According to a 2023 study by the Initiative for Applied Artificial Intelligence evaluating over 100 corporate AI systems, 18% qualified as high-risk under EU AI Act criteria yet 40% of systems could not be definitively classified, with researchers citing insufficient usage data and unclear intended purpose. For US organizations with EU market exposure, that classification ambiguity is not a theoretical problem. The EU AI Act (Regulation EU 2024/1689) applies regardless of where your company is headquartered: if your AI system’s output is used within the EU, you are in scope. High-risk misclassification carries fines of up to €15 million or 3% of global annual turnover, whichever is higher. Getting the classification right before August 2, 2026 is not optional.
This guide walks through the Article 6 two-pathway classification test, all eight Annex III use case categories, the Article 6(3) exemption mechanism, and what high-risk status means operationally for your compliance programme.
The EU AI Act’s Risk Tier Architecture
Before classifying a specific system, it helps to understand where high-risk sits within the Act’s overall structure. The regulation defines four risk tiers, with obligations scaling in proportion to potential harm.
| Risk Tier | Description | Key Obligation |
|---|---|---|
| Unacceptable Risk | Banned outright. Effective 2 February 2025. | Prohibition zero use permitted |
| High Risk | Permitted but subject to extensive pre-market and lifecycle obligations. | Conformity assessment, registration, Article 9–15 requirements |
| Limited Risk | Transparency obligations users must know they’re interacting with AI. | Disclosure requirements (chatbots, deepfakes) |
| Minimal Risk | No mandatory obligations. Vast majority of AI applications. | Voluntary good practice only |
The ‘unacceptable risk’ prohibitions covering social scoring systems, real-time biometric identification in public spaces, manipulative AI targeting vulnerable groups, and predictive policing based on personal characteristics took effect in February 2025. They are not the subject of this guide because there is nothing to classify: those systems are prohibited.
High-risk is where most compliance work lives. The Act dedicates the majority of its text to these systems precisely because they are permitted just subject to the most rigorous requirements.
One critical distinction: the risk tier assigned to an AI system reflects its use case and deployment context, not the sophistication of the underlying technology. A generative language model used in an HR screening tool is high-risk. The same underlying model used in a customer service chatbot is limited risk.
Article 6: The Two-Pathway Classification Test
Article 6 of the EU AI Act establishes the definitive classification test. An AI system is high-risk if it meets either of two conditions — and only one needs to apply.
Pathway 1: Safety-Critical Products (Annex I)
The first pathway covers AI systems used as safety components of products already governed by existing EU harmonisation legislation listed in Annex I. This includes medical devices, autonomous vehicles, aviation safety systems, industrial machinery, and several others.
The threshold is specific: the system must (a) function as a safety component of an Annex I product, or constitute the product itself, and (b) the Annex I product must be subject to a mandatory third-party conformity assessment under those sector laws. If both conditions apply, the AI system is automatically high-risk.
For most US enterprises, Pathway 1 is straightforward to assess. If your AI is embedded in a medical device sold in the EU, it’s high-risk. If your AI powers an automotive safety feature in a vehicle certified under EU type-approval regulation, it’s high-risk. The embedded-product nature makes the classification relatively unambiguous.
Pathway 2: Sensitive Use Cases (Annex III)
The second pathway is where most compliance teams spend their time and where most classification disputes arise. Annex III lists eight categories of AI use cases that are automatically classified as high-risk regardless of the technology used to implement them.
| Annex III Category | Examples of High-Risk Use Cases |
|---|---|
| 1. Biometrics | Remote biometric identification systems; biometric categorisation inferring protected characteristics |
| 2. Critical Infrastructure | AI managing road traffic, electricity grids, water supply, digital infrastructure |
| 3. Education & Vocational Training | AI determining access to education institutions; evaluating students; monitoring exam behaviour |
| 4. Employment & Workers Management | CV screening, job candidate ranking, task allocation, performance monitoring, termination decisions |
| 5. Essential Private/Public Services | Credit scoring; insurance risk assessment; benefits entitlement; emergency call prioritisation |
| 6. Law Enforcement | Risk assessments for crime, polygraph-equivalent tools, evidence reliability assessment |
| 7. Migration, Asylum & Border Control | Document authenticity, risk assessment, visa eligibility |
| 8. Administration of Justice | AI assisting in legal interpretation; researching and interpreting facts; applying law to facts |
The critical principle underlying Annex III is that these use cases all share a common characteristic: AI output directly influences decisions that significantly affect people’s fundamental rights, livelihoods, or physical safety. A credit-scoring AI that denies a loan, an HR AI that filters out job candidates, or a biometric system that identifies individuals in public each carries consequences significant enough to warrant the highest level of regulated oversight.
