Article 6 EU AI Act: Is Your AI System High-Risk? (With Free Classifier)

TL;DR — Article 6 of the EU AI Act decides whether your AI system is "high-risk." High-risk = €15M penalties for non-compliance and ~80 hours of documentation work per system. Most SaaS companies fear they're high-risk and turn out not to be. This article walks through the 8 Annex III categories with SaaS-relevant examples, explains the Article 6(3) carve-out that keeps many systems out of high-risk, and gives you a free 5-minute interactive classifier you can run today. Run the free classifier here →

If you ship AI features in your SaaS, the most consequential question for your compliance work in 2026 is this: is my AI system high-risk under the EU AI Act?

The answer determines whether you spend 4 hours documenting transparency notices or 800 hours building a quality management system, conformity assessment, and post-market surveillance plan. The penalties for misclassification go up to €15M or 3% of global annual turnover (Article 99). And misclassification is common — both directions.

This article is the most-asked question I get from EU SaaS founders. Let's resolve it.

The plain-English rule

Article 6 says an AI system is high-risk if either of two things is true:

1. Article 6(1) — The system is a safety component of a product covered by EU harmonisation legislation listed in Annex I, AND that product requires third-party conformity assessment. (Examples: medical devices, machinery, toys, marine equipment.)

2. Article 6(2) — The system performs one of the functions listed in Annex III. (8 categories below.)

If neither (1) nor (2) is true, your system is not high-risk. End of analysis.

If (2) is true, there is an exit door at Article 6(3): the system may exit high-risk if it performs a "narrow procedural task" or "improves previous human work" without replacing it. We'll cover this carefully — it's where most SaaS systems actually exit.

For most SaaS, Article 6(1) is irrelevant. Skip straight to the Annex III analysis.

Annex III — the 8 high-risk categories with SaaS examples

Annex III lists 8 categories. The wording matters; I'll quote it where the wording is decisive.

Category 1 — Biometric ID and categorisation of natural persons

Covers: real-time and post-event biometric identification systems, biometric categorisation by sensitive attributes (race, political opinions, sexual orientation), emotion recognition.

SaaS examples that ARE high-risk: - A workforce app using face recognition to clock-in employees - A customer support tool inferring customer emotions from voice or video to route calls - A sales tool inferring sentiment from sales calls to score prospect interest

SaaS examples that are NOT high-risk: - A photo organiser tagging "this looks like a face" without identifying who - A meeting transcription tool that does not infer emotion or sensitive attributes

Category 2 — Critical infrastructure

Covers: AI used as safety components in road traffic, water, gas, electricity, digital infrastructure.

SaaS examples: extremely rare. If you're a SaaS company and unsure whether you fall here, you don't.

Category 3 — Education and vocational training

Covers: AI determining access to educational institutions, AI evaluating learning outcomes, AI monitoring or detecting prohibited behaviour during tests.

SaaS examples that ARE high-risk: - An ed-tech platform that grades essays and the grade affects student progression - A proctoring tool that flags suspected cheating - An adjudication tool deciding admission to a programme

SaaS examples that are NOT high-risk: - A practice-quiz tool that gives feedback but doesn't affect formal evaluation - A flashcard app that personalises content

Category 4 — Employment, workers management, and access to self-employment

Covers: AI for recruitment (especially CV filtering), evaluation of candidates, promotion/termination decisions, task allocation, performance monitoring.

SaaS examples that ARE high-risk: - An ATS (applicant tracking system) that ranks or filters CVs - A video interview tool that scores candidates - An HR platform that detects "flight risk" or recommends performance management actions - A gig-economy platform that allocates tasks based on AI scoring

SaaS examples that are NOT high-risk: - An HR platform that doesn't score candidates — just stores CVs - A scheduling tool that allocates tasks based on availability, not performance scoring - An onboarding tool that personalises welcome content

This is the #1 sneaky high-risk category for SaaS. If your product touches hiring or performance in any AI-assisted way, treat as high-risk by default until proven otherwise.

Category 5 — Access to and enjoyment of essential private services and essential public services and benefits

Covers: AI used by public authorities to evaluate eligibility for benefits, credit scoring, insurance pricing, emergency dispatch.

SaaS examples that ARE high-risk: - A fintech tool computing credit scores or loan-approval probabilities - An insurtech tool pricing health insurance premiums - A claims-processing tool deciding insurance payouts

SaaS examples that are NOT high-risk: - A B2B SaaS billing tool — not "essential services to natural persons" - An expense management tool — not credit scoring

Category 6 — Law enforcement

Covers: AI for risk assessment of natural persons (likelihood of (re)offending), polygraphs, evidence reliability assessment, profiling.

