Key facts

  • Format: one-page PDF obligations checklist with a deadline reference.
  • Covers risk management, data governance, documentation, logging and human oversight.
  • Mapped to the Digital Omnibus deferral: Annex III to 2 December 2027, product-embedded to 2 August 2028 (provisional, pending the Official Journal).
  • Includes the exemption criteria for systems that may not be high-risk after all.
  • Free to download — pairs with the high-risk AI guide.

What is the high-risk AI obligations checklist?

It is a practical checklist for anyone who has, or thinks they might have, a high-risk AI system under the EU AI Act. High-risk systems — broadly, those used in areas like recruitment, credit scoring, education or critical infrastructure — carry the Act's strictest obligations. This checklist turns those obligations into a working list, mapped to the confirmed deadlines.

📥 Download the High-Risk AI Obligations Checklist (PDF)

Who is it for?

Providers and deployers who have identified, or need to check, whether a system falls into Annex III (use-based) or Annex I (product-embedded) high-risk categories.

What the checklist covers

Classification. Whether your use case falls under Annex III or Annex I, and whether an exemption applies.

Risk management system. A documented, lifecycle-long process for identifying and mitigating risk.

Data governance and documentation. Training-data quality, technical documentation and instructions for use.

Logging and human oversight. Automatic logging and a design that lets people understand, monitor and intervene in AI decisions.

Conformity assessment. The process to demonstrate the system meets requirements before it's placed on the market. See the full EU AI Act timeline.

How to use it

Start with classification — many systems assumed to be high-risk qualify for an exemption once properly assessed, and vice versa. Document the classification decision either way. If you are high-risk, work through the checklist in order: risk management and data governance come before documentation and conformity assessment, because they generate the evidence those steps need.

Frequently asked questions

What is a high-risk AI system?

An AI system the EU AI Act designates as posing significant risk to health, safety or fundamental rights, carrying strict obligations.

What are examples of high-risk AI?

AI used in recruitment, credit scoring, education, critical infrastructure, law enforcement and certain medical or safety products.

What obligations apply to high-risk AI?

Risk management, data governance, documentation, logging, transparency, human oversight, accuracy and a conformity assessment.

When do high-risk AI obligations apply?

After the Digital Omnibus, Annex III obligations are deferred to 2 December 2027 and product-embedded to 2 August 2028 — provisional, pending final adoption in the Official Journal.

What is a conformity assessment?

The process used to demonstrate a high-risk system meets requirements before it is placed on the market.

How do I know if my AI is high-risk?

Map its use against the Annex III and Annex I criteria and any exemptions, and document the conclusion either way.

What's the deployer's role for high-risk AI?

Use it per the provider's instructions, ensure human oversight, monitor performance, keep logs and, where required, complete a Fundamental Rights Impact Assessment.

Related pages

Sources

Last updated 19 June 2026.