What is a high-risk AI system?
A high-risk AI system is the EU AI Act’s central regulatory category: systems whose failure can materially harm health, safety or fundamental rights, and which therefore carry the Act’s heaviest compliance obligations. Two routes lead in: Annex I (AI as a safety component of regulated products — medical devices, machinery, vehicles) and Annex III (stand-alone use cases: recruitment and worker management, credit scoring, education, biometric identification, essential services, law enforcement, migration, justice).
The timeline moved — December 2027
Under the Digital Omnibus agreed by the EU institutions in mid-2026, the Annex III high-risk obligations were postponed from 2 August 2026 to 2 December 2027, and Annex I product-embedded obligations to 2 August 2028. The postponement does not touch what is already binding: the prohibited-practices list and AI-literacy duty (since 2 February 2025), GPAI rules (since 2 August 2025) and the Article 50 transparency obligations arriving 2 August 2026.
What the tier requires when it lands
Providers of high-risk systems must run a risk-management system across the lifecycle, meet data-governance standards for training and testing data, keep technical documentation and automatic logs, ensure human oversight and accuracy/robustness/cybersecurity, undergo conformity assessment, register in the EU database and CE-mark the system. Deployers carry duties too — use per instructions, human oversight, input-data control and, for certain deployers, a fundamental-rights impact assessment (FRIA).
We sell to EU customers from Türkiye — are we covered?
Yes, potentially: the Act applies to providers placing systems on the EU market wherever established, and to deployers whose system’s output is used in the EU. Turkish HR-tech, credit-scoring and edtech products with EU users should classify now and use the runway deliberately.
Is a chatbot high-risk?
Not by default — a customer-service chatbot is a transparency case under Article 50 (disclose the AI interaction). It becomes high-risk only if used in an Annex III context, such as screening job applicants.
Related: conformity assessment, FRIA.