AI in HR, Sales, or Customer Service: When Does It Become a High-Risk AI System?

An AI application becomes high-risk when its intended purpose falls under Article 6 and Annex I or III of the EU AI Act and can significantly affect health, safety, or fundamental rights. Model size and the label “AI agent” do not determine the category. The use case, function, affected people, and influence on decisions are decisive.

Legal status reviewed on July 14, 2026. This article provides operational guidance and is not a substitute for legal advice.

Why is powerful AI not automatically a high-risk AI system?

A language model may analyze extensive tender specifications, summarize candidate files, answer customer inquiries, and prepare technical documentation. It does not become a high-risk AI system merely because it is capable of performing complex tasks.

The EU AI Act focuses primarily on the intended purpose of the complete system. The relevant question is not only which model operates in the background, but how the application was designed, documented, supplied, and deployed.

AI Compliance by KrambergAI

Use AI with clear rules and responsibilities

KrambergAI helps companies establish practical AI compliance structures for internal rules, data handling, approvals, responsibilities and responsible use in daily work.

Structured guidance · Responsible implementation · Made in Germany

An assistant summarizing public product information for a sales employee is generally different from a system scoring applicants and producing a candidate ranking. Both applications could use the same foundation model. Their purposes, information, affected people, and possible consequences are substantially different.

The same principle applies to AI agents. An agent does not belong to a separate risk class under the EU AI Act. It may prepare drafts, organize documents, or suggest appointments. It may also reject applicants, change credit limits, control access, or operate a safety-related technical system.

The agent label therefore reveals little about legal classification. The organization must examine what the system does, which actions it can execute, which individuals are affected, and how much weight its output carries.

Article 6 establishes two principal routes into the high-risk category: AI serving as a regulated product or product safety component under Annex I, and specified stand-alone use cases within the sensitive areas listed in Annex III.

Which risk categories does the EU AI Act use?

The frequently described four-level model is useful for orientation, although the regulation itself contains a more detailed structure.

Prohibited AI practices occupy the highest level of concern. These include certain manipulative uses, specified forms of social scoring, untargeted collection of facial images, and some biometric or emotion-related applications. They cannot be deployed unless a specific statutory exception applies.

High-risk AI systems are permitted but subject to extensive requirements. Providers must address risk management, data governance, technical documentation, logging, information for deployers, human oversight, accuracy, robustness, and cybersecurity. Deployers receive separate operational duties.

AI systems subject to transparency obligations are not necessarily high-risk. A website chatbot or AI phone assistant may fall outside Annex III while still requiring a notice that the customer is interacting with AI.

Other AI systems are not subject to the dedicated high-risk regime. They may nevertheless remain subject to privacy, employment, cybersecurity, intellectual-property, product-liability, trade-secret, consumer, and contract requirements.

General-purpose AI models form an additional regulatory category. A foundation model’s obligations should not be confused with the risk classification of a business application that uses that model.

An SME should therefore avoid treating classification as a simple selection of one product color. It should determine whether the use involves a prohibited practice, a high-risk system, a transparency duty, or another AI application governed primarily through existing law and internal controls.

Through which two routes can a system become high-risk?

The first route is established by Article 6(1) and Annex I.

An AI system is high-risk under this route when it is itself a regulated product, or serves as a safety component of such a product, and the relevant EU product legislation requires third-party conformity assessment before market placement or use.

Examples may include medical devices, certain machinery, lifts, radio equipment, personal protective equipment, and appliances burning gaseous fuels.

Not every AI function inside a machine automatically qualifies. The assessment must consider whether the AI serves a safety function, whether the product falls under listed harmonization legislation, and whether independent conformity assessment is required.

The second route covers stand-alone systems listed in Annex III.

Annex III identifies eight sensitive fields: biometrics, critical infrastructure, education and vocational training, employment, access to essential services, law enforcement, migration and border management, and the administration of justice and democratic processes.

