Timing note: Annex III high-risk system obligations are expected to be deferred to December 2, 2027 under the Digital Omnibus proposal (still pending). However, August 2, 2026 remains binding for Article 50 transparency, GPAI obligations, and enforcement authority. Begin Annex III compliance work now because the documentation and conformity assessment process takes 3-6 months for most organizations.
Which systems are Annex III high-risk?
Annex III lists eight categories of high-risk AI systems. Within each category, specific use cases are enumerated. Being in a category does not automatically mean high-risk: the key test is whether the system poses a significant risk to health, safety, or fundamental rights.
Annex III Categories
- 1. Biometrics — Remote biometric identification, biometric categorization, emotion recognition in law enforcement, border control, workplace, educational settings
- 2. Critical infrastructure — AI in management of road traffic, water, gas, heating, electricity, critical digital infrastructure
- 3. Education and vocational training — AI determining access to educational institutions, evaluating students, monitoring students during exams
- 4. Employment and workers — AI for recruitment, candidate screening, employment decisions, task allocation and monitoring
- 5. Essential private and public services — AI for credit scoring, insurance risk assessment, emergency services prioritization, benefits eligibility
- 6. Law enforcement — AI used to assess recidivism risk, lie detection, crime prediction, evidence analysis
- 7. Migration, asylum, border control — AI for visa assessment, asylum decisions, border crossing risk assessment
- 8. Administration of justice — AI used by courts to research facts, apply law, or alternative dispute resolution
Notably, AI systems that are safety components of products regulated under other EU harmonization legislation (medical devices, aviation, vehicles) are also treated as high-risk under the Act.
The Annex III compliance obligations in full
1. Risk management system Provider
- Establish, implement, document, and maintain a risk management system throughout the AI lifecycle
- Identify and analyze known and foreseeable risks associated with the system
- Evaluate risks that may emerge based on analysis of post-market monitoring data
- Adopt suitable risk management measures, giving priority to elimination and reduction over protection
- Test the system against predefined metrics and probabilistic thresholds appropriate to the intended purpose
2. Data and data governance Provider
- Training, validation, and testing datasets must be subject to data governance practices
- Document the design choices for training, data collection, and labeling methodologies
- Assess data relevance, representativeness, and freedom from errors
- Identify and address possible biases that could affect health, safety, or fundamental rights
- When special category data is used for bias detection, specific safeguards apply
3. Technical documentation Provider
- Prepare technical documentation before placing the system on the market
- Annex IV specifies the minimum required content: general description, detailed description, monitoring/testing, competent body declarations
- Documentation must be kept up to date throughout the lifecycle
- Must be made available to national competent authorities on request
4. Logging and record-keeping Provider + Deployer
- High-risk AI systems must automatically generate logs throughout operation
- Logs must enable monitoring of operation throughout the system's lifetime
- Providers must keep logs for at least six months after placing on market (or deploying)
- Deployers must keep logs generated during use for at least six months
5. Transparency and provision of information to deployers Provider
- Provide instructions for use that allow deployers to understand capabilities and limitations
- Describe the level of accuracy, robustness, and cybersecurity, and any known limitations
- Provide information on the human oversight measures appropriate to the system
- Describe the changes to the system that have been planned and subject to prior conformity assessment
6. Human oversight Provider + Deployer
- Systems must be designed to be effectively overseen by natural persons during use
- Providers must build in tools enabling oversight persons to understand capabilities, monitor, detect anomalies, and intervene
- Deployers must assign human oversight to persons with competence, training, and authority
- Where appropriate, oversight persons must have the ability to disregard, override, or interrupt the system
7. Accuracy, robustness, and cybersecurity Provider
- System must achieve appropriate levels of accuracy for intended purpose, specified in technical documentation
- Must be designed to be resilient to errors, faults, and inconsistencies within the system and environment
- Must be resilient against attempts by third parties to alter use, output, or performance (adversarial robustness)
- Technical security measures must prevent unauthorized access, modification, or interference
8. Quality management system Provider
- Providers must implement a QMS appropriate to the size of their organization
- QMS must cover: strategy, design procedures, data practices, risk management, post-market monitoring, incident reporting, stakeholder communication
- QMS documentation must be available for market surveillance authorities
- For SMEs: simplified QMS elements are permitted but the obligations still apply
9. Conformity assessment Provider
- Most Annex III systems require internal conformity assessment (self-assessment against Annex VI)
- Exceptions requiring third-party notified body assessment: real-time remote biometric identification systems, and some law enforcement AI
- Conformity assessment must be completed before placing on market
- Documented in the technical file; results kept for ten years
10. Registration Provider
- Providers must register high-risk AI systems in the EU AI Act database before placing on market
- Registration requires a summary of technical documentation and the conformity declaration
- Updates to registration required when significant changes are made to the system
- The EU AI Office manages the registration portal at euaiact.eu
11. Post-market monitoring Provider + Deployer
- Providers must establish a post-market monitoring system proportionate to risk
- Must actively and systematically collect, document, and analyze data on performance after deployment
- Deployers must report serious incidents and malfunctions to providers without undue delay
- Providers must report serious incidents and non-compliance to national market surveillance authorities within 15 days
Deployer-specific obligations
Deployers of high-risk AI systems (organizations that use a provider's system in their own operations) have their own direct obligations:
- Use systems in accordance with provider instructions
- Conduct a fundamental rights impact assessment before deploying systems that affect persons
- Implement human oversight measures described by the provider
- Monitor performance and report anomalies to the provider
- Keep logs generated during use for at least six months
- Inform employees or their representatives when the system affects them
- Register in the EU AI Act database (for deployers using systems for law enforcement, migration, or justice purposes)
The timeline for Annex III compliance
Even with a possible December 2027 deferral for Annex III full obligation, the practical timeline for compliance is:
- Now: Complete system inventory, classify against Annex III categories, identify whether you are a provider or deployer for each system
- Q3 2026: Begin technical documentation and risk management system setup for systems most likely to be in scope
- Q1-Q2 2027: Complete conformity assessments, establish QMS, set up post-market monitoring
- Q3 2027: Register in EU AI Act database, complete final review, deploy compliant versions
- December 2, 2027: Full Annex III obligations in force (expected, pending Digital Omnibus)