Annex III and Your Nonprofit: Which AI Systems Become "High-Risk" in August 2026

Annex III covers remote biometric identification systems (used to identify individuals without their active participation), biometric categorization systems that use sensitive or protected attributes such as race, religion, sexual orientation, or political opinion, and emotion recognition systems. Simple one-to-one biometric verification (confirming that you are who you say you are) is explicitly excluded.

Nonprofit exposure is moderate and often underestimated. Organizations that use facial recognition for facility access, client check-in, or event credentialing may be operating biometric systems that fall within scope if they do more than simple one-to-one verification. Any tool that detects emotions, gauges engagement or mood, or infers attributes about a person from their appearance is particularly high-risk under this category. Counseling organizations, mental health nonprofits, and job training programs that have piloted AI-enhanced video tools should review these carefully.

• Emotion-detection tools used in interviews, counseling sessions, or training assessments
• Facial recognition used for client identification rather than simple access control
• One-to-one biometric verification (e.g., "confirm your own identity") is excluded

This category covers AI systems managing safety in digital infrastructure, road traffic, water, gas, heating, and electricity supply. For most nonprofits, this is the least relevant Annex III category. Organizations providing or managing essential community infrastructure (utilities, emergency shelter systems with integrated building management AI, food distribution logistics at scale) may find edge cases here, but the majority of nonprofits can deprioritize Category 2.

Category 3 covers AI systems that determine access to educational institutions at any level, evaluate learning outcomes or steer the learning process, assess what level of education is appropriate for a person, and monitor or detect prohibited behavior during assessments. This is directly relevant to nonprofits running workforce development programs, vocational training, accredited continuing education, or any educational service that uses AI to make or influence decisions about individual learners.

The word "any level" in the admissions criterion is significant. This is not limited to university admissions. A job training organization that uses AI to screen applicants for program entry, or an adult literacy organization that uses AI to determine which curriculum tier a learner should enter, may be deploying a Category 3 high-risk system. AI tools embedded in e-learning platforms that track learner behavior, flag non-compliance with assessment rules, or automatically recommend educational pathways also fall within this category.

• AI-based application screening for job training, adult education, or vocational programs
• Automated learning pathway recommendations based on assessed individual capability
• AI proctoring or test monitoring tools that detect behavioral anomalies

Category 4 is among the most broadly applicable to nonprofits. It covers AI used for targeted job advertising, resume and application screening, candidate ranking during recruitment, AI-assisted interview evaluation, decisions or recommendations about promotions and terminations, task allocation systems, and performance or behavior monitoring. The scope is intentionally wide because these applications touch on fundamental employment rights.

Nonprofits that use modern applicant tracking systems with AI screening features, tools that score or rank candidate profiles, or interview software with any AI analysis component should assume they are operating within Category 4. Many widely-used HR platforms have introduced AI features in recent years, and those features, even when presented as "suggestions" or "scoring assists," can trigger the high-risk classification if they influence hiring decisions. The question is not whether the AI has final authority, but whether it materially influences the decision.

The status of volunteer management is a grey area, but organizations should not assume volunteers are automatically exempt. If an AI tool profiles individuals and its outputs influence whether someone is accepted as a volunteer for a role involving vulnerable populations, the case for high-risk classification is strong. Legal counsel familiar with EU AI Act interpretation should advise on this.

• AI features in applicant tracking systems (resume scoring, candidate ranking)
• Interview analysis tools that evaluate communication, sentiment, or behavioral signals
• Performance management platforms with AI-generated assessments or ratings
• Productivity or behavior monitoring software for remote workers

Category 5 is the most significant Annex III category for service-delivery nonprofits. It covers AI systems that evaluate eligibility for public assistance benefits including healthcare, housing, social services, and related programs; systems that grant, reduce, revoke, or reclaim such benefits; creditworthiness assessment; life and health insurance risk assessment; and emergency call classification and dispatch prioritization.

Many social service nonprofits operate in precisely this space. Organizations providing housing assistance, food programs, healthcare navigation, refugee resettlement support, domestic violence services, or financial assistance often use software that includes some form of intake assessment, needs scoring, or eligibility determination. If that software includes AI components that influence who receives services or how quickly they receive them, Category 5 applies.

