GreyScape.ai

Compliance

Annex III explained: which AI systems are high-risk under the EU AI Act

A practitioner's walk-through of the eight Annex III categories — what the EU AI Act actually means by 'high-risk', with concrete SaaS examples and the borderline cases that catch most companies out.

GreyScape.ai Published 10 June 2026 7 min read

Annex III of the EU AI Act lists eight categories of AI use that the legislators deemed high-risk. If any of your AI systems land here, roughly 80% of the Act's substance applies to you — risk management, technical documentation, human oversight, post-market monitoring, FRIA, the lot.

The categories sound abstract in the legislation. In practice they catch a lot of common SaaS surfaces. This guide walks through each one with concrete examples and flags the borderline cases that catch most companies out.

For the wider picture, see our EU AI Act compliance guide for SaaS.

1. Biometric identification and categorisation of natural persons

The category covers: AI systems that identify, verify, or categorise people based on biometric data — face, fingerprint, voice, gait, retina.

SaaS examples that land here:

  • Voice-biometric authentication in a call-centre platform
  • Face-match verification at account opening in a fintech
  • Emotion-recognition features in a customer-service tool (with narrow carve-outs)
  • Gait or movement analysis in physical-security platforms

Borderline cases:

  • Simple liveness checks at sign-up — generally limited risk, not high-risk
  • Voice-print used purely for noise cancellation — not "identification or categorisation"
  • Photo-tagging in consumer apps — depends on whether the model identifies named individuals or just categorises objects

2. Critical infrastructure management

The category covers: AI used as a safety component of critical digital infrastructure, road traffic management, or the supply of water, gas, heating, or electricity.

SaaS examples that land here:

  • Network anomaly detection in a telecoms operator's SOC
  • Power-grid load forecasting at a utility
  • Traffic-signal optimisation in a city's traffic-management system
  • DDoS mitigation as a safety control for a cloud platform

Borderline cases:

  • Generic IT monitoring — usually not "safety component of critical infrastructure"
  • Customer-facing dashboards for utility billing — not high-risk; these don't manage the supply
  • Telecoms churn prediction — not high-risk; doesn't manage the network

3. Education and vocational training

The category covers: AI used to determine access to education or training, evaluate learning outcomes, score exams, or monitor student behaviour for assessment purposes.

SaaS examples that land here:

  • Admissions-screening AI used by universities or training providers
  • Automated essay scoring or oral-exam evaluation
  • Online proctoring platforms (the AI-driven flagging, not the video stream alone)
  • Adaptive learning platforms where the AI directly determines progression

Borderline cases:

  • Recommender systems suggesting next courses — usually limited risk, not high-risk
  • Plagiarism detection alone — limited risk
  • Tutoring chatbots — limited risk, but Article 50 transparency duties apply

4. Employment, workers' management, and access to self-employment

The category covers: AI used in recruitment, candidate filtering, performance evaluation, task allocation, monitoring of workers, or termination decisions.

SaaS examples that land here:

  • CV-screening models used by recruiters
  • AI-driven interview scoring (audio, video, or text analysis)
  • Algorithmic task allocation in gig-economy platforms
  • Performance scoring tools used by people-management teams
  • Productivity monitoring AI that drives consequential decisions

This is the category that catches the most SaaS by surprise — particularly the recruitment and people-tech vendors. If your product is used by a hiring team and your AI features influence who gets interviewed, hired, promoted, or fired, you are operating a high-risk AI system.

Borderline cases:

  • Resume keyword search alone — generally not high-risk (it's deterministic, not AI in the Act's sense)
  • Internal anti-fraud tools used by HR — depends on whether decisions affect access to employment
  • Performance dashboards that summarise data without recommending action — usually limited risk

5. Access to essential private and public services and benefits

The category covers: AI used in credit scoring, insurance pricing or fraud detection, emergency dispatch prioritisation, or evaluation of eligibility for public welfare.

