The EU AI Act creates a tiered risk classification for AI systems. At the top — below only prohibited AI systems — are "high-risk" AI systems listed in Annex III. These face the strictest compliance obligations before they can operate in the EU.
If you are deploying autonomous AI agents in finance, regulated services, or infrastructure, there is a reasonable chance your system qualifies as high-risk under Annex III. This post explains the classification, the obligations, and what compliance looks like in practice.
The Eight Annex III Categories
Annex III of the EU AI Act defines eight categories of high-risk AI:
1. Biometrics — remote identification, categorisation, emotion recognition systems
2. Critical infrastructure management — AI managing roads, water, gas, electricity, or internet infrastructure
3. Education and vocational training — systems that determine access, outcomes, or evaluation in education
4. Employment, workers management, and access to self-employment — CV screening, performance monitoring, promotion decisions
5. Access to and enjoyment of essential private services and public services — credit scoring, insurance risk, social benefits, housing, emergency services dispatch
6. Law enforcement — profiling, evidence assessment, crime prediction, polygraph systems
7. Migration, asylum, and border control management — visa assessment, asylum processing, border surveillance
8. Administration of justice and democratic processes — court decision support, dispute resolution, electoral systems
Category 5 and Finance: What Qualifies?
For regulated AI in financial services, Category 5 is the primary concern. Point 5(b) of Annex III covers AI systems used to evaluate creditworthiness and establish credit scores, or that make decisions related to access to financial products and services.
This includes:
— Credit scoring models that determine loan eligibility or terms
— Insurance pricing algorithms that affect product access or premium levels
— Algorithmic trading systems that make autonomous execution decisions affecting client portfolios
— KYC/AML AI systems that make identity verification decisions affecting account access
It does not include internal analytics tools that inform but do not determine outcomes, or recommendation systems without binding authority.
The Compliance Obligations: Articles 9–15
High-risk AI systems must comply with Articles 9 through 15 of the EU AI Act before deployment:
Article 9 (Risk Management): Establish, implement, document, and maintain a risk management system throughout the system's lifecycle. Identify risks, estimate residual risks after mitigation, and review after incidents.
Article 10 (Data Governance): Ensure training, validation, and testing data is relevant, representative, free from errors, and appropriate for the geographic and behavioural context. Document data sources and any bias assessments.
Article 11 (Technical Documentation): Prepare documentation covering system design, development process, risk management, human oversight measures, and post-deployment monitoring. This must be available to supervisory authorities on request.
Article 12 (Record-Keeping): Automatically log events throughout operation. Logs must allow reconstruction of any given output from the corresponding input. Retention periods depend on system type (typically 5–10 years for financial applications).
Article 13 (Transparency): Design the system so operators can understand its capabilities and limitations. Instructions for use must include performance metrics, known limitations, and human oversight contact information.
Article 14 (Human Oversight): Ensure humans can monitor operation, detect anomalies, intervene, and override. High-authority systems require defined intervention points — not just the theoretical ability to turn the system off.
Article 15 (Accuracy, Robustness, Cybersecurity): Meet appropriate levels of accuracy; be resilient against errors, adversarial inputs (including prompt injection), and third-party attacks.
What Changes in 2026
The EU AI Act's high-risk provisions apply to AI systems placed on the EU market or put into service after the relevant implementation date. For Annex III systems in financial services, the obligations are in force now.
Key dates:
— August 2024: EU AI Act entered into force
— February 2025: Prohibited AI systems provisions applied
— August 2025: GPAI model provisions applied
— August 2026: High-risk AI system obligations (Articles 9–15) apply to new systems
— August 2027: Obligations apply to existing systems already on the market
Systems deployed after August 2026 that qualify as Annex III high-risk must comply with Articles 9–15 at launch, not at a future date.
Self-Assessment vs. Third-Party Conformity Assessment
Annex III systems in Category 5 (finance/essential services) do not require a third-party notified body for conformity assessment — self-assessment is permitted. This is different from Categories 1 and 6 (biometrics and law enforcement), which require notified body involvement.
Self-assessment means the provider prepares the technical documentation (Article 11), conducts the conformity assessment, and signs an EU Declaration of Conformity before placing the system on the market. The Declaration must be available to supervisory authorities on request.
After conformity assessment, the system must be registered in the EU AI Act public database managed by the European AI Office.
Enforcement Penalties
Non-compliance with Annex III obligations carries fines of up to €15 million or 3% of global annual turnover (whichever is higher) for obligations under Articles 9–15. Non-compliance with prohibited AI or Annex III classification itself carries up to €35 million or 7% of turnover.
For SMEs and startups, the lower of the absolute amount or the turnover percentage applies.
Practical Starting Point
If you are deploying an AI agent in a financial services context and are not sure whether it qualifies as Annex III high-risk, start with these questions:
Does the system produce outputs that directly determine (not just inform) access to financial products or services for individuals? If yes — it likely qualifies.
Does the system execute autonomous trades or financial decisions without per-transaction human approval? If yes — it likely qualifies.
Does the system make identity verification decisions that determine account access? If yes — it likely qualifies.
If your system qualifies, the priority is Article 9 (risk management documentation) and Article 12 (automatic logging) — these are the foundation everything else builds on. Kakunin's audit log and compliance report export address both directly.