⚠ Status as of 17 July 2026: the 8 high-risk systems in Annex III covered by this guide still apply from 2 August 2026 (Article 113 of Regulation (EU) 2024/1689). The AI Digital Omnibus — signed on 8 July 2026 and still pending publication in the Official Journal (OJEU) — would move that date to 2 December 2027, but until it is published it is not applicable law. This guide always uses today's applicable date and flags the expected date separately.

Annex III of Regulation (EU) 2024/1689 — the European AI Act — is the list that decides whether your AI system faces the heaviest compliance burden in the whole regulation. It is not symbolic: if your recruitment ATS, your credit-risk scoring or your school admissions system appears on it, conformity assessment, technical documentation and, in several cases, a fundamental rights impact assessment come into play before you can operate.

Annex III is usually explained in the abstract — "HR systems", "essential services" — without grounding it in real Spanish cases or separating what is truly delayed from what is not. This guide does both: it walks through the 8 areas with examples from the Spanish market, explains what falls on the provider and what falls on the deployer, and clarifies the Digital Omnibus nuance that many sources are taking for granted too early.

In brief: Annex III (Art. 6(2) of Regulation (EU) 2024/1689) lists 8 high-risk areas: biometrics, critical infrastructure, education, employment, essential services (credit, insurance, benefits), law enforcement, migration/borders, and justice/democratic processes. The date applicable today is 2 August 2026 (Art. 113); the AI Digital Omnibus, signed but pending publication in the OJEU, would move it to 2 December 2027. The provider must pass conformity assessment and technical documentation (Art. 16); the deployer must ensure human oversight and, in some cases, a fundamental rights impact assessment or FRIA (Arts. 26-27). There is a narrow exception (Art. 6(3)). Check your case with the free AI Act risk classifier, no signup required.

Think your system might fall under Annex III and don't know where to start? See the AI Act compliance service.

What makes an AI system "high-risk" under the AI Act?

Article 6 sets out two distinct paths to high-risk status, and confusing them is the most common mistake. The first (Art. 6(1)) covers AI systems that are a safety component of a product already regulated by EU harmonisation legislation — toys, machinery, medical devices — and require third-party conformity assessment. The second, the subject of this guide, is Article 6(2): any system that matches a use case in Annex III is directly high-risk, independent of any sector-specific legislation.

You don't need to manufacture machinery to fall under Annex III: using AI to screen CVs, score credit applications or decide school admissions is enough. It's the path through which most Spanish SMEs enter high-risk status, distinct — with its own timeline — from Annex I systems (medical devices, vehicles), whose date is 2 August 2027.

What are the 8 high-risk areas of Annex III?

Annex III groups high-risk use cases into 8 points. This table summarises them with a Spanish-market example for each:

Area (Annex III)What it coversSpanish example
1. BiometricsRemote biometric identification, biometric categorisation and emotion recognition (outside the Art. 5 exceptions).Facial-recognition access control at industrial estates or mass events.
2. Critical infrastructureManagement and operation of critical digital infrastructure, road traffic, and water, gas, heating and electricity supply.AI managing load balancing on a local power grid or traffic signalling in a mid-sized city.
3. Education and vocational trainingAdmission to educational institutions, assessment of learning outcomes and monitoring of behaviour during exams.AI proctoring software monitoring students during online exams at Spanish universities.
4. Employment and workers managementRecruitment, selection, decisions on working conditions, task allocation and performance evaluation.An applicant tracking system (ATS) that scores and rejects candidates automatically.
5. Essential public and private servicesCreditworthiness and credit scoring, life and health insurance pricing, access to public benefits and emergency dispatch.A scoring engine deciding whether a Spanish bank or fintech grants a consumer loan.
6. Law enforcementAssessing reoffending risk, evidence reliability or profiling people in criminal investigations.Tools supporting Spanish police forces in assessing risk in gender-violence cases (VioGén and equivalents).
7. Migration, asylum and border controlAssessing migration risk, examining visa or asylum applications, and identifying people at borders.Systems supporting the National Police or Civil Guard in managing international protection applications.
8. Administration of justice and democratic processesAssisting judicial authorities in researching and interpreting facts and law, and AI that can influence elections or voting behaviour.AI-based legal research tools used by law firms or courts to prepare rulings.

