Hael
Sign inRequest a demo
EU AI Act · Requirements

What are high-risk AI systems under the EU AI Act?

Updated 30 June 2026 · 7 min read
Key takeaway
High-risk AI systems under the EU AI Act are systems used in contexts where they could significantly affect people's safety or fundamental rights, such as hiring, credit scoring, biometric identification, education, and critical infrastructure. They are not banned, but they carry the Act's heaviest obligations, and classifying your systems correctly is the foundation of compliance.
  • High-risk systems are defined by Annex III use cases or by Annex I product-safety rules.
  • They are permitted but carry the Act's heaviest obligations, including conformity assessment.
  • A narrow exception exists for genuinely low-impact procedural tasks, but it must be documented.
  • Correct classification is the foundation of EU AI Act compliance.
  • Current as of June 2026. This is general information, not legal advice.

The two routes to high-risk

A system can be high risk in one of two ways:

  • Annex III use cases: Stand-alone AI systems used in specific listed areas. These include biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services (including creditworthiness assessment), law enforcement, migration and border control, and the administration of justice.
  • Annex I product safety: AI systems that are themselves a safety component of a product, or are a product, already covered by EU product-safety legislation (such as medical devices, machinery, or vehicles) that requires third-party conformity assessment.

If your system falls into either route, it is high risk and the full obligations apply.

What classification triggers

Once a system is classified as high risk, the provider must put in place:

  • A risk management system across the lifecycle.
  • Data and data governance measures, including for training, validation, and testing data.
  • Technical documentation demonstrating compliance.
  • Automatic record-keeping (logging).
  • Transparency and clear information for deployers.
  • Human oversight measures.
  • Appropriate accuracy, robustness, and cybersecurity.
  • A conformity assessment before the system is placed on the market, and registration in the EU database.

Deployers of high-risk systems have their own duties, including using the system according to instructions, ensuring human oversight, and monitoring its operation.

A narrow exception

There is a limited exception: a system listed in an Annex III area may not be high risk if it does not pose a significant risk of harm to health, safety, or fundamental rights, for example because it performs a narrow procedural task. Providers relying on this must document their assessment, and the exception does not apply where the system profiles individuals.

Why classification matters most

Because the obligations are extensive and tied directly to classification, getting the tier right is the highest-leverage step. Over-classifying wastes effort; under-classifying creates legal exposure. The reliable method is to assess each system against the Annex III categories and the Annex I product rules, document the reasoning, and revisit it when the system or its use changes.

Key terms

Annex III
The list of stand-alone high-risk use cases under the Act.
Annex I
EU product-safety legislation that, when it applies, can pull an AI safety component into high-risk.
Conformity assessment
The procedure to demonstrate that a high-risk AI system meets the Act's requirements before going to market.
Classification
The process of deciding which risk tier a system sits in, based on its use and context.
High-risk obligations
The full set of duties on providers and deployers of high-risk AI systems.

References

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN