Este artigo está disponível apenas em inglês no momento.
EU AI Act Annex III: The Complete List of High-Risk AI and What It Means for Your Organisation
Annex III defines the eight categories of high-risk AI under the EU AI Act. This is the definitive guide to what is in scope, which obligations apply, and how to determine if your AI is high-risk.
Key Takeaways
Annex III lists eight categories of high-risk AI. The categories are: (1) biometric identification, (2) critical infrastructure, (3) education, (4) employment, (5) essential private/public services, (6) law enforcement, (7) migration and asylum, (8) administration of justice. Most enterprise AI that affects individuals falls within Category 4 or 5.
High-risk classification depends on both the AI system itself AND the context of use. The same AI technology may be high-risk in one deployment context and not high-risk in another — the classification must be done for each specific use case.
The AI Act Omnibus update (May 2026) delayed the Annex III compliance deadline for most categories from 2 August 2026 to 2 December 2027 — but governance work should begin now as conformity assessment takes 6-18 months.
High-risk AI providers must: conduct conformity assessment, maintain technical documentation, register in the EU AI Act database, implement quality management system, conduct post-market monitoring, and report serious incidents.
High-risk AI deployers must: implement human oversight, maintain logs for at least 6 months, conduct fundamental rights impact assessment (in some contexts), report serious incidents, and inform individuals that AI is being used to assess them.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
The eight Annex III categories in full
Category 1 — Biometric identification and categorisation: AI used for real-time remote biometric identification in publicly accessible spaces (subject to specific law enforcement exceptions and member state authorisations), post-remote biometric identification systems used by law enforcement, and AI used to categorise individuals based on biometric data according to sensitive attributes (race, political opinions, religion, sexual orientation). Note: emotion recognition AI and biometric categorisation for narrow private purposes (unlocking your own phone) are not in this category.
Category 2 — Critical infrastructure: AI used as a safety component in the management or operation of critical digital infrastructure (electricity grids, water systems, transport networks), road traffic management, and the supply of water, gas, heating, or electricity. The key is that the AI must be safety-critical — AI used for optimisation or efficiency is not automatically in this category.
Category 3 — Education and vocational training: AI used to determine access to or assignment to educational and vocational training institutions, to assess learning outcomes in ways that affect students' educational pathways, to evaluate competence of students in ways that affect their future, and to monitor students during assessments. AI used to support teaching or assist students with learning is generally not high-risk under this category.
Category 4 — Employment, workers management, and access to self-employment: AI used to make employment decisions including recruitment and selection (shortlisting), decisions about promotion, termination of employment relationships, allocation of tasks, monitoring and evaluation of performance, decisions about access to self-employment opportunities. This is the category that affects the largest number of enterprise AI deployments — virtually any AI used in HR that affects employment decisions is high-risk.
Category 5 — Access to essential private services and essential public services and benefits: AI used to assess creditworthiness and credit scoring (with limited exceptions), AI used in life and health insurance risk assessment and pricing, AI used to assess eligibility for welfare benefits and social services, AI used in emergency services dispatch, and AI used in access to education. This category captures most financial services AI that affects customer outcomes.
Category 6 — Law enforcement: AI used as polygraphs and similar tools, AI used to assess reliability of evidence, AI used to predict the likelihood of an individual committing a criminal offence, AI used for profiling in investigations. Significant restrictions apply to law enforcement AI and many applications are prohibited rather than merely high-risk.
Category 7 — Migration, asylum, and border control management: AI used to assess risks related to individuals applying for visas or asylum, AI used in border control, and AI used to detect document authenticity.
Category 8 — Administration of justice and democratic processes: AI used to assist judicial authorities in researching and interpreting facts and the law, AI used in dispute resolution, and AI used to influence elections and voting behaviour.
Is your AI high-risk? The assessment framework
Step 1: Identify the use case specifically. High-risk classification is use-case specific, not technology specific. A large language model is not inherently high-risk — but the same model used to screen job applicants is high-risk under Category 4. Step 2: Map the use case against Annex III categories. Read each category carefully and consider whether your specific use case falls within it. The categories have definitional text in the AI Act that must be read alongside Annex III. Step 3: Consider whether any exclusions apply. The AI Act excludes AI used solely for narrow procedural purposes, AI used to detect fraud, and AI that is intended to be a preparatory element for a human decision (with genuine human review) in some contexts. Step 4: Document your assessment. Whether your conclusion is that the AI is or is not high-risk, document the assessment with reasoning. This documentation is necessary for due diligence, for regulatory inquiry, and for internal accountability.