market undergoes a significant change (new intended purpose, retraining on materially different data, changed decision thresholds), the new deadline applies from the date of that change.
If your system is already deployed and you plan no significant changes, document that position now so you have a defensible record if the Omnibus timelines shift again or national authorities begin inspecting earlier.
Compliance checklist for December 2, 2027
For providers:
- Map every AI system you offer to EU customers against the 8 Annex III categories
- For each high-risk system: confirm the intended purpose matches a category or confirm it does not qualify
- Draft and finalize technical documentation per Annex IV
- Implement the risk management system (Article 9): this is an ongoing process, not a one-time exercise
- Audit training data for representativeness and bias (Article 10)
- Confirm automatic logging is in place (Article 12)
- Prepare instructions for use for deployers (Article 13)
- Verify human oversight controls are built into the system (Article 14)
- Complete internal conformity assessment; issue EU Declaration of Conformity
- Register in the EU AI Act database
- Affix CE marking to the system
- Establish a post-market monitoring plan
For deployers:
- Inventory all AI systems in use and identify which fall under Annex III
- Request technical documentation and instructions for use from each provider
- Assign qualified persons with authority to oversee each high-risk system
- Implement the human oversight measures specified by the provider
- Configure log retention for at least 6 months
- Notify employees affected by AI systems in category 4 (employment)
- Complete a fundamental rights impact assessment if required (public bodies, certain financial deployments)
- Verify your GDPR Article 22 compliance runs in parallel with AI Act oversight obligations
- Register if you are a public body deploying Annex III AI
Enforcement and penalties
The EU AI Act assigns enforcement to national market surveillance authorities in each member state. The EU AI Office coordinates at the European level, particularly for GPAI and systemic risk cases.
For violations of the Annex III obligations, fines reach up to 15 million EUR or 3% of global annual turnover, whichever is higher. Deploying a prohibited AI system (Article 5) carries higher penalties: up to 35 million EUR or 7% of global turnover.
Enforcement timelines by obligation type:
- Prohibited practices (Article 5): enforceable since February 2, 2025
- GPAI transparency and copyright obligations: August 2, 2026
- Annex III standalone high-risk systems: December 2, 2027
- High-risk AI in Annex I regulated products: August 2, 2028
The current enforcement phase (February 2025 onward) focuses on the Article 5 prohibitions: social scoring AI, real-time biometric surveillance in public spaces, AI that exploits vulnerabilities, and AI that manipulates behavior subliminally. If your system touches any of those, it is already in scope. No deadline extension applies.
Related reading
- EU AI Act August 2026 compliance checklist
- EU AI Act complete guide for small teams
- GDPR Article 22: automated decisions and your AI tools
- HR AI governance: hiring decisions and EU AI Act
- EU AI Act Article 50: watermarking and deepfake disclosure
- GPAI Code of Practice final, June 2026
- What is the EU AI Act: plain English guide