SaaS examples that land here:

  • Credit-decisioning models at a fintech, neobank, or lender
  • Insurance underwriting and pricing AI
  • Anti-money-laundering models that affect account access
  • Emergency triage AI used by ambulance services
  • Public-benefits eligibility scoring tools

Borderline cases:

  • Fraud detection at a regular SaaS account level — usually not high-risk, but if you're denying access to a banking or insurance service, yes
  • Marketing personalisation in financial services — not high-risk
  • Customer-support intent classification — not high-risk unless it drives access to a service

6. Law enforcement

The category covers: AI used by or on behalf of law enforcement for individual risk assessment, polygraph functionality, evidence reliability assessment, or crime prediction.

SaaS examples that land here:

  • Predictive-policing platforms
  • AI-driven evidence analysis tools used by police forces
  • Risk-scoring AI for recidivism prediction
  • AI-driven evaluation of witness or victim credibility

Most B2B SaaS will not touch this category unless they sell to law enforcement directly. If you do — for example a digital-evidence analysis tool — you are deep in the high-risk regime.

7. Migration, asylum, and border control management

The category covers: AI used for security risk evaluation of individuals entering the EU, document verification, asylum processing, or border-control management.

SaaS examples that land here:

  • Document-forensics tools used by border agencies
  • Asylum-processing AI used by national authorities
  • Visa-eligibility scoring systems
  • Polygraph-style AI used at borders

Again, unlikely unless you sell to public bodies. If you do, the obligations are heavy and the political scrutiny is too.

8. Administration of justice and democratic processes

The category covers: AI used by judicial authorities to research, interpret, or apply facts to the law, and AI systems intended to influence electoral outcomes or referendum results.

SaaS examples that land here:

  • Legal-research AI sold to courts (not law firms — the test is judicial use)
  • AI moderation systems for political content platforms (in narrow circumstances)
  • AI tools that flag or rank politically-sensitive content for human review at scale

Borderline cases:

  • Legal-research AI sold to law firms — generally not high-risk
  • Generic content moderation — not high-risk under this clause; transparency duties under Article 50 may still apply

How to use this in your inventory

When walking your AI inventory, the procedure is:

  1. List every AI system (every model, every product feature, every internal AI tool).
  2. For each one, ask: does it fall into any of the eight categories above? Use the concrete examples to anchor the judgement call. Borderline cases get a sentence noting why you classified them where you did — that documentation is part of your defence.
  3. Where it's borderline, lean towards high-risk. The penalty for under-classifying is much worse than the cost of over-applying obligations to one extra system.
  4. Record the classification in your register. Date it, sign it, version it. If your classification changes later because a new feature is added, that's a new register entry — not an edit to history.

GreyScape.ai ships this as a working classification screen with Annex III lookups, status tracking, and a record per system. It plugs into the obligation catalogue (per-Article registers for high-risk systems) and the evidence vault. You can also do it in a spreadsheet — the form of the register matters less than the existence of the register.

What's next

If you land in any Annex III category, the next move is the full obligation map: Articles 9-17, Article 27 (FRIA), and Article 72 (post-market monitoring). The main compliance guide walks the full 90-day plan. The FRIA template guide covers Article 27 in detail. For the transparency duties that apply across all tiers, see Article 50 transparency rules.

The single highest-leverage action this week: spend two focused hours inventorying every AI system and applying this guide to each one. By Friday you'll know which ones are high-risk. By the end of next week you'll have a real compliance picture.

Next step

See the EU AI Act compliance layer in action

GreyScape.ai ships the working operational layer — per-system register, obligation catalogue, evidence vault, FRIA template, Article 50 triggers, one-click audit pack — at $3/user/month.

Explore EU AI Act readiness Try the demo

Related reading

Compliance

The EU AI Act for SaaS: A 2026 Compliance Guide

A working compliance plan for SaaS companies with 53 days to the first big enforcement deadline. What the EU AI Act covers, which obligations actually hit you, and the 90-day plan to get a defensible position by 2 August 2026.

Read

Compliance

EU AI Act FRIA template: how to write a Fundamental Rights Impact Assessment

A working FRIA template for Article 27 of the EU AI Act, with the seven sections, what to put in each, and a worked example for a credit-scoring AI system.

Read

Compliance

Article 50 transparency rules: what to disclose to your users

The three Article 50 duties every SaaS with AI features needs to ship: AI interaction disclosure, synthetic content marking, and deepfake labels. Concrete examples and the UI patterns that work.

Read