What is required for AI Act compliance?

Determine if system falls under Article 6(1) or Annex III categories; Document classification rationale; If high-risk: full conformity assessment (Article 43); If not high-risk: assess transparency obligations (Article 50)

AI Act

AI Act High-Risk Classification: Annex III Categories and How to Determine if Your AI System Qualifies

Name: EU Regulatory Enforcement Corpus
Creator: Fontvera
Published: 2026-04-10
License: https://fontvera.eu/terms
Keywords: AI Act, enforcement, compliance

Is your AI system high-risk under the EU AI Act? Check Annex III categories, classification criteria, and sector-specific guidance. Free diagnostic tool included.

Export PDF (Pro)

At a glance

Who this applies to

Any organization providing or deploying an AI system in the EU market that may fall under Annex III high-risk categories.

Deadline

August 2, 2026. Systems must be classified and compliant before market placement.

What you must have

Determine if system falls under Article 6(1) or Annex III categories
Document classification rationale
If high-risk: full conformity assessment (Article 43)
If not high-risk: assess transparency obligations (Article 50)

days until AI Act high-risk systems deadline

2026-08-02

Not sure if your AI system is high-risk? Take the 5-minute diagnostic

Intelligence briefing

Who this applies to

This obligation applies to providers (including developers) and deployers of high-risk AI systems as defined under Article 6(1), as well as importers and distributors per Article 2(2). Relevant sectors include AI systems used in critical infrastructure, education, employment, essential private/public services, law enforcement, migration, and justice (Annex III).

What is required

Risk management system: Establish, implement, and document a continuous risk management process per Article 9(1).
Data governance: Ensure training, validation, and testing datasets meet quality criteria (relevance, representativeness, bias mitigation) under Article 10(1-5).
Technical documentation: Compile and maintain documentation demonstrating compliance with Article 11(1), including design, development, and performance metrics.
Record-keeping: Maintain logs automatically generated by the high-risk AI system per Article 12(1), covering at minimum the period defined in Article 12(2).
Transparency obligations: Provide clear, accessible information to users per Article 13(1-3), including system capabilities/limitations and human oversight requirements.
Human oversight: Design systems to enable effective human monitoring per Article 14(1-4), including technical measures for intervention.
Accuracy, robustness, and cybersecurity: Ensure resilience against attacks and malfunctions per Article 15(1-3), including adversarial testing where applicable.
Conformity assessment: Undergo third-party assessment (for most high-risk systems) or self-assessment (limited exceptions) per Article 43(1-3).

Key deadlines

The primary deadline for this obligation is August 2, 2026.

Enforcement patterns

AI Act enforcement begins August 2, 2026. No precedent currently exists. This page will be updated as enforcement cases emerge.

(Cross-border considerations section intentionally omitted due to lack of jurisdiction-specific implementation data in the provided context.)

Cross-reference intelligence

No AI Act article citations in corpus yet. AI Act entered into force August 2024. Article 50 transparency obligations take effect 2 August 2026; Annex III high-risk obligations are expected 2 December 2027 (pending Digital Omnibus formal adoption). This section will populate as citations accumulate.

Analogous GDPR articles

GDPR article citations that relate to this AI Act topic and may inform enforcement patterns.

Article	Citations	Top Countries	Most Co-Cited
GDPR Art. 6	2417	ES (623), IT (422), BE (181)	GDPR Art. 5(1)(a), GDPR Art. 13, GDPR Art. 5
GDPR Art. 7	336	IT (96), ES (40), AT (39)	GDPR Art. 13, GDPR Art. 6, GDPR Art. 12

Regulatory framework

AI Act: Implementation timeline — key dates for compliance

EU · ai_office · 2026-03-24 · aio-implementation-timeline

AI Act: Implementation timeline — key dates for compliance AI Act implementati

AI Act: Prohibited AI practices (Article 5) — effective from February 2025

EU · ai_office · 2026-03-24 · aio-prohibited-practices

AI Act: Prohibited AI practices (Article 5) — effective from February 2025 Practices

AI Act: Requirements for high-risk AI systems (Articles 8-15)

EU · ai_office · 2026-03-24 · aio-high-risk-requirements

AI Act: Requirements for high-risk AI systems (Articles 8-15) Requirements High-ris

AI Act: Risk Classification — How to determine if your AI system is high-risk

EU · ai_office · 2026-03-24 · aio-risk-classification

AI Act: Risk Classification — How to determine if your AI system is high-risk Classification

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence

EU · ai_office · 2026-03-24 · aio-ai-act-overview

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence Act The EU AI Act (Regulation 2024/1689) is the worl

Cross-regulatory overlap

ESMA: DORA — Digital Operational Resilience Act for the Financial Sector

EU · esma · 2026-03-23 · esma-dora-digital-resilience

ESMA: DORA — Digital Operational Resilience Act for the Financial Sector ESMA: DORA — Digital Operational Resilience Act for the Financial Sector Cate

ENISA: Multilayer Framework for Good Cybersecurity Practices for AI

EU · enisa · 2026-03-24 · enisa-multilayer-framework-for-good-cybersecurity-practices-for-ai

ENISA: Multilayer Framework for Good Cybersecurity Practices for AI ENISA: Multilayer Framework for Good Cybersecurity Practices for AI

EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data i

EU · edpb · 2026-03-18 · Opinion 28/2024

EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models EDPB Opinion 28/2024 on

ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems

EU · enisa · 2026-03-23 · enisa-ai-cybersecurity

ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems Category

ENISA: AI an opportunity for the EU cyber crisis blueprint - Report

EU · enisa · 2026-03-24 · enisa-ai-an-opportunity-for-the-blueprin-report

ENISA: AI an opportunity for the EU cyber crisis blueprint - Report ENISA: AI an opportunity for the EU cyber crisis blueprint - Report

ENISA: Cybersecurity of AI and Standardisation

EU · enisa · 2026-03-24 · enisa-cybersecurity-of-ai-and-standardisation

ENISA: Cybersecurity of AI and Standardisation ENISA: Cybersecurity of AI and Standardisation

Sources (13)

AI Act: Implementation timeline — key dates for compliance (ai_office, EU)
AI Act: Prohibited AI practices (Article 5) — effective from February 2025 (ai_office, EU)
AI Act: Requirements for high-risk AI systems (Articles 8-15) (ai_office, EU)
AI Act: Risk Classification — How to determine if your AI system is high-risk (ai_office, EU)
EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence (ai_office, EU)
ESMA: DORA — Digital Operational Resilience Act for the Financial Sector (esma, EU)
ENISA: Multilayer Framework for Good Cybersecurity Practices for AI (enisa, EU)
EDPB Opinion 28/2024 on certain data protection aspects related to the processin (edpb, EU)
ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems (enisa, EU)
ENISA: AI an opportunity for the EU cyber crisis blueprint - Report (enisa, EU)
ENISA: Cybersecurity of AI and Standardisation (enisa, EU)
ENISA: Cyber Insurance - Models and methods and the use of AI (enisa, EU)
ENISA: Interoperable EU Risk Management Framework (enisa, EU)

Get the complete AI Act compliance checklist as a PDF

Mapped to enforcement precedents and cross-referenced against 1.2 million regulatory citations. Free.

We'll email you the PDF. No spam. Unsubscribe anytime.

Get unlimited briefings on Fontvera Pro — or browse all intelligence briefings