Annex III AI Act — High-Risk AI Use Cases Reference
Key Takeaway: Annex III of the EU AI Act (Regulation 2024/1689) is the definitive reference list of high-risk AI use cases — the eight sectors where AI deployment triggers the Act's most demanding compliance obligations. If your organization uses AI in employment, credit, education, or access to services, Annex III is the starting point for every compliance determination.
What Is Annex III of the EU AI Act?
Annex III of Regulation (EU) 2024/1689 — the EU AI Act — is the enumerated list of eight categories of standalone AI applications that the EU legislator has classified as high-risk for purposes of fundamental rights and safety. Any AI system falling within an Annex III category is a high-risk AI system, which means it carries the Act's heaviest compliance obligations for both the provider (developer/distributor) and the deployer (the organization using it).
This entry is a reference lookup for the Annex III categories. For the classification process used to determine whether a specific AI system is high-risk, see AI Risk Classification. For the full compliance obligations that attach to an Annex III system, see High-Risk AI Systems. For sector-specific application in employment and HR, see AI Act Annex III: Employment and HR.
The Eight Annex III Categories
The following eight categories are specified in Annex III as it stands under Regulation (EU) 2024/1689. Article 6(2) provides that AI systems intended to be used for any of the purposes listed in Annex III are high-risk, subject to the Article 6(3) exception for systems that do not pose a significant risk to the health, safety, or fundamental rights of natural persons.
1. Biometric identification and categorisation AI systems used for remote biometric identification of individuals in real time or post-event in publicly accessible spaces, or AI that categorises individuals on the basis of biometric data to infer protected characteristics such as political opinion, religious belief, race, or sexual orientation.
2. Critical infrastructure management and operation AI systems used as safety components in the management and operation of road traffic, water supply, gas, heating, and electricity supply infrastructure. Failures in these systems pose risks at a societal scale, making AI oversight in these domains a regulatory priority.
3. Education and vocational training AI systems used to determine access to or assignment of educational institutions, allocate students to institutions, evaluate competencies, assess learning outcomes, or monitor exam candidates for prohibited behaviour.
4. Employment, workers management, and access to self-employment AI systems used in recruitment or selection of natural persons (including advertising vacancies, screening applications, evaluating and filtering candidates), in promotion and termination decisions, in task allocation, in monitoring and evaluating performance and behaviour, and in evaluating creditworthiness of persons for purposes of employment. This is the category most directly relevant to enterprise AI platforms used in sales, HR, and recruitment contexts.
5. Access to and enjoyment of essential private services and essential public services and benefits AI systems used to evaluate the creditworthiness of natural persons or to price insurance products, to allocate emergency services (police, ambulance, fire brigade), and to assess eligibility for essential state benefits and services.
6. Law enforcement AI systems used by competent authorities for individual risk assessment, polygraph-like systems, evaluation of evidence reliability, profiling of individuals in criminal investigations, crime analytics, and prediction of recidivism.
7. Migration, asylum, and border control management AI systems used in risk assessment of third-country nationals for visa or asylum purposes, verification of travel documents, assessment of irregular migration risk, and security threat assessment.
8. Administration of justice and democratic processes AI systems used to assist judicial authorities in fact-finding, law interpretation, and applying the law to specific facts. Also covers AI used to influence voting behaviour and the outcome of elections.
Article 6(3) Exception
Not every AI system that falls nominally within an Annex III category is automatically subject to the high-risk compliance regime. Article 6(3), introduced in the Act's final text, provides that a system otherwise within Annex III is not classified as high-risk if it does not pose a significant risk to health, safety, or fundamental rights — for instance, an AI system that performs a purely ancillary function in relation to the listed use, or one that only prepares a human decision without influencing its substantive outcome.
Organizations wishing to rely on the Article 6(3) exception must document their reasoning. The European AI Office is expected to issue guidance on the conditions for applying this exception, and reliance on it without documented analysis is unlikely to satisfy regulators.
Knowlee and Annex III
Knowlee's sales and recruitment intelligence features operate in the Annex III Category 4 zone — employment and workers management. Knowlee addresses this directly by providing human-in-the-loop enforcement on every AI-assisted candidate ranking or employee data decision, satisfying the Article 14 human oversight requirement. Knowlee also generates the operational documentation — per-decision audit logs, model identification, confidence metadata — that deployers need to maintain under Article 26. Enterprise customers can use Knowlee's governance metadata to classify their AI deployments against Annex III and demonstrate compliant operation to auditors.