The fact that AI is used in one of these sectors is not sufficient. The system must correspond to one of the specified use cases.

An HR writing assistant is not high-risk merely because it is used by the HR department. A system designed to analyze, filter, or evaluate job applications may fall directly within the employment category.

Why is the intended purpose so important?

The intended purpose is central to classification. It refers to the use for which the provider designed and supplied the AI system, including the context and operating conditions described in instructions, contracts, technical documentation, product information, and marketing materials.

A product name does not provide enough information. A “recruiting assistant” might only arrange interviews, or it might score candidates and recommend rejection. The first task may be procedural. The second can influence access to employment.

Procurement teams should therefore request documentation describing more than available features. They should understand which decisions the system is intended to support, who the intended users are, which information it expects, and which uses the provider excludes.

The company’s actual deployment also matters. When a business repurposes ordinary AI outside the provider’s intended purpose, the original classification may no longer fit.

A major purpose change can also alter the company’s legal role. Article 25 provides that a party changing the intended purpose of a system so that it becomes high-risk may assume provider obligations in specified circumstances.

An organization that converts a general document-analysis service into an applicant-scoring application cannot rely solely on the original provider’s assessment for ordinary text analysis.

The Commission therefore places intended purpose near the beginning of its classification method.

When is an HR system high-risk?

Annex III expressly covers several employment activities.

It includes AI intended for recruitment or selection, particularly systems used to place targeted job advertisements, analyze and filter applications, or evaluate candidates.

It also covers systems used to make decisions affecting employment terms, promotion, or termination; allocate tasks based on individual behavior or personal traits; and monitor or evaluate employee performance and behavior.

A system that scores resumes, ranks applicants, and determines which candidates receive further review will generally be high-risk.

This remains possible even when an HR manager formally makes the final decision. The existence of a human approver does not remove the category when the score or ranking materially shapes the selection process.

A different analysis may apply to interview scheduling, standardized application acknowledgments, or extraction of formal information into a database. These narrow organizational activities may qualify for the Article 6(3) exception when they do not materially influence selection.

The Commission’s draft examples include verification of professional accreditation against an official registry and interview scheduling as tasks that may remain outside the high-risk classification when they do not evaluate candidates.

The dividing line is therefore not simply between full automation and human participation. It often lies between administrative processing and substantive assessment affecting employment opportunities or working conditions.

Is AI-assisted job-ad drafting already high-risk?

A writing tool that helps an HR employee phrase a job description is not ordinarily high-risk. The business still decides the qualifications, responsibilities, compensation, location, and publication.

A different issue arises when AI determines which individuals or demographic groups receive a job advertisement. Annex III expressly includes AI used to place targeted job advertisements in the context of recruitment and selection.

The relevant question is whether the system merely generates the text or controls access to the opportunity by selecting who sees it.

A marketing platform may describe both activities as job advertising, yet they have different effects. One supports content production. The other may influence whether a person becomes aware of the vacancy.

Particular attention is required when the system profiles natural persons. When a system falls within an Annex III use case and performs profiling, it cannot rely on the Article 6(3) exception.

The company should record the targeting criteria, excluded audiences, information sources, optimization objective, and whether the campaign can systematically reduce visibility for protected groups.

When is facial access control high-risk?

Biometric systems require careful differentiation.

Remote biometric identification attempts to identify a person from a group without first receiving an active identity claim. This category is generally high-risk when permitted at all, and some uses may be prohibited.

Biometric verification is different. It confirms that a specific person is the person they claim to be, such as when unlocking a device or entering a controlled facility after presenting an identifier.

Verification used solely to confirm a claimed identity is excluded from the Annex III high-risk category for remote biometric identification.

That exclusion does not make biometric access control automatically lawful or low-impact. Biometric information receives special protection under data protection law. Necessity, available alternatives, employee representation, retention, access rights, accuracy, fallback procedures, and security still require assessment.

The classification changes when the system goes beyond identity verification. A tool that infers age, ethnicity, health, emotional state, or other sensitive attributes performs a different function.