This category also triggers an additional layer of obligation beyond the standard high-risk compliance requirements. Under Article 27, organizations that are public-law bodies or private entities providing public services, which explicitly includes organizations in social services, healthcare, and housing, must conduct and submit a Fundamental Rights Impact Assessment (FRIA) before deploying a high-risk AI system. For nonprofits contracting with government to deliver public services, this obligation almost certainly applies.

• Client intake tools that score needs or triage service eligibility
• Case management software with AI-generated recommendations for service allocation
• Housing assistance platforms that rank or score applicants for placement
• Fraud detection systems are explicitly excluded from Category 5

Categories 6 through 8 cover law enforcement risk assessment tools, migration and asylum evaluation systems, and AI assisting courts in legal reasoning. Most nonprofits have no direct exposure to these categories through their own software deployments.

However, organizations working at intersections with the legal system may encounter edge cases. Legal aid nonprofits that use AI to triage case intake or predict case outcomes should review Category 8 carefully. Immigration and refugee services organizations that use AI-assisted document analysis or eligibility screening tools should examine Category 7. Criminal justice reform organizations working with recidivism data or risk assessment tools should consult Category 6.

For the majority of nonprofits, Categories 6-8 represent lower-probability exposure. But for organizations working specifically in legal services, immigration support, or justice system reform, these categories warrant dedicated legal review, as the stakes of misclassification are particularly high given the sensitivity of the populations affected.

The starting point for any Annex III compliance effort is knowing what AI systems your organization is actually using. This is harder than it sounds. AI capabilities are now embedded in platforms organizations have used for years, including HR software, CRM systems, e-learning platforms, case management tools, and grant management software. Many vendors have added AI features incrementally, and frontline staff may be using AI tools the leadership team is unaware of.

• Survey all departments for AI-powered tools, including features within larger platforms
• Request AI feature disclosure from all major software vendors in your stack
• Document the purpose, user base, and data inputs for each AI system identified
• Note whether each system makes or influences decisions about individuals

For each AI system in your inventory, work through the eight Annex III categories systematically. The key question for each category is not whether the tool uses AI in that general domain, but whether it makes or materially influences decisions about individuals in that domain. A scheduling tool that happens to use AI is categorically different from a needs-assessment tool that scores clients for service eligibility.

• For each tool, identify the primary decision or output the AI produces
• Determine whether that output influences a decision about a specific individual
• Match the domain (hiring, benefits, education, etc.) to the relevant Annex III category
• Flag any tool that involves individual profiling for heightened scrutiny

For any tool that appears to fall within an Annex III category, the next step is to engage the vendor. Specifically, ask whether they have classified their product as a high-risk AI system under Annex III, whether they have completed the required conformity assessment, what the status of their EU database registration is, and what documentation they can provide to support your own compliance obligations as a deployer.

A vendor who cannot provide clear answers to these questions by late spring 2026 presents a significant compliance risk. As a deployer, your obligations include using the system in accordance with the provider's instructions for use. If the vendor has not produced those instructions in a form that satisfies Article 26 requirements, you may face compliance exposure that is not your fault but is nonetheless your problem.

• Send formal written inquiries to vendors of potential high-risk tools
• Request conformity assessment documentation and EU database registration evidence
• Review your contracts for AI Act compliance representations and warranties
• Escalate non-responsive vendors to your legal counsel immediately

Once you have identified confirmed or probable high-risk AI systems, you need to build the operational infrastructure for compliance. This includes human oversight protocols with named, trained staff responsible for each system; log retention processes to preserve six months of AI system logs; an incident reporting procedure specifying who is responsible for reporting malfunctions to vendors and authorities; and, for social service organizations, beginning the FRIA process.

Many of these obligations align closely with good AI governance practice that mature nonprofit AI champions would implement regardless of regulatory requirements. Organizations that have invested in AI literacy and responsible AI culture will find the compliance infrastructure easier to build because the underlying organizational habits are already in place.

• Assign named oversight staff for each high-risk system with training documentation
• Establish log retention policy and technical process for six-month minimum
• Draft staff and beneficiary notification templates for AI use disclosure
• Begin FRIA process if your organization provides public services