What is Annex III of the EU AI Act?

Annex III is the list of high-risk AI systems under the EU AI Act. It contains eight categories: biometrics, critical infrastructure, education and vocational training, employment, access to essential services, law enforcement, migration / asylum, and administration of justice / democratic processes.

What happens if my agent is classified as high-risk under Annex III?

All the Title III Chapter 2 obligations apply: risk management (Art. 9), data governance (Art. 10), technical documentation (Art. 11), recordkeeping (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy/robustness/cybersecurity (Art. 15), and conformity assessment (Articles 43, 47).

Deep dive

Annex III high-risk: five questions that decide whether your agent is in scope

Most agentic AI workflows in production end up high-risk under Annex III. Here are the five concrete questions to ask of your agent — answer yes to any, and the EU AI Act's Article 9 obligations bind.

By Dipankar Sarkar June 1, 2026 4 min read

eu-ai-actannex-iiihigh-riskclassificationscope

Annex III of the EU AI Act lists the eight categories of high-risk AI systems — the ones subject to the full set of Title III Chapter 2 obligations. For agent builders, the question every project starts with is: “are we high-risk?” The answer is more often yes than teams expect.

This article gives you the five questions that decide it, plus the practical follow-ups if any of them lands as yes.

The five questions #

For each, if you answer yes, your agent is likely high-risk under Annex III. The categories are paraphrased; see the full text of Annex III for the exact scope language.

1. Does the agent influence access to credit, insurance, or essential financial services? #

Annex III, point 5(b). This covers:

AI used in evaluating the creditworthiness of natural persons or establishing their credit score.
AI used in risk assessment and pricing of life and health insurance for natural persons.
AI used in emergency credit decisions (e.g. fast-decisioning lending).

Most agentic AI in financial services hits this. Even if the agent doesn’t make the final decision — even if a human approves — “influence” is the bar.

2. Does the agent influence employment, worker management, or access to self-employment? #

Annex III, point 4. This covers:

AI for recruitment and selection (advertising, screening, evaluating candidates).
AI for employment decisions (promotion, termination, task allocation, monitoring).
AI for performance evaluation and behaviour analysis.

HR-domain agents are nearly always high-risk. Even an “interview prep” agent that ranks candidates is in scope.

3. Does the agent influence access to essential private services or public services? #

Annex III, point 5. Three sub-categories beyond credit (already covered above):

AI evaluating eligibility for public assistance and benefits.
AI used by emergency response services to dispatch / prioritise.
AI used in life or health insurance decisions.

Public-sector agents and benefits-eligibility agents are squarely here.

4. Does the agent affect health, safety, or critical infrastructure? #

Annex III, points 1, 2. This covers:

AI as a safety component of products covered by EU harmonisation legislation (toys, medical devices, machinery, etc.).
AI used in the operation and management of critical infrastructure (water, gas, heat, electricity, traffic).

Healthcare diagnostic copilots are in this group. Clinical decision support is in this group. Anything bordering on a medical device crosses into MDR/IVDR territory in addition.

5. Does the agent influence law enforcement, migration, justice, or democratic processes? #

Annex III, points 6, 7, 8. This covers a wide set of public-sector agents: case prioritisation in police work, asylum and visa processing, court decision support, election information. Most private-sector agents won’t be here.

What “in scope” actually means #

If any of the five lands as yes, Title III Chapter 2 obligations apply:

Article 9 — continuous risk management.
Article 10 — data and data governance.
Article 11 — technical documentation (Annex IV).
Article 12 — recordkeeping (the audit log).
Article 13 — transparency to users.
Article 14 — human oversight (HITL on the agent’s decisions).
Article 15 — accuracy, robustness, cybersecurity.
Article 16 — quality management system.
Article 43/47 — conformity assessment, either through internal control (Article 43) or with notified body involvement (specific cases).

The runtime side of all of these is what the agent’s compliance plane (Regulus or equivalent) delivers. The documentary side (technical documentation under Annex IV, the QMS) is your governance team’s deliverable.

The Article 6(3) carve-out #

There’s one important nuance. Article 6(3) provides that an AI system referred to in Annex III is not high-risk if it does not pose a significant risk to fundamental rights — for example, because the AI performs a narrow procedural task, or improves the result of a previous human activity, or is purely preparatory.

This carve-out is narrow and the deployer must document the assessment. The Office’s GPAI Code of Practice guidance explicitly warns against using 6(3) to opt out of obligations for an agent that materially influences a decision.

For most agentic AI making business decisions, the 6(3) carve-out doesn’t apply. The agent isn’t doing a “narrow procedural task” if it’s deciding credit, evaluating candidates, or assessing eligibility — those are the substantive decisions Annex III targets.

What to do if you’re high-risk #

Three immediate steps:

Document your Annex III classification. Write down which point you fall under, with reasoning. This becomes part of your Annex IV technical documentation.
Activate the EU AI Act profile in your agent. In Regulus, regulus.profiles += eu-ai-act. The Article 9 audit events start landing in your chain.
Plan for the conformity assessment. Most internal-control assessments under Article 43 don’t require a notified body, but they do require the technical documentation pack. Allow 4–8 weeks for first-time pack assembly.

The full operational walkthrough is in the EU AI Act profile page. The cornerstone article on Article 9 is here.