Emotion recognition in the workplace is generally prohibited except for limited medical or safety-related circumstances. A building-access application that also claims to measure employee mood, stress, or attention cannot be treated as ordinary identity verification.

When is AI in education or vocational training high-risk?

Annex III identifies four major education-related categories.

These cover systems used to determine admission or access, assign individuals to educational or vocational institutions, evaluate learning outcomes, determine the level of education a person may receive, or monitor prohibited behavior during tests.

The rules can matter to businesses offering apprenticeships, accredited training, professional certification, regulated examinations, or access to structured vocational programs.

An AI system assigning apprentices to different qualification pathways based on predicted ability may affect the type of training they can access.

A system evaluating examination answers or providing a score used for certification or final grading may also be high-risk.

A voluntary learning assistant that generates practice exercises, corrects language, or explains material without affecting admission, certification, or formal assessment will ordinarily remain outside these listed use cases.

The draft guidelines distinguish AI-enabled grading affecting final evaluation from tools used voluntarily for informal learning. They also indicate that organizing application documents without evaluating admission may qualify as a narrow procedural task.

An SME should therefore identify whether the tool merely supports learning or influences a formal educational outcome.

When does a credit decision become high-risk?

AI used to evaluate the creditworthiness of natural persons or establish their credit score is generally high-risk under Annex III.

The reason is the effect of credit access on housing, transportation, liquidity, and participation in essential economic activities.

The category is not limited to systems that make a fully automated lending decision. A score or recommendation can be high-risk when it materially influences a human credit officer.

The AI Act expressly excludes systems used for financial-fraud detection from this creditworthiness category. A tool identifying suspicious transactions does not become a high-risk credit-scoring system merely because it is used by a lender.

The distinction between individuals and companies is also important. AI evaluating only the financial statements and balance sheet of a limited-liability company is not automatically covered by the provision on natural persons.

Sole proprietors, freelancers, partnerships, and personal guarantees may create more complex situations. Business and personal finances can overlap, making it necessary to determine whether the system is effectively assessing a natural person. The draft guidance addresses this distinction.

Nonfinancial SMEs should also examine the category when offering consumer installment plans, leasing, rental arrangements, deferred payments, or financial products through a digital customer interface.

When is AI used in critical infrastructure high-risk?

Not every AI application used by an energy supplier, transport operator, or water company is high-risk.

Annex III covers AI serving as a safety component in the management and operation of critical digital infrastructure, road traffic, or the supply of water, gas, heating, or electricity.

The concept of a safety component is central. The system must perform a function whose failure or malfunction could threaten health, life, or secure service delivery.

AI controlling power flows, prioritizing safety incidents, triggering protective network actions, or managing road traffic in a safety-related context may qualify.

A system summarizing invoices, drafting internal documents, forecasting marketing results, or answering routine administrative questions does not become high-risk merely because its user operates critical infrastructure.

Maintenance support requires a more detailed review. A nonbinding planning suggestion may not amount to a safety component. An output used directly for a safety-critical switch or maintenance decision without effective professional review can create a different classification.

The guidelines focus on whether AI is essential to safe infrastructure operation and whether a malfunction may endanger people or significantly disrupt basic services.

Is AI high-risk when it only supports a decision?

Not necessarily, but placing a human at the final stage does not automatically remove high-risk status.

Article 6(3) creates a possible exception for certain Annex III systems that do not create a significant risk and do not materially influence the outcome.

The provision mentions narrow procedural tasks, improving the result of a previously completed human activity, detecting patterns without replacing or influencing an earlier human assessment, and preparing information for a later assessment.

The conditions must exist in practice. An employee who sees an AI score and follows it almost every time is not necessarily providing effective review merely because they have theoretical authority to disagree.

A recommendation can materially influence an outcome by controlling ranking, visibility, scrutiny, waiting time, or access to further review.

