EU AI Act Annex III: High-Risk Check for Local AI

English 5 min read
eu-ai-act compliance local-llm

On 19 May 2026, the European Commission published draft guidelines on how to classify AI systems as high-risk under Annex III of the EU AI Act. As Modulos AI noted on X, "the early commentary is missing the most important shift in the document" โ€” and for SMBs running local language models, that shift changes the compliance picture more than most updates since the Act entered into force.

The question every SMB operating a local LLM should be asking is not: Am I GDPR-compliant? It is: Does my system qualify as high-risk under Annex III at all โ€” and if so, what obligations follow?

What Annex III Actually Lists

Annex III of the EU AI Act defines eight sectors where AI systems can be classified as high-risk:

  1. Biometric identification and categorisation
  2. Critical infrastructure (energy, water, transport)
  3. Education and vocational training (e.g. exam grading, learning assessments)
  4. Employment and workforce management (CV screening, promotion decisions)
  5. Access to essential services (credit scoring, social benefits)
  6. Law enforcement
  7. Migration, asylum, and border control
  8. Administration of justice and democratic processes

Sector membership alone is not enough. The system must also pose a significant risk to the health, safety, or fundamental rights of an identifiable individual. This two-part test is the core of the May guidelines.

The Key Shift in the May 2026 Draft

Based on our reading of the published draft, the 19 May guidelines operationalise the term "significant risk" with testable criteria for the first time:

  • Level of autonomy: Does the system decide unilaterally and bindingly, or does a human exercise independent judgement?
  • Scope: Does the system's output affect an identifiable individual or only a broadly defined group?
  • Reversibility: Can incorrect outputs be corrected easily, without material consequences for those affected?
  • Sector specificity: Is the deployment actually within one of the eight listed sectors, or merely adjacent?

For most SMB use cases with local LLMs, these criteria are clarifying: a model that summarises internal documents or answers customer FAQs has neither high autonomy nor direct impact on identifiable individuals in sensitive life domains.

Use Cases That Are Probably NOT High-Risk

Based on our reading of the draft, the following typical SMB scenarios likely fall outside Annex III:

  • Internal document search: Ollama running Llama 3.3 or Qwen 2.5 to search contracts, SOPs, and emails using natural language โ€” no Annex III sector applies
  • Local meeting transcription: Automated speech-to-text and summarisation with a local Whisper model, with no decision-making function
  • Employee FAQ chatbot: Answers questions about leave policies, IT processes, or onboarding โ€” no risk to individual rights
  • Text summarisation and classification: Routing incoming customer queries to departments without affecting entitlements

In these scenarios, local AI is not only advantageous for data protection โ€” it also falls outside the high-risk regime entirely.

Use Cases That Require Individual Assessment

The following use cases sit in a grey zone and should be reviewed with legal counsel:

  • CV screening with automatic shortlisting: The employment sector applies; the decisive factor is whether a human exercises independent judgement or the model effectively selects candidates
  • Credit pre-screening: The essential services sector may apply; even a locally hosted model can affect fundamental rights if it gates access to credit
  • AI-assisted grading: The education sector applies if the system generates marks or recommendations that feed directly into formal records

The key point: whether the model runs locally or in the cloud is irrelevant to high-risk classification. A Mac Studio running Qwen 2.5 is not a high-risk AI system โ€” but an application running on that Mac Studio that autonomously decides on job applicants may be.

Four-Step High-Risk Assessment

This sequence is based on our reading of the draft guidelines and does not constitute individual legal advice:

Step 1 โ€” Sector mapping: Does the system's function fall within one of the eight Annex III sectors? (If no โ†’ not a high-risk system under Annex III; assessment complete.)

Step 2 โ€” Risk check: Is there a significant risk to the health, safety, or fundamental rights of identifiable individuals?

Step 3 โ€” Autonomy check: Does the system make independent decisions with legal or significant personal consequences?

Step 4 โ€” Exception check: Does Art. 6(3) of the AI Act apply? Does a human take fully independent responsibility for decisions based on the AI output, and is this documented?

If you reach a "yes" at Steps 1โ€“3 without Step 4 applying, seek legal counsel. In all other cases, you can focus on the general deployer obligations under Art. 26 โ€” which are substantially lighter and which we have covered in a separate guide.

What High-Risk Classification Means in Practice

If the assessment confirms high-risk status, Chapter III of the EU AI Act applies. For deployers โ€” meaning SMBs that embed an AI system into their own product or process โ€” this means:

  • Conformity assessment (Art. 43)
  • Technical documentation per Annex IV (Art. 11)
  • Human oversight mechanisms, documented (Art. 14)
  • Registration in the EU AI database (Art. 49)
  • Post-market monitoring and incident reporting (Arts. 72 ff.)

The compliance burden is significant. For the majority of SMBs using local models for internal workflows, this burden does not apply โ€” based on our reading of the guidelines โ€” which makes locally hosted applications considerably more attractive than cloud-based GPAI services that may carry blanket high-risk designations.

Timeline: Delayed, Not Waived

As Rรฉmy Schlich noted on X: "EU lawmakers have agreed to delay key obligations for high-risk AI systems under the EU AI Act. The revised timeline โ€” now extending to 2027โ€“2028." Enforcement deadlines for high-risk AI have shifted. That does not mean SMBs can wait.

The May 2026 guidelines make the high-risk definition legally actionable for the first time. SMBs that classify their systems now gain two advantages: they avoid compliance surprises when enforcement arrives โ€” and they can design pilot projects to be compliance-ready from day one, rather than retrofitting later.

For the typical use cases Freshlab supports โ€” internal search, meeting summaries, document-based chatbots โ€” Annex III does not apply. That clarity alone is worth the assessment.

Get Your Local AI Classified

Not sure whether your application falls under Annex III? We help SMBs assess function, autonomy level, and sector relevance to produce a clear action plan โ€” based on the current drafts, without unnecessary overhead. Get in touch.