High risk classification depends on context, purpose, and decision impact.
This page translates Annex III and the product safety route into examples teams can actually recognize.
Structured answer sets in this page tree.
Cited legal and guidance references.
High risk classification is one of the most misunderstood parts of the AI Act because teams often look only at model capability. The Act instead focuses on the use case, the protected interests at stake, and in some routes the product law context. These examples are not legal advice, but they reflect the structure of Annex III and Article 6.
The most sensitive categories sit close to state power, identity, and rights. Annex III covers several biometric, law enforcement, migration and border, justice, and democratic process uses. Many of these uses also carry strong transparency, record keeping, or restricted access rules because of their impact on individuals and on public trust.
Examples include biometric identification and categorisation uses that are permitted rather than prohibited, law enforcement risk assessment or profiling tools, border management credibility or risk tools, and systems supporting judicial decision processes or electoral influence analysis.
Many private sector organizations meet high risk status through Annex III even when they do not think of themselves as regulated AI providers. Education admissions, testing, and evaluation tools can be high risk. Employment tools for recruitment, selection, evaluation, promotion, and termination can be high risk. Essential service decisions in credit, insurance, benefits, and similar contexts can be high risk.
The practical common factor is simple: the system materially influences access to opportunity, income, public services, or comparable rights.
Some systems become high risk because they are safety components of products regulated under Union harmonisation law. Others are high risk because they are used in critical infrastructure where failure could endanger health or safety. Medical devices, machinery, vehicles, and aviation linked products need this route checked carefully.
This is where engineering, safety, and product compliance teams need to work together. The AI Act does not replace sector law. It layers AI specific duties onto those environments.
Article 6 allows a derogation where an Annex III system does not pose a significant risk of harm and does not materially influence decision making. The Act gives examples of narrow procedural tasks and preparatory tasks that may fit this path. But the provider must document the assessment before placing the system on the market or putting it into service and remains subject to registration duties.
This is not a shortcut for weak cases. If the system profiles natural persons, the derogation is unavailable. If the system meaningfully shapes the outcome, the derogation is also unlikely to hold.
Assessment Autopilot can take EU AI Act (Regulation (EU) 2024/1689) High risk use cases from turning this guidance into a repeatable review process to a reusable workflow inside Sorena. Teams working on EU AI Act (Regulation (EU) 2024/1689) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.
Start from EU AI Act (Regulation (EU) 2024/1689) High risk use cases and turn the guidance into owned tasks, evidence requests, and review checkpoints.
Review your current process, evidence gaps, and next steps for EU AI Act (Regulation (EU) 2024/1689) High risk use cases.