Recognizing High-Risk AI
Recognizing high-risk AI systems
The risk class of an AI system decides the compliance effort. Minimal risk means hardly any obligations, high-risk means comprehensive requirements. But when does a system count as high-risk at all? The answer lies not in the technology itself, but in the specific purpose of use.
Two routes to high-risk
The EU AI Act knows two categories of high-risk AI systems. The first concerns AI as a safety component in regulated products. If an AI system is part of a medical device, a machine or a vehicle and requires third-party conformity assessment, it falls under Annex I of the regulation. For most small and medium-sized enterprises this is not the relevant case.
The second category is decisive for user companies: AI systems in certain areas of use, listed in Annex III. Here what counts is not the technology, but the purpose. The same large language model can be minimally risky for marketing texts and high-risk for HR decisions.
The eight high-risk areas
Annex III defines eight areas in which AI systems automatically count as high-risk:
Biometrics covers systems for remote biometric identification, for categorisation by sensitive characteristics and for emotion recognition. Biometric verification, meaning confirming that someone is the person they claim to be, is exempt from this.
Critical infrastructure concerns AI systems used as safety components for digital infrastructure, road traffic or supply networks for water, gas, heat or electricity.
Education and vocational training covers systems for admission to educational institutions, for evaluating learning outcomes, for steering the learning process and for monitoring exams.
Employment and worker management is the most relevant area for many companies. Affected are AI systems for recruiting, applicant selection, job ad targeting, promotion decisions, dismissals, task allocation and performance evaluation.
Access to essential services covers systems for assessing entitlements to public benefits, for creditworthiness checks of natural persons and for risk assessment in life and health insurance. Classifying emergency calls and prioritising rescue operations also fall under this.
Law enforcement, migration and asylum, as well as justice and democratic processes, primarily concern public authority applications, not the private sector.
The profiling rule
An important exception to the exception: if an AI system from Annex III carries out profiling of natural persons, it always counts as high-risk. This rule applies regardless of whether the effects seem minor in the individual case. Profiling means the automated processing of personal data to evaluate personal aspects of a person, such as work performance, economic situation or behaviour.
What this means for SMEs
Two areas are particularly relevant for mid-sized companies. In the area of employment, this concerns every AI-based application in the HR process. Whoever uses a tool for pre-selecting applications, deploys AI-based personality tests or carries out automated performance evaluations operates a high-risk system. This also applies to external tools purchased via SaaS services. The deployer obligations fall on the company using them.
In the area of financial services, creditworthiness checks and insurance risk assessments are explicitly high-risk, insofar as they concern natural persons. The detection of financial fraud, by contrast, is exempt.
Not every system in Annex III is automatically high-risk
The EU AI Act contains an exemption rule. A system listed in Annex III does not count as high-risk if it poses no significant risk to health, safety or fundamental rights. That is the case, for example, when the system only fulfils a narrow procedural task, improves the result of a human decision without replacing it, only detects patterns without evaluating people, or carries out a preparatory task.
This exemption has to be documented. The provider is obliged to record their assessment and register the system in the EU database. For deployers this means: check whether the provider can present this documentation.
The classification process
Risk classification is not a one-off act. It has to be carried out again with every substantial change to the purpose of use. A system originally used for general text generation can become a high-risk system through a new use case.
The right moment for classification is the DEFINE phase. After the AI register has documented the existing assets, the specific use cases are defined in DEFINE. Only the combination of asset and purpose of use produces the AI process that can then be classified. The NADOVO framework maps this relationship in a structured way.
The consequences of classification are significant. High-risk means comprehensive obligations: a risk management system, human oversight, logging, monitoring and, in certain deployer constellations, a fundamental rights impact assessment. Whoever carries out the classification carefully knows early on what effort lies ahead for the company.
About the author
Jochen Stier is co-founder of NADOVO with over 20 years of experience in process management and IT service management. He helps German SMEs implement the requirements of the EU AI Act systematically and pragmatically. His 5-phase framework NADOVO combines regulatory requirements with practical feasibility, without enterprise budgets or complex tools.
Further reading:
More articles
AI Technology Website Migration and SEO Ranking
Many fear a website migration destroys the Google ranking. That is true - if you do it wrong. What really happens and what matters.
read more ...
AI Technology Maintaining a Website Without an Agency
If you have a business website, you should be able to maintain it yourself. Why that does not work for most people - and how it can be done differently.
read more ...
AI Compliance Why I Built NADOVO
Why a process consultant with 20 years of experience builds his own AI compliance framework and his own platform - and what that has to do with the EU AI Act.
read more ...