The Article 6(3) Exemption: When Annex III Systems Are Not High-Risk
Here is the part most compliance guides either skip or mishandle.
Article 6(3) creates a narrow but important exemption: even if an AI system falls within one of the eight Annex III categories, it is not high-risk if it does not pose a significant risk of harm to the health, safety, or fundamental rights of natural persons specifically including where it does not materially influence the outcome of decision-making.
The Act identifies four specific scenarios where this exemption may apply:
- The AI performs a narrow procedural task sorting, filtering, or formatting without affecting substantive decisions.
- The AI improves the result of a previously completed human activity without replacing the human assessment.
- The AI detects decision-making patterns or deviations without being meant to replace or influence a completed human assessment.
- The AI performs a preparatory task for an assessment listed in Annex III.
In practice, this exemption is narrower than it sounds. Applying it requires careful documentation. Under Article 6(4), any provider who concludes their Annex III system is not high-risk must document that assessment before placing the system on the market and register the system in the EU database under Article 49(2). The exemption is not self-executing it must be affirmatively documented and defensible.
One rule overrides the exemption entirely: any Annex III AI system that profiles natural persons is always considered high-risk, regardless of whether the Article 6(3) conditions are otherwise met. Profiling, as defined in the Act, means automated processing of personal data to assess aspects of a person’s life including work performance, economic situation, health, reliability, behaviour, location or movement.
That ‘profiling always = high-risk’ rule catches a significant number of systems that providers might otherwise argue fall within the Article 6(3) exemption. If your HR tool scores candidates based on behavioural signals, your credit model evaluates financial reliability, or your healthcare AI predicts patient risk you are profiling, and the exemption does not apply.
Annex III in Practice: Decision Logic for Each Category
Applying the classification test to real AI deployments requires looking beyond surface-level descriptions. The question is not ‘does this AI use biometric data?’ but ‘does this AI function as a biometric identification system in the way the Act defines it?’
Employment and Workers Management (Category 4)
This is the category most likely to catch US enterprises off guard. Any AI used to recruit, rank, screen, or select job candidates is high-risk. So is AI that monitors performance, allocates tasks, or supports termination decisions. The scope is deliberately broad the Act’s legislative history shows particular concern about algorithmic management systems that remove human judgment from employment decisions affecting EU workers.
US companies operating HR software globally, including legacy ATS tools enhanced with AI scoring, should assess whether their systems fall within Category 4 before August 2026.
Essential Services Credit and Insurance (Category 5)
AI used in creditworthiness assessment and insurance risk pricing falls squarely in Category 5. This has significant implications for fintech companies, lenders, and insurers offering products in the EU. The classification test focuses on whether the AI’s output influences the decision about access to essential financial services — not whether a human also reviews the output.
Biometrics (Category 1)
Remote biometric identification systems are high-risk (and in the case of real-time identification in public spaces by law enforcement, also largely prohibited). Biometric categorisation systems that infer characteristics like race, political opinions, or sexual orientation are also high-risk. Facial recognition used for identity verification at onboarding, on the other hand, may qualify for one of the explicit exceptions noted in Annex III.
Compliance Obligations That Attach to High-Risk Classification
Classifying a system as high-risk is not the end of the analysis it is the beginning of an extensive compliance programme. The obligations differ based on whether your organisation is a provider (developer who places the system on the market) or a deployer (user operating the system under their own authority).
Providers carry the primary burden:
- Article 9 – Establish and maintain a continuous risk management system throughout the AI system’s lifecycle, documenting identified risks, mitigation measures, and residual risks.
- Article 10 – Data governance requirements: training, validation, and testing datasets must be relevant, sufficiently representative, and as free as possible from errors and biases.
- Article 11 + Annex IV – Comprehensive technical documentation covering system architecture, intended purpose, training methodology, performance metrics, and risk assessment results.
- Article 12 – Automated record-keeping: the system must log events relevant to identifying risks and substantial modifications.
- Article 13 – Transparency and instructions for use, enabling deployers to understand and comply with their own obligations.
- Article 14 – Human oversight mechanisms: the system must be designed to allow effective human monitoring and intervention.
