Annex III of the EU AI Act lists the use cases classified as high-risk AI systems, covering domains such as biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration and the administration of justice.
In practiceAnnex III is the operational filter that determines whether an AI system carries the full weight of EU AI Act obligations, including risk management, data governance, technical documentation, human oversight and post-market monitoring. Providers and deployers consult it to triage their portfolio. A common confusion is treating Annex III as the only route to high-risk status: products that are themselves regulated under EU product safety law can also fall into the high-risk regime through Annex I.
An insurer using an AI model to score life and health insurance applicants checks Annex III, identifies the credit and risk assessment categories that apply and registers the system in the EU database before placing it on the market.
This definition is maintained by Moweb partners and used in live client engagements. For how Annex III applies to your estate, or to challenge a working definition, speak to a partner.