Is every chatbot a high-risk AI system?

No. General-purpose chatbots are limited-risk and only need to disclose that the user is interacting with an AI (Article 50). Chatbots become high-risk only if they fall within an Annex III area — for example, a chatbot used for creditworthiness scoring.

Are open-source AI systems exempt?

Open-source AI is partially exempt from provider obligations (recital 102 and Article 2(12)), but the exemption does not apply when the system is placed on the market or put into service as a high-risk system, a prohibited system, or where transparency obligations apply.

Who decides whether a system is high-risk?

The provider performs the classification and documents it. National market surveillance authorities and the AI Office can challenge that assessment, and getting the call wrong is a Tier 2 infringement.

Does AI used purely internally for HR fall under Annex III?

Yes if it is used for recruitment, candidate filtering or evaluation, promotion or termination decisions, task allocation, or performance monitoring. Internal use does not exempt it.

What is a Fundamental Rights Impact Assessment (FRIA)?

A documented assessment public-sector deployers and certain banking and insurance deployers must complete before first use under Article 27. It covers the deployment context, affected persons, foreseeable risks, and risk mitigation.

Can deployers be fined too, or only providers?

Both. Tier 2 fines under Article 99 explicitly cover deployer obligations, including failures to use the system per instructions, perform human oversight, complete a FRIA where required, or report serious incidents.

Last reviewed: May 2026 · 11 min read

High-Risk AI Systems Under the EU AI Act: The Complete Annex III Guide

What counts as a high-risk AI system

Two routes lead to a high-risk classification. Route 1 (Article 6(1)): the AI system is a safety component of, or itself is, a product covered by the EU harmonisation legislation listed in Annex I (medical devices, machinery, toys, lifts, radio equipment, in-vitro diagnostics, civil aviation, automotive, marine equipment and others) and is required to undergo third-party conformity assessment. Route 2 (Article 6(2)):the system is intended for use in one of the eight areas listed in Annex III.

The eight Annex III categories

Biometrics — remote biometric identification (other than verification), biometric categorisation by sensitive attributes, and emotion recognition outside the prohibited contexts.
Critical infrastructure — AI used as a safety component in the management and operation of digital infrastructure, road traffic, and the supply of water, gas, heating or electricity.
Education and vocational training — admissions decisions, evaluating learning outcomes, assessing the appropriate level of education for an individual, and monitoring prohibited behaviour during tests.
Employment, workers management and access to self-employment — recruitment, candidate filtering, evaluating candidates, decisions on promotion or termination, task allocation, and monitoring and evaluating performance.
Access to essential private and public services — public benefit eligibility, creditworthiness scoring (except for fraud detection), risk assessment and pricing for life and health insurance, and emergency call dispatch and triage.
Law enforcement — assessing the risk of a person becoming a victim, polygraphs, evaluating the reliability of evidence, profiling, and crime analytics.
Migration, asylum and border control — polygraphs, risk assessments relating to migration, examination of applications for asylum or visa, and detection or recognition of natural persons at borders (except for travel document verification).
Administration of justice and democratic processes — assisting judicial authorities in researching and interpreting facts and law, and influencing the outcome of elections or referenda or voting behaviour.

The Article 6(3) exemption

A system in an Annex III category is not high-risk if it does not pose a significant risk of harm to the health, safety or fundamental rights of natural persons. Article 6(3) recognises four specific scenarios: the system performs a narrow procedural task; it improves the result of a previously completed human activity; it detects decision-making patterns or deviations without replacing human assessment; or it performs a preparatory task. The exemption never applies if the system performs profiling of natural persons. Providers relying on the exemption must document the assessment and register the system in the EU database before placing it on the market.

Provider obligations for high-risk systems

Providers — the organisation that develops the system or has it developed and places it on the market under its own name — carry the heaviest compliance load:

A documented risk management system running across the full lifecycle (Art. 9).
Data and data governance measures covering training, validation and testing datasets, with bias examination (Art. 10).
Technical documentation meeting the Annex IV requirements (Art. 11).
Automatic record-keeping ("logs") of the system's operation (Art. 12).
Transparency and information to deployers, including instructions for use (Art. 13).
Design for human oversight, including stop functions and explanation capabilities (Art. 14).
Appropriate accuracy, robustness and cybersecurity (Art. 15).
A quality management system (Art. 17).
Conformity assessment before placing on the market, plus an EU declaration of conformity and CE marking (Arts. 43-49).
Registration in the EU database for high-risk AI systems (Art. 49).
Post-market monitoring and serious incident reporting within 15 days (Arts. 72, 73).

Deployer obligations

Deployers — organisations using the system in the EU under their own authority, not for personal non-professional purposes — also carry obligations:

Use the system in accordance with the provider's instructions (Art. 26).
Assign competent and trained natural persons to perform human oversight.
Ensure input data is relevant and sufficiently representative for the intended purpose.
Monitor operation and inform the provider and authority of serious incidents.
Keep logs for at least six months.
Inform affected workers and their representatives before putting the system into service in a workplace.
For public authorities and bodies governed by EU law providing public services, carry out a Fundamental Rights Impact Assessment (FRIA) before first use (Art. 27).

How GPAI integration changes the picture

Many high-risk systems are built on top of general-purpose AI models. The Act allocates responsibility: the GPAI provider supplies technical documentation, capabilities and limitations information so the downstream provider can meet its high-risk obligations. Downstream providers cannot offload their obligations onto the GPAI provider, but they can rely on documented assumptions about the upstream model.

A practical classification flow

Is the system a safety component of a product listed in Annex I that requires third-party conformity assessment? If yes → high-risk under Article 6(1).
Is it intended for use in any of the eight Annex III areas? If no → not high-risk (but check whether it falls under prohibited practices or limited-risk transparency obligations).
Does it perform profiling of natural persons? If yes → high-risk, no exemption available.
If no profiling, does it fall within one of the four Article 6(3) exemption scenarios? If yes → document the assessment, register in the EU database, classify as not high-risk.
Otherwise → high-risk; full provider or deployer obligations apply.

When obligations actually apply

High-risk obligations apply from 2 August 2026 for systems falling under Annex III, and from 2 August 2027 for systems that are safety components of Annex I products. Systems placed on the market before those dates are subject to transitional provisions; see the full EU AI Act enforcement timeline for milestones.