An applicant score determines which resumes are opened. Prioritization may delay benefit applications. Credit scoring may prevent cases below a threshold from receiving meaningful individual review.

The draft guidance even identifies a personalized legal assistant used by a case handler as potentially high-risk when its answers materially influence access to essential benefits. A system merely retrieving existing facts or producing a verifiable summary may qualify as a narrow task.

The assessment must therefore consider whether the human can inspect the evidence, has sufficient time and expertise, may reject the output, and is not evaluated for following the system’s recommendation.

How does profiling affect classification?

Profiling requires particular attention because Article 6(3) contains a strict rule.

When an AI system falls within an Annex III use case and performs profiling of natural persons, it remains high-risk even if the provider would otherwise seek to rely on an exception for a preparatory or procedural task.

Profiling broadly involves automated processing of personal data to evaluate or predict personal aspects, such as work performance, economic situation, behavior, interests, reliability, or location.

This does not make every marketing segment or B2B customer score high-risk. The system must first fall within a listed Annex III use case.

A lead score for corporate accounts is not automatically high-risk. Candidate scoring based on personal characteristics or evaluation of an individual’s creditworthiness is much closer to a listed use case.

Organizations should therefore record whether the system derives personal characteristics, assigns scores, predicts behavior, or places individuals into categories.

They should also examine whether profiling changes access, opportunity, pricing, workload, employment treatment, or the level of human scrutiny.

Are sales and customer service typical high-risk areas?

Ordinary sales and general customer service are not separate Annex III fields.

A chatbot providing opening hours, collecting a quotation request, or reporting the status of a service ticket is generally not a high-risk AI system. It may still be subject to transparency duties for direct AI interaction.

A system helping an employee prepare a quotation will also generally remain outside the high-risk category. It can nevertheless create substantial contractual or professional risk if pricing, scope, or technical claims are accepted without review.

The classification changes when customer service contributes to decisions about essential private services. AI evaluating an individual’s creditworthiness, influencing access to specified insurance coverage, or prioritizing emergency calls can fall within Annex III.

A sales process for energy, telecommunications, housing, or financial services requires additional attention when it profiles natural persons and uses their financial situation to decide whether they receive an essential service.

Ordinary CRM lead scoring for business customers is different. The company should still document which information is used and whether automated scoring causes some customers to receive no meaningful response.

The legal category is therefore driven by the decision being supported, not by whether the system sits in the sales or service department.

AI Introduction by KrambergAI

Bring AI into daily operations in a structured way

The KrambergAI AI Introduction helps companies select suitable use cases, prepare workflows and integrate AI solutions into everyday operations in a controlled and practical way.

Structured implementation · Practical guidance · Made in Germany

How should AI agents and autonomous actions be assessed?

AI agents do not automatically fall into a special risk class. Their action capabilities often increase operational exposure, however.

An agent retrieving documents and creating a draft has less influence than an agent rejecting candidates, changing credit limits, or controlling technical equipment.

Intended purpose remains the principal classification factor. Autonomy and automation are nevertheless relevant indicators of how strongly a system can affect outcomes.

The review should cover the complete action chain:

What information can the agent read? What evaluation does it perform? Which decision does it prepare? Which action can it execute without another approval? Who is affected? Can the action be reversed?

An HR agent filing applications in folders is different from an agent scoring candidates, rejecting them, and sending automated messages.

A service agent creating a callback ticket is ordinarily not high-risk. An agent classifying emergency reports and determining dispatch priority may fall into a more sensitive category depending on the context.

Agent design therefore requires both risk classification and permissions analysis. Reading, drafting, recommending, updating, sending, approving, and deleting should not be treated as equivalent powers.

Which transparency obligations can apply in addition to risk classification?

High-risk obligations and transparency duties are separate layers.

A system may not be high-risk yet still require a notice. This is particularly relevant to systems interacting directly with people and to specified synthetic or manipulated content.

An AI phone assistant used by a contractor can remain outside Annex III while still needing to identify itself to the caller.

