Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064


EU AI Act · High-Risk Classification

Is your AI system high-risk under the EU AI Act?

High-risk is the heaviest tier short of banned, and it is the one most organisations get wrong in both directions. Some assume they are caught when a narrow exception lets them out. Others assume they are safe when their hiring or credit tool sits squarely in Annex III. Work through the three steps for a grounded read, the article behind it, and what you would owe if the answer is yes.

Interactive

Check your system

Three questions, based on Article 6 and Annex III. This is guidance, not legal advice, and the exception in step 3 needs documented justification to rely on.

Step 1 of 3
Is your AI a safety component of a product already regulated by EU law?
Products covered by the Union harmonisation legislation in Annex I: medical devices, machinery, vehicles, lifts, radio equipment, toys, and similar. “Safety component” means a failure could endanger health or safety.

Step 2 of 3
Does its intended purpose fall in one of the eight Annex III areas?
Pick the closest match. If none fit, choose the last option.








Step 3 of 3
Does it only do a limited, non-decisive task, and never profile people?
The Article 6(3) exception applies where an Annex III system does not pose a significant risk of harm because it ONLY does one of: a narrow procedural task; improving the result of a finished human activity; flagging patterns or deviations without replacing human judgment; or a preparatory task. It never applies if the system profiles individuals.

The list

The eight Annex III areas

Systems whose intended purpose falls in these areas are presumed high-risk under Article 6(2), subject to the Article 6(3) exception.

1Biometrics

Remote biometric identification (not simple verification), biometric categorisation by sensitive attributes, and emotion recognition.

2Critical infrastructure

Safety components in the management of critical digital infrastructure, road traffic, and the supply of water, gas, heating, and electricity.

3Education and training

Admission decisions, assessment of learning outcomes, steering the level of education a person receives, and exam-monitoring for prohibited behaviour.

4Employment

Recruitment and selection, decisions on promotion or termination, task allocation, and monitoring or evaluating performance.

5Essential services

Eligibility for public assistance benefits [5(a)], creditworthiness and credit scoring [5(b)], risk assessment and pricing in life and health insurance [5(c)], and emergency call dispatch and triage [5(d)].

6Law enforcement

Risk assessments, polygraph-style tools, evidence reliability, and profiling in the course of detecting, investigating, or prosecuting offences.

7Migration and borders

Risk assessments, application examination, and detection tools used by competent authorities.

8Justice and democracy

Assisting a judicial authority in researching and interpreting facts and law, and influencing the outcome of elections or voting behaviour.

The obligations

If you are high-risk, this is what you owe

The seven core provider requirements sit in Articles 9 to 15, before the system reaches the market.

Art. 9Risk managementA continuous, documented process across the whole lifecycle.
Art. 10Data governanceRelevant, representative training data with bias examination.
Art. 11Technical documentationThe Annex IV file, kept for 10 years.
Art. 12LoggingAutomatic event logs for traceability.
Art. 13TransparencyInstructions that let deployers understand and use it correctly.
Art. 14Human oversightDesigned so a person can understand, override, and stop it.
Art. 15Accuracy and securityAppropriate accuracy, resilience to errors, and cybersecurity.

Plus conformity assessment (Art. 43), the EU declaration of conformity and CE marking (Art. 47 and 48), and registration in the EU database (Art. 49), before 2 August 2026.

Questions

Common questions

Maybe not. Article 6(3) carves out Annex III systems that do not pose a significant risk of harm because they only perform a narrow procedural task, improve the result of a finished human activity, flag patterns without replacing human judgment, or do preparatory work. The catch is two-fold: it never applies if the system profiles people, and you have to document your assessment of why the exception applies. The exemption is real, but it is earned with evidence, not assumed.

A provider develops the system or has it developed and places it on the market. A deployer uses it under its own authority. Most of the Article 9 to 15 requirements fall on the provider, but deployers of high-risk AI have their own duties under Article 26, and a deployer that substantially modifies a system, or uses it under its own name, can become a provider and inherit the full obligation set.

For Annex III systems, 2 August 2026. For high-risk AI that is a safety component of an Annex I regulated product, the later date of 2 August 2027 applies under Article 6(1). Systems already on the market before the relevant date get transitional treatment under Article 111, with public-authority systems due by 2 August 2030.

Member resource · coming soon

Run this across every system in your inventory

The tool checks one system. Members get a saved classification register for your whole AI estate, the Article 6(3) exception justification template, and the Annex IV documentation pack. The free checker stays free.

Start with the free templates
Notify me when it launches

Grounded in Regulation (EU) 2024/1689, Article 6, Annex III, and Articles 9 to 15, 43, 47 to 49. Educational resource, not legal advice. Last checked July 2026. The Article 6(3) exception requires your own documented assessment. New to the terms here? See the plain-English glossary. Full guide and sources.