EU AI Act Article 6: How UK Organisations Classify High-Risk AI Systems Before the August 2026 Deadline
Article 6 is the gateway test of the EU AI Act. It decides whether an AI system carries the full weight of the high-risk compliance regime or sits in a lighter tier with minimal obligations. Get the classification right and you scope your compliance programme accurately. Get it wrong and you either over-engineer controls you never needed or, worse, miss the documentation, conformity assessment and registration duties that attach to high-risk systems.
UK organisations are not exempt. If you place an AI system on the EU market, or your system affects people inside the EU, you fall within scope regardless of Brexit. For most high-risk systems the obligations begin to apply in August 2026, and a defensible classification decision takes longer to assemble than most teams expect. This article walks through how Article 6 works, what Annex III covers and what evidence an auditor will want to see. It is general guidance, not legal advice; take advice on your specific systems.
Why Article 6 is the gateway test for high-risk classification
The EU AI Act sorts systems into four risk tiers, and Article 6 governs the boundary that matters most: whether a system is high-risk. The full regime of conformity assessment, technical documentation, human oversight, logging and post-market monitoring only attaches to systems that clear this test.
The four tiers are unacceptable, high, limited and minimal risk. Unacceptable-risk systems are prohibited outright. High-risk systems carry strict conformity and documentation duties. Limited-risk systems need only transparency disclosures, and minimal-risk systems carry no specific obligations. Most of your AI estate will sit in the lower two tiers, which is precisely why classification matters. You need to know which handful of systems pull you into the demanding regime so you can concentrate effort there.
The practical consequence is that classification is the first thing to do, not the last. Teams that defer it until the build is finished discover obligations that should have shaped the design.
The two-limb structure: Annex I product safety vs Annex III use cases
Article 6 applies a two-limb test, and a system is high-risk if it satisfies either limb.
The first limb covers Annex I. A system is high-risk if it functions as a safety component of a product, or is itself a product, already covered by the EU’s existing product safety legislation listed in Annex I. This catches AI embedded in medical devices, machinery, lifts, toys and similar regulated products. If your AI makes a decision that affects the safety of one of these products and that product must undergo third-party conformity assessment, the AI inherits high-risk status. Note that Annex I product-safety systems, including medical devices, follow a deferred application date of August 2027 rather than August 2026.
The second limb covers Annex III. A system is high-risk if its intended purpose falls within one of the eight categories listed there, even when no product safety legislation applies. This is the limb most software and services firms need to study, because it captures standalone AI used in hiring, credit, public services and similar contexts.
The test turns on intended purpose, not theoretical capability. You assess what the system is designed and marketed to do, the context it operates in and who it affects.
Annex III’s eight high-risk categories with UK examples
Annex III lists eight categories of high-risk use case. A UK organisation should map each of its in-scope systems against this list as the core of the classification exercise.
- Biometric identification. Remote biometric identification, categorisation and emotion recognition. A UK retailer deploying facial recognition for loss prevention across EU stores would fall here.
- Critical infrastructure. AI managing the safety of road traffic, water, gas, heating or electricity supply. A utility using AI to balance grid load is in scope.
- Education and vocational training. Systems determining admission, assessing learning outcomes or monitoring exams. A UK ed-tech firm scoring EU students sits here.
- Employment and worker management. Recruitment screening, candidate evaluation, promotion and task allocation. A UK firm using AI to sift applications from EU candidates is covered.
- Access to essential services. Credit scoring, eligibility for public benefits and risk assessment in life and health insurance. A lender using AI to score EU applicants falls here.
- Law enforcement. Risk assessment of offending, evidence evaluation and profiling. Relevant to firms supplying tools to EU police forces.
- Migration and border control. Visa and asylum assessment, and security risk screening at borders.
- Administration of justice and democratic processes. AI assisting judicial decisions or influencing elections.
Many UK organisations will land in the employment, credit and education categories without realising it, because the affected individuals are in the EU even when the organisation is not.
Article 6(3) derogations and what passes muster
Falling within an Annex III category does not automatically make a system high-risk. Article 6(3) provides a derogation: a system listed under Annex III is not high-risk if it does not pose a significant risk of harm to the health, safety or fundamental rights of people, including by not materially influencing the outcome of decision-making.
The derogation applies in defined situations. These include systems intended to perform a narrow procedural task, systems that improve the result of a previously completed human activity, systems that detect decision-making patterns without replacing or influencing the human assessment, and systems performing a preparatory task to an assessment. The principle is that the AI must not be the thing that decides.
What passes muster is a documented, reasoned assessment showing why the derogation applies. A bare assertion that the human makes the final call does not. You need to demonstrate that the human review is genuine rather than a rubber stamp, that the system’s output is preparatory or procedural and that no material influence flows to the outcome. Article 6(3) further provides that a system performing profiling of natural persons is treated as high-risk, so the derogation will not assist you there; verify the position for your system against the final Regulation text.
Documented evidence auditors actually want
A classification decision is only as strong as the evidence behind it. Auditors and notified bodies want to see the working, not the conclusion.
At minimum, assemble a classification record for each in-scope system that captures the intended purpose as designed and marketed, the deployment context and affected populations, the Annex I and Annex III analysis with the specific category identified or excluded and the Article 6(3) derogation assessment where relevant. Date the record, name the decision owner and reference the version of the system assessed.
The reason for this rigour is that classification is a decision you may have to defend years later, possibly against a system that has changed since you assessed it. Treat the classification record as a living document tied to your change management process, so that a material change to intended purpose triggers a reassessment rather than a silent drift out of compliance.
Conformity assessment readiness against August 2026
For systems confirmed as high-risk, classification is the start. The next step is conformity assessment, and readiness for it should be built into your timeline now rather than approached as a final gate.
Most high-risk systems follow an internal conformity assessment based on your own control of the technical documentation. A notified body is required principally for the biometric identification category under Annex III point 1, with third-party involvement turning on the specific category rather than being discretionary. Either route depends on having the underlying compliance artefacts in place: technical documentation, a risk management system, data governance records, human oversight measures and logging. None of these can be assembled overnight.
Working back from August 2026, classify your estate first, confirm the conformity route for each high-risk system second and begin building the documentation set third. Organisations that leave conformity readiness until the deadline approaches will find the work cannot be compressed into the time remaining.
What clients ask us about Article 6 classification
What happens if we get classification wrong?
Misclassifying a high-risk system as lower-risk exposes you to enforcement. Under Article 99 of the Regulation, the most serious infringements can attract fines of up to 35 million euro or 7 percent of global annual turnover, subject to enforcement by national authorities. You also face retrospective remediation: building conformity documentation under time pressure and potentially withdrawing the system until it complies. A documented, reasoned classification is your primary defence.
Does Brexit change anything if we sell into the EU?
No. The EU AI Act applies based on where the system is placed on the market and where affected people are located, not where the provider is established. A UK organisation placing an AI system on the EU market is in scope much as an EU provider would be, and extra-territorial providers must also appoint an EU authorised representative under Article 22. Brexit offers no exemption here.
Can SMEs use a simpler classification process?
The Act provides certain proportionate measures and reduced fees for SMEs in places, but the classification test itself does not change. A small organisation applies the same Article 6 two-limb analysis as a large one. The substance of the decision, and the evidence behind it, must be the same regardless of organisation size.
Classification is the foundation everything else rests on, and it takes longer to do defensibly than the deadline makes comfortable. For the wider compliance picture ahead of August 2026, see our EU AI Act preparedness guide, or book a high-risk classification review with our team.