hydrus
EU AI Act

Annex III high-risk AI classification guide

How enterprise teams should classify AI systems against Annex III high-risk use cases and preserve evidence for the decision.

AI Governance6 minUpdated 2026-06-22

Annex III classification is where AI governance becomes concrete. It asks whether a system’s intended purpose falls into one of the EU AI Act’s high-risk areas. The answer changes the evidence burden, control expectations, approval process, monitoring cadence, and audit posture.

For enterprises, classification should start with intended purpose, not the model brand. The same model can be low-risk in one workflow and high-risk in another. A text model used to summarize meeting notes is not the same governance problem as a model used to rank job candidates or prioritize access to services.

A practical classification record should capture:

  • The business process and decision being supported.
  • The people affected by the output.
  • Whether the AI output is advisory or functionally determinative.
  • The degree of human review.
  • The data categories used.
  • The vendor or internal owner.
  • The jurisdictions where the system is used.
  • The reason a high-risk category does or does not apply.

The high-risk areas most likely to matter for large enterprises include employment and worker management, education and vocational training, access to essential private or public services, critical infrastructure, and certain law-enforcement-adjacent or public-sector workflows. Organizations should also watch embedded AI inside HR suites, procurement platforms, productivity tools, customer operations, and analytics products. Shadow AI often enters through vendor features rather than formal model development.

Manual classification usually breaks in three ways. First, teams classify the tool rather than the use case. Second, they fail to preserve why the system was classified. Third, the classification is not revisited when the use case changes. A defensible process treats classification as a living control.

Hydrus keeps the classification attached to the AI inventory. Each system can be reviewed against Annex III, routed to legal or risk owners, linked to FRIAs and technical documentation, and mapped to related controls. When a system’s purpose, geography, vendor, or affected population changes, the classification can be revisited with the history intact.

Use this workflow:

  1. Register the AI system and use case.
  2. Identify affected persons and decision context.
  3. Screen for prohibited practices first.
  4. Review Annex III categories.
  5. Record the rationale and approver.
  6. Trigger high-risk documentation if applicable.
  7. Set a monitoring cadence.

Classification is not a one-time checkbox. It is the decision that determines the rest of the governance path.

This guide is educational and not legal advice.

Sources