EU AI Act glossary

High-Risk AI System

A high-risk AI system is an AI system that falls under Annex III of the EU AI Act, subject to the full set of provider obligations including Annex IV technical documentation, conformity assessment, and registration in the EU database.

Last updated 17 June 2026

Definition

A high-risk AI system is any AI system listed in Annex III of the EU AI Act (Regulation (EU) 2024/1689). These systems are deemed to pose significant risk to health, safety, or fundamental rights when used as intended.

The designation triggers the full stack of provider obligations under Chapter III of the Act.

Annex III categories

Annex III lists eight product areas in which AI systems are classified as high-risk:

  1. Biometric identification and categorisation — remote biometric identification, emotion recognition, biometric categorisation
  2. Critical infrastructure — AI used in management of roads, water, gas, heating, electricity, digital infrastructure
  3. Education and vocational training — systems that determine access, admission, assignment, or assessment
  4. Employment, workers management and access to self-employment — recruitment, selection, promotion, termination, task allocation, monitoring
  5. Access to essential private and public services — credit scoring, insurance risk assessment, benefits eligibility
  6. Law enforcement — individual risk assessment, lie detection, evidence reliability, crime prediction
  7. Migration, asylum, and border control — risk assessment, document examination, visa/asylum decisions
  8. Justice and democratic processes — research or interpretation of the law, alternative dispute resolution

Category 4(a) — HR tech and recruitment

The category most relevant to SaaS companies building AI tools for HR includes:

  • Automated screening of job candidates
  • Ranking of candidates based on assessment
  • Evaluation during interviews
  • Employee monitoring and performance assessment systems

Any AI system used to assist in hiring, promotion, or termination decisions falls here, even when a human makes the final decision.

Provider obligations for high-risk AI

When a system is classified as high-risk, the AI provider must:

  • Implement a quality management system (Article 17)
  • Draw up Annex IV technical documentation before placing the system on the market (Article 11)
  • Enable logging and post-market monitoring (Articles 12 and 72)
  • Register the system in the EU database (Article 71)
  • Affix CE marking and draw up an EU declaration of conformity (Articles 48–49)
  • Undergo conformity assessment (Article 43)

→ Discover if your system qualifies and which documentation gaps you have with the free Readiness Check.

Check your Annex IV coverage

Nine questions. Two minutes. See exactly which sections of your technical file are missing evidence.

Run the free readiness check