DEV Community

Cover image for When is your SaaS feature actually high-risk under the EU AI Act? The Annex III decision tree.
Gatis Ozols
Gatis Ozols

Posted on

When is your SaaS feature actually high-risk under the EU AI Act? The Annex III decision tree.

#ai #saas #eu #europe

TL;DR. Annex III of the EU AI Act lists 8 high-risk categories. If your AI feature falls into one, you owe a heavy compliance lift (conformity assessment, technical file, human oversight, EU database registration). If it does not, you are limited-risk or minimal-risk and the burden is much lighter. Most SaaS teams misclassify this step. Here is the 3-question decision tree I use on every audit, plus 8 real examples from recent client work. Code at the bottom. There is a classify.py script in the open-source repo that runs this for you.

The most expensive mistake I see SaaS teams make is calling a high-risk feature "limited-risk" because they want to avoid the conformity assessment. The second most expensive mistake is the opposite: calling everything high-risk because the rule sounds scary, and burying yourself in paperwork you do not need.

Annex III of the EU AI Act lists eight high-risk areas. If your AI feature falls into one of them, you are subject to a different and heavier set of obligations than the Article 50 transparency duties. If your feature does not fall into any of them, you are likely limited-risk or minimal-risk, and the compliance burden is much lighter.

This post is the decision tree I use on every audit, plus eight examples from real SaaS we have audited.

The eight Annex III areas, in plain English

  1. Biometric identification and categorisation. Face recognition, voice recognition for identification, gait recognition. Not biometric verification (one-to-one match like fingerprint unlock).
  2. Critical infrastructure. Water, gas, electricity, traffic management. Mostly outside SaaS.
  3. Education and vocational training. Admissions, grading, monitoring during exams, predicting academic outcomes.
  4. Employment and worker management. CV screening, performance evaluation, task allocation, termination decisions, monitoring.
  5. Access to essential public and private services. Creditworthiness scoring, public benefits eligibility, emergency services dispatch, health and life insurance pricing or coverage decisions.
  6. Law enforcement. Risk assessment of individuals, polygraph-style systems, evidence reliability assessment.
  7. Migration, asylum, border control. Risk assessment, document verification, visa processing.
  8. Administration of justice and democratic processes. Researching facts, interpreting laws, influencing voters.

For SaaS, the areas that come up most often are 1, 3, 4, 5. The rest rarely apply unless you sell to specific verticals.

The decision tree

I run every AI feature through three questions.

Question 1: Does the feature make a decision about a person, or is it just a tool the person uses?

If the feature recommends, ranks, scores, or classifies a person, you are probably in Annex III territory. If the feature helps the person draft a document, summarise their own text, or generate an image, you are probably not.

A grammar checker is not high-risk. A grammar checker that scores a job applicant's writing quality and feeds that score into a hiring decision is.

Question 2: Does the decision affect the person's access to something significant?

Significant means a job, a benefit, an education slot, credit, insurance, healthcare. If the answer is yes, you are high-risk. If the AI helps the person decide which restaurant to eat at, you are not.

Question 3: Is the person aware the decision is happening, and can they contest it?

If the answer is no on either side, you are deeper into high-risk territory and likely also into prohibited territory under Article 5 (manipulative AI). Article 5 risk is unrelated to Annex III but worth flagging in the same audit.

Eight examples from real SaaS audits

These are anonymised but real. I have audited each one in the last six months.

A: Recruitment SaaS with AI CV screening.
Annex III(4) employment. High-risk. Needs conformity assessment, technical file, human oversight policy, registration in EU database.

B: HR SaaS with AI-generated job descriptions.
The AI helps the recruiter write the JD. The recruiter posts it. No decision about applicants. Limited-risk under Article 50(2) (synthetic content disclosure). Not high-risk.

C: Customer support SaaS with AI auto-reply suggestions.
The AI suggests responses, the human support agent picks one. No automated decision about the customer. Limited-risk under Article 50(1) if the support agent's reply is sent as AI-authored, otherwise minimal-risk.

