Article 6(3) Exemption: When Annex III Doesn't Mean High-Risk

If you've read the EU AI Act and concluded your AI system might be exempt from high-risk classification, there's a good chance you're wrong. Not because the exemption doesn't exist. It does. But because of a single clause buried in Article 6(3) that closes the door for most of the companies that try to walk through it.

I've now classified more than 200 AI systems for European companies. About a third of those companies arrive at the conversation convinced they qualify for the Article 6(3) exemption. Maybe 5 of them actually do. The rest are tripped up by the same misreading of the regulation.

This guide walks through exactly what Article 6(3) says, when it actually applies, and the specific trap that catches everyone. By the end, you'll know whether your AI system genuinely qualifies, or whether you're about to make the most expensive misclassification mistake under the EU AI Act.

What Article 6(3) actually does

The EU AI Act's default rule is that AI systems falling into one of the eight Annex III categories are high-risk. Annex III covers:

• Biometric identification and categorization
• Critical infrastructure safety
• Education and vocational training
• Employment, worker management, access to self-employment
• Essential public and private services and benefits
• Law enforcement
• Migration, asylum, and border control
• Administration of justice and democratic processes

If your AI falls into any of these areas, the regulation presumes you're high-risk. That means about nine documentation and governance obligations under Articles 9 through 72.

Article 6(3) creates an exception to this presumption. The text says (paraphrased):

An AI system referred to in Annex III shall NOT be considered high-risk where it does not pose a significant risk of harm to the health, safety, or fundamental rights of natural persons, including by not materially influencing the outcome of decision making.

So you can be in Annex III but exempt from high-risk classification if you can show your AI doesn't materially influence decisions and doesn't pose significant risk.

That sounds permissive. Many AI systems would seem to qualify. This is where most founders stop reading and decide they're exempt.

That's a mistake. The article continues.

The four conditions for exemption

To qualify for the exemption, your AI must meet at least one of four specific conditions. The regulation lists these explicitly:

Condition (a): Narrow procedural task

The AI performs a procedural task. Think: converting unstructured data into structured data, classifying incoming documents into predefined categories, detecting duplicates among large datasets. Procedural means mechanical, deterministic-feeling, not evaluative.

Example that qualifies: an AI that reads PDFs of received invoices and extracts the line items into a structured database. It's processing documents, not making judgments about anything.

Example that doesn't qualify: an AI that reads PDFs of received resumes and extracts skills, education, and experience. Even though this might look procedural, the extraction involves evaluation (what counts as a "skill"?), and the output gets used for decision-making about specific people.

Condition (b): Improving a completed human activity

The AI improves the result of an activity that a human already completed. The human did the work, the AI polishes it.

Example that qualifies: an AI that improves the grammar of a recruitment email a recruiter already wrote. The recruiter wrote the email, made the substantive decisions, the AI just polishes prose.

Example that doesn't qualify: an AI that drafts the email from scratch based on the candidate's profile, even if a human reviews it before sending. The AI is doing the substantive creative work.

Condition (c): Detecting decision-making patterns without replacing human assessment

The AI identifies patterns or deviations in past decisions for review, but doesn't replace or influence the previously completed human assessment.

Example that qualifies: an AI that audits historical hiring decisions to flag patterns that might indicate bias for human review. The AI is looking backward at completed decisions, surfacing patterns, not making new decisions.

Example that doesn't qualify: an AI that scores active candidates against patterns from past successful hires. The AI is influencing current decisions, not auditing past ones.

Condition (d): Performing a preparatory task

The AI performs a preparatory task before an assessment that's relevant to Annex III use cases. The key word is "preparatory" meaning before the substantive work happens.

Example that qualifies: an AI that organizes incoming applications into folders by date submitted. It's preparing the workflow but not evaluating anyone.

Example that doesn't qualify: an AI that organizes incoming applications into folders by likely fit for the role. Even though it's "before" the human reviews them, the AI has now made evaluative judgments about specific candidates.

The line between "preparatory" and "evaluative" is where most companies get this wrong. They want their AI to do meaningful work but still claim it's just "preparatory."

The trap that catches almost everyone

Here is the specific clause that disqualifies most AI systems people think are exempt. It's in Article 6(3), immediately after the four conditions:

Notwithstanding the first subparagraph, an AI system referred to in Annex III shall always be considered to be high-risk where the AI system performs profiling of natural persons.

Translation: even if your AI meets one of the four conditions above, if it also performs profiling, you cannot use the exemption. Profiling automatically locks you into high-risk classification.

The next question is what counts as profiling. The Act references GDPR Article 4(4), which defines it as:

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

This definition is much broader than most companies realize. If you're processing personal data to evaluate or predict aspects about specific individuals, you're profiling. The list of "personal aspects" includes work performance, financial situation, health, preferences, reliability, and behavior. That covers most AI use cases involving people.

So here's the pattern that kills the exemption claim for most systems:

• The AI processes personal data ✓
• It makes evaluations or predictions about specific individuals ✓
• Those evaluations relate to work, finance, health, behavior, or similar aspects ✓

If all three are true, you're profiling. Profiling disqualifies you from the exemption. You stay high-risk no matter what.

Real examples of where companies get this wrong

Let me walk through specific examples I've seen.