SaaS examples: extremely rare unless you sell to law enforcement. If you do, you know.

Category 7 — Migration, asylum, and border control management

Covers: AI used by competent authorities for risk assessment of natural persons entering the EU, polygraphs, examination of asylum/visa applications.

SaaS examples: rare unless you sell to government immigration authorities.

Category 8 — Administration of justice and democratic processes

Covers: AI assisting judicial authorities in researching/interpreting facts, applying law, dispute resolution. AI influencing elections.

SaaS examples that ARE high-risk: - A legal-tech tool a judge uses to determine case outcomes (very narrow) - An AI that influences voters in elections

SaaS examples that are NOT high-risk: - A legal research SaaS used by lawyers (the lawyer applies the law, not the AI) - A contract-review tool

The Article 6(3) carve-out — the exit door

Here's where most SaaS systems actually exit high-risk classification, even after triggering Annex III.

Article 6(3) says: even if your system falls under Annex III, it shall not be considered high-risk if one or more of the following four conditions is met:

(a) the AI system is intended to perform a narrow procedural task; (b) the AI system is intended to improve the result of a previously completed human activity; (c) the AI system is intended to detect decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence the previously completed human assessment, without proper human review; (d) the AI system is intended to perform a preparatory task to an assessment relevant for the purposes of the use cases listed in Annex III.

Critical caveat (Article 6(3) second paragraph): even if (a)–(d) apply, your system is back in high-risk territory if it performs profiling of natural persons. Profiling = automated processing of personal data to evaluate personal aspects (work performance, economic situation, health, preferences, location, behaviour).

How the carve-out applies to common SaaS patterns

Pattern 1: AI summarises CVs but doesn't score them - Annex III? Yes (Category 4 — employment). - Article 6(3) exit? Yes — (a) narrow procedural task (summarisation) and (d) preparatory task (preparing CV content for human review). - Profiling? No — it's not evaluating personal aspects to make a decision. - Verdict: not high-risk. Limited-risk transparency obligations apply.

Pattern 2: AI scores CVs and ranks candidates - Annex III? Yes. - Article 6(3) exit? No — scoring is not narrow procedural; it's evaluative. - Profiling? Yes — evaluating personal aspects (qualifications, fit). - Verdict: high-risk. Full obligations.

Pattern 3: AI suggests interview questions based on the job description - Annex III? Yes (Category 4 — touches hiring). - Article 6(3) exit? Yes — (a) narrow procedural task and (d) preparatory. - Profiling? No — operates on the job description, not on candidates. - Verdict: not high-risk.

Pattern 4: AI grades student essays - Annex III? Yes (Category 3 — education). - Article 6(3) exit? Depends — if the grade affects progression and the AI replaces a human grader, no exit. If the AI provides feedback that a human teacher reviews and adjusts, exit (c) applies (deviation detection with human review). - Profiling? Yes — evaluating learning outcomes is personal-aspect evaluation. - Verdict: high-risk if AI-decisive; not high-risk if human-decisive with documented review.

Pattern 5: AI summarises customer support tickets - Annex III? No — customer support isn't in any Annex III category. - Verdict: not high-risk. Limited-risk obligations apply (transparency).

The 6-question decision tree

Use this in order. Stop at the first "yes."

1. Is the system a safety component of a product covered by EU harmonisation law (Annex I)? → Yes = high-risk under Article 6(1). Stop.

2. Does the system perform any function listed in Annex III categories 1–8? → No = not high-risk. Stop. → Yes = continue.

3. Does the system perform only a narrow procedural task (formatting, summarising, search, classification of inputs by predefined criteria)? → Yes = candidate for Article 6(3)(a) exit. Continue to Q5. → No = continue to Q4.

4. Is the system preparing inputs for a human decision-maker, where the human makes the final assessment? → Yes = candidate for Article 6(3)(b)/(c)/(d) exit. Continue to Q5. → No = high-risk. Stop.

5. Does the system perform profiling of natural persons (automated evaluation of personal aspects)? → Yes = profiling exception applies. High-risk regardless of (3)(a)–(d) exit attempts. Stop. → No = continue to Q6.

