A law that sorts before it regulates
The EU AI Act is often described as a sweeping set of obligations, and it is, but the obligations are not applied evenly. The Act regulates by tier. A handful of practices are prohibited outright. A defined set of uses are designated high-risk and carry the weight of the Act: risk management, data governance, logging, human oversight, transparency, conformity assessment. Most systems fall below that, into limited or minimal risk, with light duties or none.
Which means the first and most consequential question the Act asks is not "what must this system do." It is "which tier is this system in," because the answer determines everything after it. And the high-risk tier is defined, in large part, by a list. Annex III enumerates the high-risk use cases: biometric identification, critical infrastructure, education, employment, access to essential services including creditworthiness, law enforcement, migration, the administration of justice. If a system's purpose lands in one of those categories, it is high-risk, and the heavy obligations attach.
Classification as the gate
{
"rule_id": "AIG-RISK-EU-002",
"title": "System falls in an Annex III high-risk category",
"jurisdiction": "eu",
"source": "EU AI Act, Annex III",
"severity": "review",
"expected_outcome": {
"action": "review",
"message": "The system's use case matches an Annex III high-risk category. The high-risk obligations apply: risk management, data governance, logging, human oversight, transparency, and conformity assessment. Confirm the required controls are evidenced before deployment."
},
"conditions": [
{ "type": "category_match", "path": "system.use_case", "list": "annex_iii_high_risk" }
],
"deterministic": true,
"validation_status": "expert_reviewed"
}
The list is data. Annex III is a maintained set of categories, and a system's use case either matches one or it does not. The obligations that follow are themselves a table: given the high-risk tier, here are the controls that must be evidenced. So the Act, for all its breadth, decomposes into a classification followed by an obligation set, both of them data the rules read, neither of them logic that has to change when the Act is amended or the Annex is extended.
There is judgment in the matching, of course. Deciding whether a particular system's purpose really falls within an Annex III category can require interpretation, and where it does, that is a semantic step, flagged as such, with a low-confidence call sent to a person rather than resolved silently. But once the tier is set, the obligations are mechanical: present, or not present, evidenced, or not.
Why the conservative default is high
Annex III classification is the one place where failing closed points toward more scrutiny rather than less. If the system cannot determine a clear tier, it does not default to minimal risk and wave the system through. It treats the system as high-risk pending review. The reason is the asymmetry the whole Act is built on. Classifying a harmless system as high-risk costs some unnecessary diligence. Classifying a genuinely high-risk system as minimal lets it deploy with none of the controls the law requires, which is precisely the harm the Act exists to prevent. When the engine is unsure which list you are on, it assumes the list that demands more checking.
The point
The EU AI Act looks like a wall of obligations and is really a sorting mechanism with obligations hanging off each tier. The hardest and most important step is the classification, and Annex III makes much of that classification a matter of matching a use case against a maintained list. Encode the list as data, the per-tier obligations as a table, and the classification as a rule that fails toward caution, and a law that reads as overwhelming becomes a gate followed by a checklist. Which list you are on is the whole question. Answer it correctly, traceably, and conservatively, and the rest of the Act is downstream.