High-risk AI systems under the EU AI Act come from two places: Article 6(1) (safety components covered by sectoral product-safety regulations in Annex I), and Article 6(2) — "the AI systems referred to in Annex III". This post is about the second route.
The eight categories
1. Biometric identification & categorisation
Remote biometric ID (Art. 5 prohibits in real-time + public spaces by law enforcement, with carve-outs). Biometric categorisation by sensitive attribute is also in.
2. Critical infrastructure
Safety components in road traffic, water, gas, heating, electricity, and critical digital infrastructure.
3. Education & vocational training
Admission decisions, learning-outcome evaluation, monitoring of prohibited behaviour during tests.
4. Employment, workers' management & access to self-employment
Recruitment / selection, decisions affecting terms of employment, work-allocation, promotion, termination, performance/behaviour monitoring.
5. Access to essential private + public services
Eligibility for public benefits, credit scoring (with a narrow consumer-bank carve-out), pricing of life & health insurance, emergency-response triage.
6. Law enforcement
Polygraphs / similar, evidence reliability, risk profiling of natural persons, crime analytics on personal data.
7. Migration, asylum & border control
Polygraphs, risk assessment, application examination, identification at borders.
8. Administration of justice & democratic processes
Assisting judicial authorities in researching, interpreting, applying the law; influencing elections.
The Article 6(3) escape hatch
A system listed in Annex III is not high-risk if it (a) performs a narrow procedural task, (b) improves the result of a previously completed human activity, (c) detects decision-making patterns without replacing or influencing the human assessment, or (d) is preparatory to an assessment for an Annex III purpose.
The argument has to be documented. Default to "in scope" until you have evidence on file.