AI Act: is your system high-risk? A classification guide

·

Since 1 August 2024, Regulation (EU) 2024/1689 on Artificial Intelligence — the so-called AI Act — has been binding law across the European Union. Its most demanding obligations apply in a phased manner: absolute prohibitions entered into force on 2 February 2025, and obligations for high-risk systems will be fully enforceable from 2 August 2026. Only a few months remain. If your company develops, markets or uses artificial intelligence systems, the question you must answer right now is simple but critical: is my AI system high-risk under the Regulation?

This guide walks you through the classification mechanism step by step, with the actual categories from Annex III, concrete examples of systems that do and do not fall within each category, and the obligations that follow if the answer is yes. There are no shortcuts: misclassification — claiming you are not high-risk when you are — exposes your company to fines of up to €30 million or 6% of global turnover (Article 99 AI Act).

What does the AI Act mean by a «high-risk AI system»?

The AI Act distinguishes four risk levels: unacceptable (prohibited), high, limited and minimal. High-risk systems are not prohibited, but they are subject to the most demanding regime: conformity assessment, registration, technical documentation, mandatory human oversight and ongoing risk management.

An AI system is high-risk when it meets one of two conditions (Article 6 AI Act):

  1. Condition A — Regulated product: the AI system is a safety component of a product already subject to EU harmonisation legislation listed in Annex I (machinery, toys, medical devices, vehicles, aircraft, lifts…). In that case the product itself requires third-party assessment.
  2. Condition B — Annex III category: the AI system is used in one of the high-risk use areas exhaustively listed in Annex III of the Regulation.

The vast majority of medium-sized companies that do not manufacture machinery or medical devices fall under the second condition. That is why Annex III is the document you must read.

The eight categories of Annex III: does your system qualify?

Annex III lists eight areas. Within each, it specifies the concrete uses that constitute high risk. The table below summarises the categories with examples of systems that do qualify and systems that fall outside because their use does not generate the risk the Regulation aims to control.

Annex III Category Examples that ARE high-risk Examples that are NOT high-risk
1. Critical infrastructure (energy, water, gas, digital transport) AI system managing the load of an electricity grid; automated railway traffic control Customer-service chatbot of an energy company; end-user consumption dashboard
2. Education and vocational training System that determines access to an educational programme or grades exams with binding effect Adaptive e-learning platform without certified assessment; internal course recommender
3. Employment and worker management CV screening tool that filters candidates autonomously; performance evaluation system that determines promotions or dismissals Job-posting drafting assistant; HR dashboard without binding autonomous decision
4. Access to essential private and public services Credit scoring system; insurance solvency assessment tool; prioritisation of emergency social services Non-binding financial product recommender; informational mortgage calculator
5. Law enforcement Polygraph assessment tool; predictive crime analysis system Internal police case-management software without individual risk assessment function
6. Migration, asylum and border control System assessing irregular immigration risk; lie-detection tool at borders Automatic translator in immigration offices without assessment function
7. Administration of justice and democratic processes AI decision-support system for sentencing; tool for influencing electoral processes Informational case-law search engine without binding recommendation
8. Critical digital infrastructure (added in the final text) AI system for cyber management of essential digital infrastructures (telecoms, critical data centres) Internal server performance monitoring tool without automatic incident classification

Important: Article 6.3 of the AI Act allows providers to opt out of the high-risk regime even if their system fits Annex III, provided they can document that the system poses no significant risk to health, safety or fundamental rights, because it only performs a preparatory task or is a low-impact control activity with little influence on the actual decision. This exclusion is narrow: it requires notification to the competent authority and robust documentation.

The decision flow, step by step

Before concluding whether your system is high-risk, work through this sequence. It is the same flow we follow in our AI Act adaptation service with every client:

Step 1 — Inventory AI systems in use

Many companies use AI embedded in third-party software (CRM with scoring, ERP with demand forecasting, HR platforms with automatic screening) without being aware of it. The first step is to draw up a complete inventory: which systems make decisions or support decisions affecting people.

Step 2 — Identify your company's role

The AI Act distinguishes between provider (who develops or markets the system), deployer (who puts it into operation within their own organisation for their own purposes) and user. Obligations vary by role. A company that buys an off-the-shelf pre-trained recruitment software and uses it to filter candidates is a deployer, not a provider, but still has its own obligations.

Step 3 — Check the specific use against Annex III

It is not enough that the system could be used in a high-risk area: what matters is the intended use and the reasonably foreseeable use (Articles 9 and 13 AI Act). The same AI model can be high-risk if used for personnel selection and not high-risk if used to generate product descriptions.

