← Learn
Definition7 min read

What is an EU AI Act high-risk system?

Short definition

A high-risk AI system under Regulation (EU) 2024/1689 is one whose deployment falls into the use-cases listed in Annex III (incl. critical infrastructure security, biometrics, education, employment, law enforcement, justice) and which is therefore subject to the technical-documentation, risk-management, human-oversight and post-market-monitoring obligations of Title III, Chapter 2 (Articles 9-19).

Why this matters now

The AI Act began phased application in 2025, with high-risk obligations becoming enforceable in stages through 2026-2027. For any EU operator deploying or procuring AI-powered security tools, the high-risk classification is no longer an academic question — procurement, internal audit and the competent national authority all expect documentary evidence that the obligations are met.

Key points

  • High-risk classification is by use-case (Annex III), not by model architecture.
  • Critical infrastructure security (energy, water, transport, healthcare) is in scope.
  • Mandatory: risk management system, technical documentation, logging, human oversight, accuracy/robustness, post-market monitoring (Arts. 9-15, 17, 72).
  • Kill-switch and meaningful human oversight (Art. 14) are binding, not advisory.
  • Providers and deployers have distinct obligations; both can face administrative fines.
  • Documentation must be ready before market placement — retrofitting after the fact is not the regulatory model.

How do I know if my AI system is in scope?

The AI Act applies a use-case-based classification. An AI system is high-risk if it is intended to be used as a safety component of a product covered by EU harmonisation legislation listed in Annex I, OR if its intended use falls into one of the categories listed in Annex III: biometrics, critical infrastructure, education and vocational training, employment, access to essential services, law enforcement, migration/asylum/border control, administration of justice.

For cyber security: an AI system that "is intended to be used as a safety component in the management and operation of critical digital infrastructure" falls within Annex III(2) and is therefore high-risk by default. This pulls in autonomous offensive tooling deployed against critical infrastructure operators.

The documentation obligations (Articles 9-19)

A high-risk system requires:

  • Art. 9 risk management system — continuous, documented, covering the full lifecycle.
  • Art. 10 data governance — training/validation/test data quality, bias evaluation, traceability.
  • Art. 11 technical documentation — capability description, system architecture, training methodology, performance metrics, known limitations.
  • Art. 12 logging — automatic logging of events relevant to risk and to post-market monitoring.
  • Art. 13 transparency — operating instructions sufficient for the deployer to use the system responsibly.
  • Art. 14 human oversight — meaningful human-in-the-loop, kill-switch, capacity to override.
  • Art. 15 accuracy, robustness, cybersecurity — declared, measurable, tested.
  • Art. 17 quality management system — for the provider.
  • Art. 72 post-market monitoring — incident reporting, performance tracking.

In practice, all of these need to exist as written artefacts, not as informal practices.

Provider vs deployer obligations

The Act distinguishes between providers (those who put the system on the market) and deployers (those who use it under their own authority).

  • Providers carry the bulk of the technical-documentation, risk-management and conformity-assessment burden.
  • Deployers are responsible for using the system in line with the instructions, maintaining meaningful human oversight, monitoring operation, and reporting serious incidents.

If you procure an AI security tool, you become its deployer. Procurement due-diligence should now include reviewing the provider's Article 11 technical documentation, the Article 14 oversight mechanisms, and the Article 15 accuracy/robustness/cybersecurity declarations.

What this means for procurement of AI security tools

Two practical shifts:

  1. Procurement asks for the AI Act technical documentation as a baseline. Vendors that cannot produce it are increasingly disqualified before commercial evaluation.
  1. Deployer-side internal controls must demonstrate meaningful human oversight (kill-switch, audit trail of override events) and serious-incident reporting capability. This is documentation-heavy and tends to surface during the first internal audit cycle.

The practical implication: AI security tooling that exposes per-action signed evidence, a kill-switch on every campaign, and post-market telemetry hooks is procurement-friendly. Tooling that is opaque is increasingly hard to deploy in an AI Act-aware org.

Goes deeper

Want this against your environment?

Book a 30-minute scoping call — we will map this directly to your current compliance scope and threat profile.

Request a demoBrowse use cases
← Back to Home