A high-risk system can also have additional transparency obligations. An interactive applicant-assessment system may be high-risk because of its employment purpose while also requiring information for affected individuals.

Deployers of certain workplace systems may have duties to inform employees or their representatives. Privacy notices remain a separate requirement.

Risk classification therefore does not answer every communication question. After classifying the system, the company should assess Article 50, data protection law, employment rules, and any sector-specific information duties. Germany’s Federal Network Agency notes that transparency requirements may operate in addition to high-risk rules.

How can an SME assess a new AI use case in seven steps?

1. Does the application qualify as an AI system?
Not every rule-based automation falls under the AI Act. The organization should examine technical documentation and actual functionality rather than relying on product branding.

2. What is the intended purpose?
Record the task, users, affected individuals, information, outputs, and intended decisions. “Support for HR” is too broad. “Structuring incoming applications without scoring or ranking” is more useful.

3. Does the Annex I product route apply?
Determine whether the AI is a regulated product or safety component and whether third-party conformity assessment is required.

4. Does the purpose match an Annex III use case?
Review biometrics, critical infrastructure, education, employment, creditworthiness, insurance, emergency response, and other essential services.

5. Does the output materially influence an outcome?
Examine the practical workflow. Ranking, display order, thresholds, waiting time, and the ability of staff to depart from the recommendation all matter.

6. Can the Article 6(3) exception apply?
The exception may be relevant to narrow organizational tasks, verifiable preparation, or improvement of already completed human work. It is unavailable for profiling within an Annex III use case.

7. Which additional legal and operational requirements apply?
Privacy, employee representation, transparency, information security, product rules, professional standards, and sector law may require controls even when the system is not high-risk.

The result should be recorded in the AI inventory with its reasoning, evidence, owner, review date, and required controls.

Which examples show the boundary between assistance and high-risk use?

Use caseAI functionLikely assessmentReason and next step
Application receipt confirmationInsert name and send standardized messagegenerally not high-risknarrow administrative task without influence on selection
Candidate rankingscore and prioritize applicantsgenerally high-riskmaterially influences access to employment
Interview schedulingcompare calendars and propose timesgenerally not high-riskorganizational preparation without candidate evaluation
Facial verification at a gate after identificationconfirm a claimed identitynot high-risk solely as remote biometric identificationprivacy, employee representation, and security still require review
Identifying individuals in a crowdremote biometric identificationgenerally high-risk or prohibited depending on purposespecialist legal assessment is required
Voluntary learning exercisesgenerate practice questions without formal effectgenerally not high-riskestablish quality and privacy controls
Exam gradingpropose or determine resultsgenerally high-riskprovider evidence, human oversight, and documentation required
Corporate credit analysisassess a limited company using company accountsnot automatically high-risk under Annex III point 5(b)review other financial, contract, and data risks
Consumer credit scoreevaluate an individual for lendinggenerally high-riskprepare high-risk and privacy controls together
Safety-related grid incident prioritizationinfluence infrastructure safety decisionspotentially high-riskassess safety-component status and failure consequences
Customer-service chatbotprovide information and create ticketsgenerally not high-riskimplement AI notice, privacy, and escalation
Agent automatically rejects applicantsevaluate and execute employment decisiongenerally high-riskautomation also increases oversight and control requirements

The table is an initial assessment aid. Provider documentation, configuration, data sources, and actual workflow can produce a different conclusion.

What obligations follow from high-risk classification?

Providers of high-risk AI systems face extensive product and organizational requirements.

These include continuous risk management, governance of training, validation and testing data, technical documentation, logging, instructions for deployers, human oversight, accuracy, robustness, and cybersecurity.

Before market placement or putting the system into service, the required conformity assessment, registration, declaration, and marking steps must also be considered.

Deployers must use the system according to instructions, appoint competent people for human oversight, monitor operation, manage input data within their control, and retain accessible logs.

