High-risk use cases under EU AI Act

High-risk use cases under the EU AI Act refer to specific applications of AI systems that pose significant risks to fundamental rights, safety, or well-being. These are clearly defined in Annex III of the EU AI Act and are subject to strict obligations before entering the European market.

This subject matters because failing to comply with high-risk AI requirements can lead to regulatory penalties, reputational harm, and blocked market access. For AI governance and compliance teams, understanding high-risk use cases is critical for building responsible systems and staying compliant with the EU AI Act.

“71% of high-risk AI systems evaluated lacked proper documentation or risk controls in early assessments under the EU AI Act pilot audits”
EU Agency for Fundamental Rights, 2023

What counts as high-risk under the EU AI Act

High-risk AI systems are those that may affect people’s rights, freedoms, or safety. The Act categorizes them into use cases such as biometric identification, education, employment, essential public services, and law enforcement. These systems must go through conformity assessments and meet strict transparency, accountability, and data quality requirements.

Examples include:

  • AI used in hiring to screen CVs or rank candidates

  • Biometric systems used for identity verification or emotion detection in public spaces

  • AI determining eligibility for loans, social benefits, or immigration status

  • Risk assessment tools in criminal justice systems

Each of these examples directly impacts individuals and is therefore regulated with extra care.

Real-world example

A European recruitment company used an AI system to score job applicants based on video interviews. The system flagged applicants based on speech cadence and facial expressions. After complaints about unfair treatment, the system was investigated and flagged as high-risk. The company had to revise the tool to include human oversight and document the model’s decision process, as required under the AI Act.

Best practices for managing high-risk AI use

Understanding and managing high-risk use cases is essential for any organization aiming to stay compliant. While each system is unique, several common practices help reduce regulatory risk and improve system trustworthiness.

Best practices include:

  • Conduct a risk classification early: Determine if your AI system fits into the EU AI Act’s Annex III categories

  • Perform a conformity assessment: Review technical documentation, testing, and risk management plans

  • Maintain high-quality training data: Ensure that datasets are relevant, representative, and free from discriminatory biases

  • Document decisions and traceability: Keep clear records of how the AI system operates and how decisions are made

  • Design for human oversight: Build systems that allow human intervention in critical decision points

  • Use recognized standards: Follow frameworks such as ISO/IEC 42001 for AI management systems

Tools and support available

Companies can use available toolkits and templates from public institutions to assess their systems. For instance, the European Commission’s AI Act Sandbox supports companies in testing AI systems in a safe legal environment. In addition, national authorities may release implementation guidance as enforcement progresses.

Also, organizations like OECD AI Policy Observatory and Future of Life Institute offer helpful policy trackers and regulatory summaries.

FAQ

What is the penalty for non-compliance?

Non-compliance with high-risk requirements can result in fines up to €30 million or 6 percent of global annual turnover, whichever is higher.

Can a system become high-risk after deployment?

Yes. If the system’s functionality or context changes, it may be reclassified. Organizations must perform ongoing risk monitoring.

What if my AI system is used in multiple categories?

The most stringent risk level applies. For example, if your system touches both education and biometric identification, it will be treated as high-risk.

Do open-source systems count as high-risk?

If an open-source model is integrated into a product or service that falls under Annex III, it can be subject to high-risk classification depending on its use.

Summary

High-risk AI use cases under the EU AI Act are tightly regulated to protect fundamental rights and safety. Any AI system that affects hiring, public benefits, education, or similar domains must follow strict rules. Compliance teams must classify systems early, document operations, and maintain data quality. Following standards and using public tools helps reduce regulatory risk while supporting trust and transparency.

Disclaimer

We would like to inform you that the contents of our website (including any legal contributions) are for non-binding informational purposes only and does not in any way constitute legal advice. The content of this information cannot and is not intended to replace individual and binding legal advice from e.g. a lawyer that addresses your specific situation. In this respect, all information provided is without guarantee of correctness, completeness and up-to-dateness.

VerifyWise is an open-source AI governance platform designed to help businesses use the power of AI safely and responsibly. Our platform ensures compliance and robust AI management without compromising on security.

© VerifyWise - made with ❤️ in Toronto 🇨🇦