Annex III is one of the most consequential parts of the entire EU AI Act, because it is where the abstract idea of high-risk AI becomes a concrete list. While the Act sets out the principle that certain AI uses warrant the strictest treatment, Annex III names the specific use cases that trigger the high-risk regime outside the product-safety route. For most organisations, the question of whether their AI is high-risk comes down to a single exercise: does it serve a purpose listed in Annex III?
How Annex III fits into the Act
The AI Act identifies high-risk systems through two channels. The first covers AI that is a safety component of, or itself is, a product already regulated under existing EU product-safety law. The second is Annex III, a standalone list of use cases in areas where AI can significantly affect health, safety, or fundamental rights. Annex III is the channel that most ordinary businesses encounter, because it captures common applications like hiring tools and credit scoring rather than regulated physical products.
The domains Annex III covers
Annex III groups high-risk use cases into broad areas. These include biometrics; critical infrastructure; education and vocational training; employment, worker management, and access to self-employment; access to and enjoyment of essential private and public services and benefits; law enforcement; migration, asylum, and border control; and the administration of justice and democratic processes. Within each area, the annex specifies the kinds of AI use that qualify — for instance, AI used to evaluate learning outcomes, to screen job applications, or to assess creditworthiness.
Why ordinary businesses are affected
Many organisations assume the high-risk label applies only to dramatic, safety-critical technology. Annex III shows otherwise. A company that uses AI to filter CVs is operating in the employment domain. A lender that uses a model to assess credit applications is in essential services. A training provider that uses AI to grade assessments is in education. None of these feels like “dangerous AI”, yet each is presumptively high-risk under Annex III — which is exactly why a careful check against the list is indispensable.
The mechanics of classification
Classifying a system against Annex III means matching its actual purpose to the use cases the annex describes. The decisive factor is what the system is intended to do, not the sector the company operates in. A retailer using AI for employment decisions is in the employment use case just as much as a recruitment agency. Because the consequences of the high-risk label are substantial, this matching exercise should be deliberate and documented, with the reasoning recorded so it can be revisited if the use changes.
The narrow exception
The Act provides a limited exception: a system that falls within an Annex III use case may not be high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights — for example because it performs a narrow procedural task or merely improves the result of a previously completed human activity. This exception is genuinely narrow and must be assessed and documented carefully; a provider relying on it must register that assessment. It is not a general escape hatch from the high-risk regime.
What follows from an Annex III match
If a system falls within Annex III and the narrow exception does not apply, the full high-risk regime engages. The provider must implement a risk-management system, satisfy data-governance requirements, prepare technical documentation, ensure logging, transparency, human oversight, accuracy, and robustness, and complete a conformity assessment before placing the system on the market. The deployer, in turn, carries duties around oversight and monitoring. In short, an Annex III match is the gateway to the Act’s most demanding obligations.
Annex III can evolve
The list in Annex III is not frozen. The Act gives the Commission the power to amend it — to add use cases, or in some circumstances adjust them — as technology and its risks develop. This means classification is not a one-time exercise: organisations should periodically revisit whether new or amended entries capture uses that were previously outside the list. A system that is not high-risk today could become so if the annex is updated.
Common mistakes
Two errors recur. The first is checking the sector rather than the use case, and wrongly concluding that a company “doesn’t do high-risk AI” because it is not in a regulated industry. The second is over-reliance on the narrow exception to argue a system out of the high-risk category without a rigorous, documented assessment. Both mistakes leave an organisation exposed: the first by missing a genuine obligation, the second by resting compliance on an unsupported claim.
What organisations should do
The practical step is a structured review: list every AI system in use or development, describe each system’s actual purpose, and match it against the Annex III use cases. For matches, assess whether the narrow exception could apply and, if so, document the reasoning thoroughly. For everything that remains high-risk, begin the full compliance programme. Innopulse’s AI Risk Check tool guides DACH organisations through exactly this matching exercise, mapping each use case against Annex III so the classification is both correct and defensible.
Conclusion
Annex III turns the EU AI Act’s high-risk principle into a concrete, checkable list of use cases spanning employment, education, essential services, law enforcement, and more. Because it captures many everyday business applications, and because the consequences of a match are the Act’s most demanding obligations, classifying each AI system against Annex III — carefully, with documented reasoning, and with awareness that the list can change — is the single most important step in determining what the regulation requires.