Risk classification sounds like a lawyer's job. It isn't — it's an architecture decision with a legal label, and if you're the one building the system, you're the one who has to get it right first. The good news: the AI Act gives you an actual decision procedure, not a vibe. The bad news: most teams skip it, guess "probably fine," and find out otherwise the week before launch.

So here's the exercise we run on every AI build, done out loud on a use case we see constantly: a recruitment agency wants an assistant that ingests incoming CVs and shortlists the best candidates for a role. Follow along — the same four checks work on your project.

First, the four buckets — and why they stack

The Act sorts AI into four risk levels: prohibited (banned outright), high-risk (heavy obligations before you ship), limited-risk (transparency duties only), and minimal-risk (no mandatory rules). The trap is treating this as one question. It's really four independent checks that stack: prohibited practices (Article 5), high-risk (Article 6 plus Annex III), transparency (Article 50), and separate duties for GPAI providers. A system can clear one check and be caught by another. You run all four.

Walking the CV screener through it

Check 1 — Is it prohibited? (Article 5)

Start at the top, because if it's banned nothing else matters. The Article 5 list includes social scoring, manipulative systems, untargeted face-scraping, and — relevant here — emotion recognition in the workplace. Our CV screener reads text and ranks candidates; it doesn't infer emotions from a webcam. Not prohibited. But note how close the line is: add "analyse the candidate's video interview for enthusiasm" and you'd have just walked into a banned practice.

Check 2 — Is it high-risk? (Article 6 + Annex III)

This is where our use case lands hard. Annex III lists eight high-risk areas, and area 4 is employment and worker management — explicitly including AI "intended to be used for recruitment or selection, in particular to filter applications and evaluate candidates." A tool that shortlists CVs is a textbook Annex III system. Provisionally: high-risk.

The model you pick doesn't set the risk class. The same LLM is harmless in a copywriter and high-risk the moment it ranks a human being.

Check 3 — Does the exception rescue us? (Article 6(3))

Annex III isn't automatically the end. Article 6(3) says a listed system is not high-risk if it "does not pose a significant risk of harm… including by not materially influencing the outcome of decision making." It's meant for genuinely peripheral uses: a narrow procedural task, or a preparatory step, or improving the result of work a human already finished.

Could our screener qualify? Only if we redesign it. A tool that ranks or scores candidates is materially influencing a hiring decision — and worse, it's profiling a natural person, which the Act says always keeps the system high-risk with no exception available. So the version the client asked for stays high-risk. A different version — one that only extracts structured fields (years of experience, languages) and leaves every judgement to the recruiter — might qualify for the exception. Same project, two designs, two legal outcomes.

And here's the part teams miss: claiming the exception is itself a compliance act. If you conclude your Annex III system isn't high-risk, you must document that assessment before it goes live. "We decided it was fine" is not documentation.

Check 4 — The transparency duty applies regardless (Article 50)

Even if a system escapes high-risk, Article 50 still bites: candidates interacting with the AI, or receiving AI-generated communication, must be told. Transparency is a separate, lighter obligation that lands on almost every client-facing AI — and unlike the high-risk rules, it's already in force from 2 August 2026.

And one more question — what's your role?

The obligations attach to a role, not just a system. If you build the screener and it ships to market under your name, you're likely the provider and you carry the heavy load. If your client runs it under their brand and you're the contractor, they're the deployer and the split changes. Settle this before you quote — it decides who owns the paperwork.

What "high-risk" actually costs you to build

If the answer is high-risk, this is the work you're signing up for — and why it belongs in the estimate, not a footnote:

  • A documented risk-management system and data-governance measures (including bias checks on the training and reference data).
  • Technical documentation and automatic logging of the system's operation.
  • Built-in human oversight — a real point where a person can review and override, not a rubber stamp.
  • Demonstrated accuracy and robustness, a conformity assessment, and registration in the EU database before launch.

None of this is exotic engineering. All of it is 10× cheaper designed in than retrofitted into a live system — which is the whole argument for classifying before you build.

The timeline, so nobody panics or relaxes

Dates matter here and they moved recently. The Digital Omnibus agreed in May 2026 pushed the Annex III high-risk obligations from August 2026 to 2 December 2027. But the transparency duties land on 2 August 2026, the prohibitions have applied since February 2025, and the GDPR applies today. So: the CV screener's heavy obligations have breathing room, everything around them doesn't, and none of it changes the fact that the cheapest time to build oversight in is now.

FAQ

Does calling an LLM API make our AI high-risk?

No — the model doesn't decide the risk class, the use case does. The same model is minimal-risk in a marketing copywriter and high-risk in a CV screener. Classify by what the system is used for under Annex III, not by which model sits underneath.

Our Annex III system barely influences the decision — are we off the hook?

Possibly, under the Article 6(3) exception, if it only does a narrow procedural or preparatory task and doesn't materially influence the outcome. But you must document that assessment before going live, and the exception never applies if the system profiles people. Ranking or scoring candidates is profiling.

High-risk obligations don't apply until December 2027 — can we wait?

The Digital Omnibus moved the Annex III deadline to 2 December 2027, but transparency duties still land on 2 August 2026 and the GDPR applies today. Logging, oversight and documentation cost far more to retrofit than to design in, so we build to the bar now and treat the delay as breathing room, not a holiday.

Who carries the high-risk obligations — us or the client?

It depends on your role. Build a system that ships under your name and you're likely the provider, carrying the heavy obligations. If your client operates it under their name, they're the deployer and you're a contractor. Settle this per use case before quoting — it changes who owns the paperwork.

Is a risk classification a one-time exercise?

No. A classification is tied to a specific use case and design. Add candidate ranking to a tool that only summarised CVs, or point a support bot at a new high-stakes workflow, and the class can flip. Re-run the check whenever the purpose materially changes.

Sources: EU AI Act, Article 6 — classification rules for high-risk AI · Annex III — high-risk use cases · Council of the EU, Digital Omnibus agreement (7 May 2026) · Lewis Silkin, guidance on classifying high-risk AI systems. We're engineers, not your legal counsel — for sign-off, loop in your client's DPO and lawyers.

Stuck on whether a client's build is high-risk? Plan a call — we'll run the classification with you, white-label.