D: Lending platform with AI credit scoring.
Annex III(5) creditworthiness. High-risk. This one is unambiguous. Full conformity assessment required.

E: EdTech platform with AI tutoring that does not grade.
The AI explains concepts to students. No grading, no admission decision, no exam monitoring. Limited-risk under Article 50(1). Disclose the AI, done.

F: EdTech platform with AI grading of essays.
Annex III(3) education. High-risk. Even if a teacher reviews the AI's grade before final submission, the AI is doing the substantive grading work, and that triggers Annex III.

G: HealthTech SaaS that helps doctors draft patient notes.
Doctor reviews and signs every note. The AI does not diagnose or recommend treatment. Limited-risk under Article 50(2) for synthetic content. Not Annex III.

H: HealthTech SaaS that triages patient symptoms and recommends urgency level.
This one is borderline. If the recommendation is non-binding and a clinician makes the final call, it can be limited-risk. If the recommendation determines who gets seen and in what order, it is Annex III(5) access to essential services. We classified this one as high-risk in the audit and recommended the team build the human-in-the-loop properly before launch.

The cost difference between getting this right and getting it wrong

If you correctly classify a feature as limited-risk, you ship a disclosure and document the decision. Time investment: half a day.

If you correctly classify a feature as high-risk, you build a risk management system, a technical file under Article 11, a human oversight policy, accuracy and robustness testing, post-market monitoring, and you register in the EU database. Time investment: 6 to 12 weeks for a small team.

If you misclassify high-risk as limited-risk, you are operating in violation. Article 99(3) sets the penalty for non-compliance with high-risk obligations: up to €15 million or 3% of worldwide annual turnover.

If you misclassify limited-risk as high-risk, you burn six weeks of engineering time you did not need to burn.

The classification step is the single most important one in the whole EU AI Act compliance process. Get it right.

Run the classifier yourself

The same decision tree I run during audits is a single Python script in the open-source repo. Five questions, returns the risk category.

git clone https://github.com/GatisOzols/eu-ai-act-checklist
cd eu-ai-act-checklist
python3 classify.py
Enter fullscreen mode Exit fullscreen mode

It will ask you:

  1. Does the feature process biometric data of a real person for identification?
  2. Does the feature make or substantially inform a decision about a person?
  3. Is the decision in one of: employment, education, credit, insurance, healthcare, public benefits, law enforcement, migration, justice?
  4. Is the person subject to the decision aware it is happening, and can they appeal?
  5. Is the AI generating synthetic content that could be confused with human-authored content?

You get back one of: prohibited / high-risk / limited-risk / minimal-risk, plus the Annex III sub-paragraph or Article 50 sub-clause that applies.

Run it once per AI feature in your product. Save the output. That output, plus a one-paragraph rationale, is the start of your self-audit trail.

What this post does NOT cover

  • The actual conformity assessment paperwork for high-risk systems. That is a separate, longer process.
  • General-purpose AI model obligations under Chapter V. That applies to providers of foundation models, almost never to SaaS using them.
  • National-level implementations. Member States can add national rules on top of the Act. We track these in audits but they are out of scope here.

Either path

If your situation is simple, the open-source checklist is everything you need. MIT licensed. Use it in commercial products. Fork it. Send a PR if you spot a gap.

If you would rather have someone run the audit on your specific product, that is what we do at Disclos. 5 business days, €997 one-time, refund guaranteed if your SaaS is not compliant by 2 August 2026.

Either way, the classification step has to happen before any other compliance work. Do not skip it.

I run Disclos, an EU AI Act compliance practice for SaaS. Based in Riga. About 40 audits in. The open-source checklist above is the engineer-readable starter we wished existed when we started talking to SaaS founders about the Act.

Find me on X: @disclosai
Email: gatis@disclos.eu

Top comments (0)