6. Document the classification in writing, with reasoning, and treat as not high-risk.

Penalty exposure

Article 99 sets the penalty matrix:

Violation	Penalty cap
Prohibited practices (Article 5)	€35M or 7% of global annual turnover
Other obligations (incl. high-risk non-compliance)	€15M or 3%
Incorrect/incomplete information to authorities	€7.5M or 1%

Member states designate national supervisory authorities. France's CNIL and Germany's federal-state data protection authorities have indicated active enforcement intent. Don't bet on first-year leniency — by Q4 2026, enforcement will be visible.

What changes if you're high-risk

If your final verdict is high-risk, here's what 2026–2027 looks like for you:

• Risk management system (Article 9) — documented, iterative, throughout the lifecycle
• Data governance (Article 10) — training data quality, bias testing, lineage
• Technical documentation (Article 11) — substantial; Annex IV gives the structure
• Logging (Article 12) — automated event logs throughout the lifecycle
• Transparency to users (Article 13) — clear, comprehensive instructions
• Human oversight (Article 14) — designed-in oversight measures
• Accuracy, robustness, cybersecurity (Article 15) — technical specs
• Quality management system (Article 17) — provider-level
• Conformity assessment (Article 43) — internal or third-party
• CE marking and Declaration of Conformity (Articles 47, 48)
• Registration in the EU database (Article 49)
• Post-market monitoring (Article 72) — ongoing

Estimated effort for a 50-person SaaS classifying as high-risk: 400–800 hours of compliance work, 60–120 hours of legal review, €15k–€40k in third-party conformity assessment costs (if applicable).

For limited-risk systems, the equivalent is ~30–60 hours of work, 0 third-party costs.

The classification matters. Get it right.

The free 5-minute classifier

Rather than copy this article into a Google Doc and walk through it manually, run the Complair Free AI Act Risk Classifier — it asks 6 questions, applies the Article 6 + Annex III + 6(3) logic above, and gives you a written classification you can:

• File in your AI register
• Hand to legal as a starting point
• Reference in your audit documentation

The classifier is free, doesn't require an account, and takes 5 minutes. Email gate at the end (optional) gets you a written PDF report.

Run the free classifier →

What to do this week

1. List every AI system in your product. Don't forget embedded vendor AI (Intercom Fin, HubSpot Breeze, Zendesk Resolution Bot — these are AI systems you're a Deployer of).
2. Run each through the classifier. Save the output.
3. For any that come back high-risk, escalate to legal. This is not a self-serve answer.
4. For any that come back limited-risk, file the classification in your AI register and move on to transparency obligations under Article 50.
5. Re-run quarterly or whenever a system materially changes.

How Complair fits

The free classifier is a slice of what Complair does. The full product:

• Inventories every AI system (manual + connector-based)
• Classifies each system against Article 6 + Annex III with reasoning
• Generates the technical documentation (Annex IV structure) for high-risk systems
• Tracks ongoing obligations (post-market monitoring, logging, human oversight checkpoints)
• Handles the buyer-side: AI-specific questions in CAIQ-Lite, SIG, custom enterprise questionnaires
• Handles the vendor-side: outbound AI vendor due diligence

Free tier covers up to 5 AI systems. Sign up — no credit card needed.

Design partner program: first 10 EU SaaS teams get free Scale tier for 6 months.

FAQ

Q: Does the AI Act apply if my company is based outside the EU? Yes, if the AI system's output is used in the EU. Article 2 has extraterritorial reach.

Q: What if I'm not sure whether my system is high-risk? Run the free classifier. If it returns "unclear," consult legal. The risk of getting this wrong is too high to wing it.

Q: Can my system be high-risk in some uses and not others? Yes. Same model, different deployment context, different classification. Document each use case separately.

Q: What if I'm a Deployer of someone else's AI? You have lighter obligations than Providers, but if you deploy a high-risk system, Article 26 still requires significant controls. The classification of the underlying system (high-risk or not) determines your obligations.

Q: What's the difference between "high-risk" and Article 50 transparency? Article 50 covers limited-risk transparency obligations (chatbots, deepfakes, AI-generated content). It applies regardless of high-risk status. So a high-risk system that interacts with humans needs both Article 50 transparency AND high-risk obligations. A limited-risk chatbot needs Article 50 only.

Q: When does Article 6 enforcement begin? 2 August 2026 for most cases. Some Annex III categories tied to regulated products (Annex I) are 2 August 2027.

Q: Does GPAI (general-purpose AI) classification interact with Article 6? Yes. GPAI obligations under Articles 51–55 are separate. A GPAI model can be used in a high-risk system (then both apply) or a limited-risk system (then only GPAI Provider obligations apply to the model itself, not the deployment).