AI Act

AI Act High-Risk Systems: Complete List of Annex III Categories with Real-World Examples

Every high-risk AI category under the EU AI Act, mapped to concrete use cases. For compliance teams assessing their AI portfolio.

Export PDF (Pro)
At a glance
Who this applies to
Organizations deploying AI in biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, or justice.
Deadline
August 2, 2026 for new high-risk systems entering the EU market.
What you must have
  • Map each AI system to Annex III categories
  • Classify as high-risk, limited-risk, or minimal-risk
  • For each high-risk system: begin conformity assessment (Article 43)
63
days until AI Act high-risk systems deadline
2026-08-02
Not sure if your AI system is high-risk? Take the 5-minute diagnostic
Intelligence briefing

Who this applies to

This obligation applies to providers (including developers) and deployers (including users) of high-risk AI systems as defined under Article 6(1), as well as importers and distributors under Article 2(2). Obligations extend to public and private organizations operating within the EU or placing high-risk AI systems on the EU market, regardless of their establishment location (Article 2(1)).

What is required

  • Conformity assessment procedure: Conduct a mandatory assessment under Article 43 (for providers) to demonstrate compliance with Articles 8–15 before placing the system on the market or putting it into service.
  • Risk management system: Establish and maintain a system under Article 9(1) to identify, analyze, and mitigate risks throughout the AI system’s lifecycle.
  • Data governance: Implement measures under Article 10 to ensure training, validation, and testing datasets are relevant, representative, and free from biases, with documentation of data collection processes.
  • Technical documentation: Compile and maintain documentation per Article 11, including design specifications, risk assessment reports, and compliance evidence, available to competent authorities upon request.
  • Record-keeping: Retain logs under Article 12 for a minimum of 6 months (or longer if required by sectoral law) to enable traceability of AI system operations.
  • Transparency obligations: Provide clear instructions for use under Article 13(1) and ensure human oversight capabilities as per Article 14.
  • CE marking and registration: Affix the CE conformity mark under Article 48 and register the system in the EU database per Article 60 before market placement.
  • Post-market monitoring: Implement a system under Article 61 to collect and evaluate performance data, report serious incidents to authorities within 15 days (Article 62(2)), and take corrective actions.

Key deadlines

The primary deadline for this obligation is August 2, 2026.

Enforcement patterns

AI Act enforcement begins August 2, 2026. No precedent currently exists. This page will be updated as enforcement cases emerge.

(Section intentionally omitted: No jurisdiction-specific implementation patterns are provided in the structured context for high-risk AI systems under the AI Act.)

Cross-reference intelligence

No AI Act article citations in corpus yet. AI Act entered into force August 2024. Article 50 transparency obligations take effect 2 August 2026; Annex III high-risk obligations are expected 2 December 2027 (pending Digital Omnibus formal adoption). This section will populate as citations accumulate.

Analogous GDPR articles

GDPR article citations that relate to this AI Act topic and may inform enforcement patterns.

ArticleCitationsTop CountriesMost Co-Cited
GDPR Art. 6 2417 ES (623), IT (422), BE (181) GDPR Art. 5(1)(a), GDPR Art. 13, GDPR Art. 5
GDPR Art. 7 336 IT (96), ES (40), AT (39) GDPR Art. 13, GDPR Art. 6, GDPR Art. 12
Regulatory framework
AI Act: Implementation timeline — key dates for compliance
EU · ai_office · 2026-03-24 · aio-implementation-timeline
AI Act: Implementation timeline — key dates for compliance AI Act implementati
AI Act: Prohibited AI practices (Article 5) — effective from February 2025
EU · ai_office · 2026-03-24 · aio-prohibited-practices
AI Act: Prohibited AI practices (Article 5) — effective from February 2025 Practices
AI Act: Requirements for high-risk AI systems (Articles 8-15)
EU · ai_office · 2026-03-24 · aio-high-risk-requirements
AI Act: Requirements for high-risk AI systems (Articles 8-15) Requirements High-ris
AI Act: Risk Classification — How to determine if your AI system is high-risk
EU · ai_office · 2026-03-24 · aio-risk-classification
AI Act: Risk Classification — How to determine if your AI system is high-risk Classification
EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence
EU · ai_office · 2026-03-24 · aio-ai-act-overview
EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence Act The EU AI Act (Regulation 2024/1689) is the worl
Cross-regulatory overlap
EDPB Guidelines 01/2024 on processing of personal data based on Article 6(1)(f) GDPR (legitimate int
EU · edpb · 2026-03-18 · 01/2024
EDPB Guidelines 01/2024 on processing of personal data based on Article 6(1)(f) GDPR (legitimate interest) EDPB Guidelines 01/2024 on processing of pe
EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data i
EU · edpb · 2026-03-18 · Opinion 28/2024
EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models EDPB Opinion 28/2024 on
ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems
EU · enisa · 2026-03-23 · enisa-ai-cybersecurity
ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems Category
ENISA: Cybersecurity of AI and Standardisation
EU · enisa · 2026-03-24 · enisa-cybersecurity-of-ai-and-standardisation
ENISA: Cybersecurity of AI and Standardisation ENISA: Cybersecurity of AI and Standardisation
ENISA: Artificial Intelligence and Cybersecurity Research
EU · enisa · 2026-03-24 · enisa-artificial-intelligence-and-cybersecurity-research
ENISA: Artificial Intelligence and Cybersecurity Research ENISA: Artificial Intelligence and Cybersecurity Research
ENISA: Cyber Insurance - Models and methods and the use of AI
EU · enisa · 2026-03-24 · enisa-cyber-insurance-models-and-methods-and-the-use-of-ai
ENISA: Cyber Insurance - Models and methods and the use of AI ENISA: Cyber Insurance - Models and methods and the use of AI
Sources (13)

Get the complete AI Act compliance checklist as a PDF

Mapped to enforcement precedents and cross-referenced against 1.2 million regulatory citations. Free.

We'll email you the PDF. No spam. Unsubscribe anytime.

Get unlimited briefings on Fontvera Pro — or browse all intelligence briefings
This is a research tool, not legal advice. Always verify sources and consult a qualified legal professional.
Privacy · Terms · About
🇪🇺 100% European infrastructure · Helsinki 🇫🇮 · Berlin 🇩🇪 · Paris 🇫🇷 · Your data never leaves Europe