If you use or distribute a system that fits one of these 8 areas, the first question isn't "do I have to comply?" but "am I the provider or the deployer?", because obligations differ by role. The guide provider, deployer, importer and distributor: who does what under the AI Act develops this distinction in depth; here we summarise the essentials for high-risk systems.

What obligations does the provider of a high-risk system have?

Article 16 falls on whoever develops the system and places it on the market under its own name or brand — the maker of the ATS, the credit-scoring engine or the proctoring software. Its main obligations:

Almost no Spanish SME is the provider of an Annex III system bought from a third party: most are deployers. If your company develops AI software it sells to other businesses for HR, banking, insurance or education, this is your role.

What must the deployer of a high-risk system do?

The deployer is the company using the system under its own authority — your SME, if you buy an ATS or a scoring engine already built by a provider. Article 26 imposes obligations it cannot delegate to the provider:

Article 27 adds a frequently overlooked obligation: public bodies, public-service providers and deployers of credit and insurance systems (points 5(b) and 5(c) of Annex III) must carry out a fundamental rights impact assessment (FRIA) before operating, documenting the process, frequency of use, affected people, possible harms, human oversight measures and complaint mechanisms. A previous FRIA can be reused for similar cases, updated if the context changes.

What happens if your company breaches these obligations — exact amounts and who enforces them in Spain — in the AI Act penalties and AESIA guide.

Is there an exception that spares my system from Annex III even though it's on the list?

Yes, and it's narrower than many companies assume. Article 6(3) allows a system that literally matches an Annex III use case to not be considered high-risk if it does not pose a significant risk of harm to health, safety or fundamental rights, and meets at least one of these four conditions:

  1. It performs a narrow procedural task (e.g. converting unstructured data into structured data).
  2. It is intended to improve the result of a previously completed human activity.
  3. It detects decision patterns or deviations from prior human decisions, without replacing or influencing the previous human assessment without proper review.
  4. It performs a preparatory task for an assessment relevant to an Annex III use case.

There's a nuance that overrides the exception in a very common case: if the system performs profiling of natural persons, it is always high-risk, regardless of the four conditions above. A credit-scoring system with profiling cannot use this exception. The provider must document the assessment before placing the system on the market and provide it to authorities if requested.

Is it true that Annex III is being delayed to 2 December 2027?

Not yet, though it's close. The AI Digital Omnibus (COM(2025) 836, procedure 2025/0359(COD)) was adopted by the Council of the EU on 29 June 2026 and signed on 8 July 2026 (PE-CONS 30/1/26 REV 1), following European Parliament approval on 16 June. It will move Annex III to 2 December 2027 and Annex I to 2 August 2028, entering into force three days after publication. But as of this update, it remains pending publication in the OJEU, with publication expected before 2 August 2026.

Until the OJEU publishes it, the delay is not applicable law and the date that binds you is 2 August 2026 (Art. 113). Planning against a date that doesn't yet exist in the OJEU is the costliest mistake this spring-summer of 2026: if your system falls under Annex III, work with August 2026 as the real deadline, with the possibility — not the certainty — of gaining time until December 2027. Full timeline in AI Act 2026: the compliance timeline after the Digital Omnibus.

How do I classify my AI system, step by step?

Before applying any of the obligations above, you need to know for certain whether your system falls under Annex III. Summary process:

  1. Identify the system's real purpose. Not its commercial name: what decision it supports, automates or influences (hiring, lending, admitting a student...).
  2. Match that purpose against the 8 Annex III areas in the table above. If it fits one, go to step 3; if not, you're probably in limited risk (Art. 50) or minimal risk.
  3. Check whether the Art. 6(3) exception applies. Review the four conditions and the profiling nuance explained above.
  4. Determine your role: provider (you developed it or distribute it under your brand) or deployer (you use it as delivered by a third party)?
  5. Apply the obligations for your role — Art. 16 if provider, Arts. 26-27 if deployer — and add it to your AI systems inventory.

You can walk through these five steps interactively with the AI Act risk classifier: answer a few questions about what your system does and get its risk level instantly, with applicable deadlines and fines. If you're also unsure whether GDPR, ENS, NIS2 or DORA apply, the "which regulation applies to you?" wizard clarifies it in ten questions.

Prefer to classify it together and leave with an action plan? Book a diagnostic session.