Depending on the organization and use case, a fundamental-rights impact assessment, data protection impact assessment, employee-representation process, and serious-incident reporting may also be required.

Following the EU amendment formally adopted in June 2026, the extensive rules for stand-alone Annex III systems are scheduled to apply from December 2, 2027. High-risk AI in specified regulated products is scheduled for August 2, 2028.

The later dates should not delay classification work. Vendor evidence, contracts, logging, oversight functions, and system architecture often cannot be corrected shortly before the deadline.

When is specialist legal advice appropriate?

Specialist advice is particularly important when classification may affect fundamental rights, product safety, or the company’s own provider role.

Employment-related triggers include candidate selection, employee scoring, performance monitoring, promotion, termination, and behavioral task allocation.

Biometric identification, categorization, emotion recognition, and access control with additional analytics also require deeper review.

Creditworthiness, personal scoring, life or health insurance, emergency-call prioritization, and access to essential public benefits are further examples.

In education, specialist assessment is appropriate for admission, examination scoring, certification, level allocation, and automated test monitoring.

AI embedded in machinery, medical devices, gas appliances, lifts, transport systems, or other regulated products must be assessed together with applicable product legislation.

Other triggers include custom development, white-label distribution, substantial modification, use outside the provider’s intended purpose, and a provider’s claim that an Annex III system qualifies for the Article 6(3) exception.

Advice is also appropriate where profiling, GDPR Article 22, sensitive personal data, employee-representation rights, or deployment by a public authority is involved.

The review should ideally occur before contracting and technical implementation. After purchase, the company may have limited leverage to obtain evidence, change functions, or negotiate notification and audit rights.

Which four figures demonstrate the practical relevance?

A European Commission Joint Research Centre survey found that 30 percent of EU workers already use AI tools at work. Sensitive use cases are therefore no longer limited to large technology companies; they increasingly emerge in ordinary HR, service, sales, and administrative processes.

In the same research, 37 percent of workers said their employers use digital or AI-enabled tools to monitor working time. Such systems are not automatically high-risk, but the figure demonstrates how quickly workplace technology can enter employee-management and monitoring activities.

According to the Eurobarometer survey, 84 percent of Europeans believe AI at work requires careful management to protect privacy and transparency. This expectation directly concerns the areas in which HR and management systems can affect individual rights.

The European Banking Authority reports that 92 percent of EU banks are deploying AI. Observed uses include customer profiling, creditworthiness assessment, credit scoring, and fraud detection, which can fall into very different AI Act categories despite operating in the same organization.

Which sources support the figures used in this article?

European Commission Joint Research Centre: 30 Percent of EU Workers Use AI and 37 Percent Report Digital Working-Time Monitoring
https://joint-research-centre.ec.europa.eu/jrc-news-and-updates/impact-digitalisation-30-eu-workers-use-ai-2025-10-21_en

European Commission: Eurobarometer on Artificial Intelligence in the Workplace
https://employment-social-affairs.ec.europa.eu/news/commission-survey-shows-most-europeans-support-use-artificial-intelligence-workplace-2025-02-13_en

European Banking Authority: AI Adoption in the EU Banking and Payments Sector
https://www.eba.europa.eu/sites/default/files/2025-09/146b3558-d026-47bf-a872-f05e93ed30d2/Rising%20application%20of%20AI%20in%20EU%20banking%20and%20payments%20sector.pdf

Which resources provide useful further reading?

European Commission: Draft Guidelines on the Classification of High-Risk AI Systems
https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems

EU AI Act Service Desk: General Principles for Classifying High-Risk AI Systems
https://ai-act-service-desk.ec.europa.eu/en/general-principles-classification-high-risk-ai-systems

German Federal Network Agency: High-Risk AI Systems Under Annex I and Annex III
https://www.bundesnetzagentur.de/DE/Fachthemen/Digitales/KI/9_Hochrisiko/start.html

Is ChatGPT used by HR automatically a high-risk AI system?