- Article 15 – Accuracy, robustness, and cybersecurity standards appropriate to the system’s intended purpose.
- Article 49 – Registration in the EU database of high-risk AI systems before market entry.
- Conformity Assessment Either self-assessment (for most Annex III systems) or third-party assessment (for biometric identification systems and Annex I safety products), resulting in a CE Declaration of Conformity.
Deployers have more limited but still significant obligations under Article 29: using systems in accordance with instructions, monitoring performance, logging usage data, conducting fundamental rights impact assessments where required, and informing workers when AI is used in employment-related decisions that affect them.
For US companies with no EU presence, Article 22 adds a specific requirement: non-EU providers of high-risk AI systems must designate an authorised representative established in the EU before placing the system on the EU market. That representative serves as the contact point for national authorities.
The August 2026 Deadline and What It Means for US Organizations
The core compliance deadline for Annex III high-risk AI systems is 2 August 2026. This is when full obligations conformity assessment, registration, Article 9–15 requirements, and associated penalty structures become enforceable for standalone Annex III systems.
A second deadline applies to AI embedded in regulated products (Annex I pathway): 2 August 2027. The European Commission’s Digital Omnibus proposal, published November 2025, proposed extending the Annex III standalone deadline to December 2027, but as of May 2026 this is still in legislative trialogue. Compliance planning should not assume the extension materialises.
The extraterritorial scope of the Act means US companies without any EU physical presence are still in scope if their AI system’s outputs are used within the EU. That last phrase is the one most US legal teams miss. If a US-built credit-scoring model scores an EU consumer, or a US-developed HR system ranks EU job applicants, the Act applies to the provider. The EU’s enforcement model for extraterritorial reach mirrors GDPR’s approach and GDPR enforcement has demonstrably reached non-EU companies.
| Key Date | What Applies |
|---|---|
| 2 February 2025 | Prohibited AI practices enforceable (social scoring, real-time biometric ID in public, manipulative AI, etc.) |
| 2 August 2025 | GPAI model obligations (transparency, documentation, adversarial testing for systemic risk models) |
| 2 August 2026 | High-risk AI system obligations for Annex III standalone systems currently the primary compliance deadline |
| 2 August 2027 | High-risk obligations for AI embedded in Annex I regulated products (medical devices, vehicles, etc.) |
| 2 December 2027 | Proposed Digital Omnibus extension for Annex III systems NOT yet law as of May 2026 |
Building a Classification Process: A Practical Framework
Classification is most defensible when it follows a structured, documented process not a one-time legal opinion. Organisations preparing for August 2026 need a repeatable assessment methodology that can be applied across their AI portfolio and updated as systems evolve.
A workable classification process follows five steps:
1.Map every AI system your organisation develops, deploys, or uses including AI capabilities embedded in third-party software. You cannot classify what you have not catalogued. Inventory all AI systems
2. Classification is purpose-specific. The same AI model can be high-risk in one deployment and minimal-risk in another. Document the intended purpose, the sector, and the decisions the AI output influences. Assess intended purpose and deployment context
3. Check Annex I (regulated product safety component?) and Annex III (Annex III use case category?). If either applies, provisionally classify as high-risk. Apply the Article 6 two-pathway test
4. For Annex III systems, evaluate whether the exemption conditions apply. Check for profiling if present, the exemption cannot apply. If the exemption is claimed, document the basis before market entry. Assess the Article 6(3) exemption where applicable
5. Classification is not a one-time event. AI systems evolve, intended purposes change, and deployment contexts shift. Maintain a living classification record tied to each system’s technical documentation. Document and maintain the classification record
Govern365.ai’s AI model registry provides a structured environment for this process mapping each AI system against Annex III categories, Article 6 pathway logic, and applicable compliance requirements, with audit trails that satisfy Article 12 record-keeping requirements. This is particularly useful for organisations managing large AI portfolios where manual classification tracking becomes unmanageable at scale.
ISO 42001 and the EU AI Act: Complementary Frameworks
ISO/IEC 42001 the international standard for AI Management Systems (AIMS) does not map directly onto the EU AI Act’s classification schema. But the two frameworks are more complementary than competing.
ISO 42001 Clause 6.1 requires organisations to identify and assess risks related to AI systems across their intended context of use. Article 9 of the EU AI Act requires a continuous risk management system for high-risk systems. The underlying logic is the same: documented risk identification, evaluation of controls, residual risk assessment, and ongoing monitoring. Organisations that implement ISO 42001 as their operational AI governance framework will find they have satisfied a significant portion of the Article 9 requirements particularly for documentation and risk methodology before the EU AI Act compliance audit begins.