Step 4 — Evaluate the exclusion clause

If the system falls under Annex III, check whether the exception in Article 6.3 applies: does the system only prepare information without materially influencing the decision? Is there always substantial human review? If both answers are yes, document it and notify the authority.

Step 5 — Apply the corresponding obligations or record the exclusion

If the system is high-risk, activate the compliance plan. If the exception applies, record the assessment and retain evidence.

Concrete use cases in Spanish SMEs

To make the analysis more tangible, here are some systems we regularly encounter in companies with 10 to 250 employees and their classification under the AI Act:

Recruitment software with integrated AI (category 3)

Platforms such as Manatal, Teamtailor or AI modules in proprietary ATS systems that automatically score CVs and propose a shortlist of candidates. If the system has material influence on who advances and who does not, it is high-risk. The deployer must ensure the provider has completed the conformity assessment (CE marking or equivalent under national law) and must establish documented human oversight.

Credit or solvency scoring (category 4)

A fintech or leasing company that uses a proprietary model to approve or reject credit operations falls under Annex III. This requires a conformity assessment, registration in the EU database (Article 71) and complete technical documentation, including a description of training data and bias analysis.

Predictive maintenance planning in industry (category 1)

An industrial plant using AI to predict equipment failures and prioritise maintenance may fall under the critical infrastructure category if the equipment is part of essential supply networks. If it is a private production plant with no connection to critical infrastructure, it probably does not qualify.

Customer-service chatbot in banking

A chatbot that answers questions about balances or financial products, but does not make binding decisions on the granting of credit or insurance, is not high-risk. The limited-risk AI transparency regime applies (Article 50 AI Act): the user must be informed they are interacting with AI.

Obligations for high-risk systems: executive summary

If your system falls under Annex III and the Article 6.3 exclusion does not apply, the main obligations are (Articles 9 to 16 AI Act):

For deployers (companies that use the system but did not develop it), obligations differ but are not trivial: they must verify the provider has completed conformity, assign human oversight, inform workers when systems affecting them are used, and report serious incidents to the competent authority.

If you need help determining whether your system is high-risk and designing the compliance plan, Summum Consultoría has been supporting companies through the most demanding regulatory frameworks since 2007. Our AI Act consultancy team works alongside the group's AI technical team to cover both the legal dimension and the system architecture.

ISO 42001 as a lever for AI Act compliance

Many companies ask whether implementing ISO 42001 (AI Management System) facilitates AI Act compliance. The answer is yes, with nuance. ISO 42001 is not a legal requirement of the AI Act, but its controls — data governance, risk management, human oversight, system documentation — are directly aligned with Articles 9 to 16 of the Regulation. Having the ISO 42001 management system in place significantly reduces the effort required to prepare the Annex IV technical documentation and demonstrate ongoing risk management.

The ISO 42001 certification track belongs to Summum Calidad, with whom we collaborate on joint projects when the client needs both the standard certification and regulatory compliance simultaneously. From the legal-regulatory perspective, Summum Consultoría handles the AI Act side.

Frequently asked questions

Is my company a «provider» or a «deployer» under the AI Act?

You are a provider if you develop an AI system with the intention of placing it on the market or putting it into service under your name or brand, even if you use third-party models as a base. You are a deployer if you use a system already developed by another company in the context of your own professional activities. An HR firm that configures and operates an AI-powered ATS purchased from a SaaS vendor is a deployer, not a provider. Provider obligations are broader, but deployer obligations are also enforceable and are not minor where the rights of individuals are concerned.

What happens if I use a high-risk system whose provider has not completed conformity?

In that case the deployer may not put the system into service for high-risk uses (Article 26 AI Act). If you already have it in production, you must require the provider to supply conformity documentation or cease use in high-risk contexts. Continuing to use it without the provider having complied is an infringement of the Regulation that may also fall on the deployer.

Does the AI Act apply to AI systems used only internally, without being sold to customers?

Yes. The Regulation applies both to systems marketed to third parties and to systems deployed internally for own use when they fall within the Annex III categories. A company that uses an AI system to evaluate the performance of its own employees (category 3) is subject to deployer obligations even if the system never leaves the organisation.

Are sanctions already in force or is there time until 2026?

The prohibitions in Article 5 (unacceptable-risk systems) have been enforceable since 2 February 2025. Obligations for Annex III high-risk systems will be fully applicable from 2 August 2026. Obligations for providers of general-purpose AI models (GPAI) — for example, companies that develop or integrate LLMs on a significant scale — are enforceable from August 2025. The deadline is tight: completing the conformity assessment, preparing the technical documentation and registering the system takes between six months and a year for complex systems.