No. Using ChatGPT to draft a job advertisement or revise internal wording will generally not create a high-risk use case. If the resulting application evaluates, filters, scores, or prioritizes candidates, it may fall within Annex III. Purpose, configuration, information, affected people, and influence on selection must be assessed together rather than relying on the product name.

Does a human final decision automatically reduce the risk category?

No. An employee may formally make the final decision while an AI score has already determined ranking, visibility, or assessment. The relevant question is whether the person can examine the underlying information, reject the recommendation, and make a different decision without inappropriate time or performance pressure. A confirmation button alone does not establish meaningful human oversight.

Is every AI application used by HR high-risk?

No. Interview scheduling, standardized acknowledgments, or purely organizational document filing can remain outside the high-risk category. Candidate filtering, performance monitoring, promotion decisions, termination recommendations, or behavior-based task allocation are different. Classification depends on the specific intended purpose and its effect on individuals, not merely on the department using the application.

Is facial recognition at a workplace gate always high-risk?

Biometric verification that only confirms a previously claimed identity for access is excluded from the high-risk remote-identification category. Privacy, necessity, employee representation, fallback access, retention, and security still require assessment. A system identifying people without prior presentation or inferring additional sensitive characteristics may fall into a different high-risk or prohibited category.

Is an AI learning tool for apprentices high-risk?

A voluntary learning assistant providing practice questions without affecting admission, grading, or certification will generally not be high-risk. When the business uses AI for final scores, examination decisions, certification, or allocation to training pathways, Annex III may apply. The decisive factor is whether the system affects formal educational access, assessment, or the qualification a learner can obtain.

Is corporate credit scoring high-risk?

Annex III specifically addresses the creditworthiness of natural persons. Evaluating a limited company solely from corporate financial statements is not automatically covered. Sole proprietors, freelancers, personal guarantees, and mixed business-personal assessments may involve an individual’s economic situation. Those cases require a more detailed legal and operational review before the scoring system is approved.

Are AI agents inherently high-risk?

No. The EU AI Act does not create a separate risk class for agents. An agent may perform a low-impact organizational task or make consequential decisions in a sensitive field. Intended purpose, information, affected people, decision influence, and permissions determine the assessment. Greater autonomy increases operational control needs but does not by itself establish the high-risk category.

Can a customer-service chatbot be high-risk?

A chatbot providing opening hours, product information, or service intake will generally not be high-risk, although it may require an AI interaction notice. Classification can change when the chatbot assesses personal creditworthiness, influences access to essential services, or prioritizes emergency requests. The function performed matters more than the customer-service label attached to the interface.

Must a provider explain why an Annex III system is not high-risk?

Yes, when the provider determines that an Annex III system qualifies for the Article 6(3) exception. The provider must document the assessment before market placement or putting the system into service and must meet the applicable registration requirement. Deployers should request that reasoning and verify that their own implementation remains within the provider’s documented intended purpose.

When can a preparatory AI task remain outside the high-risk category?

A preparatory task may qualify for the exception when it does not materially influence the outcome and does not create a significant risk to health, safety, or fundamental rights. Scheduling, data formatting, or verifiable summaries may qualify. Scoring, ranking, exclusion, prioritization, or profiling can remove the basis for the exception or make it unavailable from the start.

What are the consequences of incorrect classification?

Under-classification may leave conformity work, documentation, human oversight, logging, registration, and deployer controls missing. Unnecessary high-risk classification can make projects more expensive and slower. The decision should therefore record intended purpose, provider evidence, workflow, information, decision influence, and the reason for applying or not applying the Article 6(3) exception.

When do the extensive high-risk obligations apply?

Following the EU amendment formally adopted in June 2026, the rules for stand-alone Annex III high-risk systems are scheduled to apply from December 2, 2027. High-risk AI embedded in specified regulated products is scheduled for August 2, 2028. Prohibited practices, AI literacy, privacy duties, and certain transparency obligations operate independently of those later application dates.