The classification taxonomy differs. ISO 42001 does not use the four-tier EU risk model. But the AIMS framework’s requirement to define the intended use of AI systems, assess their potential for harm, and implement proportionate controls creates an organisational readiness that makes EU AI Act high-risk compliance faster and less expensive to implement.
Frequently Asked Questions
Does the EU AI Act apply to US companies?
Yes. The Act has explicit extraterritorial scope under Article 2. It applies to any provider placing an AI system on the EU market or putting it into service in the EU, regardless of where the provider is established. Critically, it also applies to providers and deployers outside the EU where the output of the AI system is used in the EU. A US company with no EU office, no EU employees, and no EU servers is still in scope if its AI system generates outputs used by EU residents or organisations. Non-EU providers of high-risk systems must also designate an authorised representative in the EU under Article 22.
What is the difference between a provider and a deployer?
A provider develops an AI system or has one developed and places it on the market or puts it into service under their own name or trademark. A deployer uses an AI system under their own authority for a specific purpose. Both roles carry compliance obligations for high-risk systems, but providers bear the primary burden (conformity assessment, technical documentation, CE marking). Deployers must ensure proper use, human oversight, and appropriate monitoring. An organisation can be both provider and deployer if it builds and uses its own AI systems internally.
Can a generative AI system be classified as high-risk?
Generative AI models are not classified as high-risk simply because of their architecture. The Act follows a use-case-based approach, not a technology-based one. A large language model used as a customer service chatbot is limited risk. The same model integrated into a system that screens job applicants is high-risk under Annex III Category 4. The classification attaches to the specific deployment and its intended purpose not to the underlying model. General-purpose AI models have their own separate regime under Articles 51–55.
What are the penalties for misclassifying an AI system?
The penalty for non-compliance with high-risk obligations is up to €15 million or 3% of global annual turnover, whichever is higher. Prohibited AI practices carry up to €35 million or 7% of global turnover. For SMEs, the same percentage thresholds apply with a lower absolute cap. Importantly, providing incorrect, incomplete, or misleading information to national authorities or notified bodies carries its own penalty tier of up to €7.5 million or 1% of global turnover which means a poorly documented classification decision carries direct penalty exposure independent of the substantive compliance failure.
What does ‘profiling’ mean under Article 6, and why does it matter?
Under the EU AI Act, profiling means automated processing of personal data to evaluate aspects of a person’s natural life including work performance, economic situation, health, personal preferences, reliability, behaviour, location, or movements. Any Annex III AI system that profiles individuals is always classified as high-risk, regardless of whether the Article 6(3) exemption conditions might otherwise apply. This rule catches a significant range of HR analytics, financial risk, and healthcare AI systems that providers might otherwise argue fall outside high-risk on the basis of performing narrow or preparatory tasks.
How does the Article 6(3) exemption work in practice?
The Article 6(3) exemption allows a provider to conclude that their Annex III system is not high-risk if it does not pose a significant risk of harm and does not materially influence decision outcomes. Four narrow scenarios are recognised: performing procedural tasks, improving previously completed human assessments, detecting decision patterns without replacing human review, or performing preparatory tasks. Critically, claiming the exemption is not self-executing. The provider must document the assessment before placing the system on the market and register the system in the EU database. The documentation must be defensible to national competent authorities on request.
The Classification Decision Cannot Wait
The EU AI Act’s high-risk classification test is not designed to be ambiguous Article 6 provides a structured two-pathway analysis, Annex III lists the specific use case categories, and Article 6(3) establishes the narrow exemption. The challenge for most organisations is not understanding the legal test; it is applying it systematically across an AI portfolio that was not built with regulatory classification in mind.
Start with inventory. Map your AI systems, document their intended purposes, and apply the Article 6 test to each. For any system that falls within Annex III, assess the exemption conditions carefully and if profiling is involved, remove it from the exemption analysis. For systems classified as high-risk, begin the Article 9-15 compliance build now. August 2026 is closer than most compliance calendars suggest.
Govern365.ai, by the Global AI Certification Council, provides the structured framework to run this process at scale from AI model registry and risk classification to conformity assessment preparation and audit evidence management. Start your 14-day free trial at govern365.ai