Case 1: The "we just rank candidates" trap

A recruitment AI vendor said: "Our AI ranks candidates based on CV content. The recruiter makes the final decision. We're a preparatory task under Condition (d)."

The problem: ranking candidates based on their CVs is evaluating their suitability for the role. Suitability is a prediction about their future work performance. That's profiling. Exemption denied. The system is high-risk.

Case 2: The "we improve human work" trap

A performance review AI vendor said: "Managers write the performance reviews. Our AI improves the writing. We're under Condition (b), improving completed human activity."

The problem: turned out the AI was doing more than improving prose. It was suggesting different ratings based on the content of the review. Suggesting ratings is evaluation, not improvement. Even if the manager makes the final call, the AI is influencing it. Exemption denied.

Case 3: The "we detect patterns" trap

A workplace analytics vendor said: "Our AI identifies patterns in employee data for HR to review. We're under Condition (c), detecting patterns without replacing assessment."

The problem: the AI was producing individual-level flags. "Employee X is at risk of attrition." "Employee Y shows signs of disengagement." These are predictions about specific individuals, not patterns. Profiling. Exemption denied.

Case 4: The "we provide recommendations" trap

A credit scoring vendor said: "We don't approve loans. We provide recommendations to underwriters. We're advisory, not decisional."

The problem: predicting credit risk for specific people is profiling. The advisory framing doesn't change what the AI is doing. Exemption denied.

The common thread: in each case, the AI was doing substantive evaluative work on specific individuals, but the company was using language ("ranking," "improving," "detecting patterns," "recommending") to make it sound less consequential. The regulation isn't fooled by language. It looks at what the AI actually does.

When the exemption genuinely applies

Here are real examples I've seen where the exemption did apply.

Case 1: Document organization AI

An HR platform had an AI that classified incoming resumes by job posting (which open role they were applying for) and routed them to the right hiring manager. The AI made no evaluation of the candidate. It just routed based on which posting the application referenced. Condition (d) preparatory task. No profiling. Exempt.

Case 2: Audit AI for past decisions

A workplace fairness tool ran AI over historical promotion decisions to identify statistical patterns suggesting potential bias. The output was aggregate (e.g., "Engineering department has X% lower promotion rate for women") not individual-level. The AI flagged patterns for human review without changing past decisions or influencing future ones. Condition (c). No profiling at the individual level. Exempt.

Case 3: Grammar polish for HR communications

A recruitment platform had an AI that improved the grammar and tone of recruitment emails after a recruiter wrote them. The AI didn't change the content or the substantive message. Condition (b). No profiling. Exempt.

Case 4: Format conversion

A document management AI converted PDF resumes into structured database entries. The AI extracted text without making any evaluative judgments. The output was just structured data. Condition (a) narrow procedural task. No profiling. Exempt.

In each of these cases, the AI was doing work that didn't require evaluation of specific individuals, and the output didn't predict or analyze personal aspects. That's the bar.

How to honestly assess whether your AI qualifies

If you want to test whether your AI system genuinely qualifies for the Article 6(3) exemption, work through these questions in order.

Question 1: Does it fall under Annex III at all?

If not, the exemption is irrelevant. You're not high-risk by default and don't need exemption.

Question 2: Does the AI process personal data?

If no, profiling can't apply because profiling is defined as processing of personal data. You're more likely to qualify for the exemption.

If yes, continue.

Question 3: Does the AI evaluate or predict aspects about specific individuals?

This is the killer question. Aspects include work performance, economic situation, health, preferences, interests, reliability, behavior, location, movements.

If no: you might qualify for the exemption.

If yes: you're profiling. Exemption disqualified. You're high-risk.

Question 4: If you said no to Question 3, which exemption condition do you meet?

Now check which of the four conditions actually fits your system:

• (a) Narrow procedural task: mechanical processing, no evaluation
• (b) Improving completed human work: human did the substantive work, AI polished
• (c) Detecting patterns in past decisions: backward-looking audit, no individual predictions
• (d) Preparatory task: before substantive work, organizing or routing without evaluating

If you can't fit one of these clearly, you're not exempt. The default of high-risk applies.

The strategic question: should you try to claim the exemption?

Even if you think you qualify, there's a strategic question about whether to claim the exemption.

Reasons to claim it:

• Avoids the documentation burden of high-risk classification
• Faster product iteration without going through compliance review for every change
• Lower ongoing cost

Reasons to NOT claim it:

• If a regulator disagrees with your assessment, the fine is up to €15M or 3% of global revenue
• Customers (especially enterprise) increasingly expect documented high-risk compliance regardless
• Some markets (especially financial services, healthcare, public sector) will treat exemption claims with suspicion
• The exemption is genuinely narrow and regulators will scrutinize claims closely

In practice, I usually advise companies that even if they qualify for the exemption, doing a full high-risk compliance posture is the safer commercial move. It protects against misclassification risk, satisfies enterprise procurement requirements, and provides documentation that helps with everything from investor due diligence to customer trust.

The exemption is most useful for systems where the documentation work would be genuinely disproportionate to the actual risk. Document classifier? Maybe worth claiming exemption. Decision-influencing AI in HR or credit? Probably worth doing the full compliance work even if you technically qualify.

What this means for your AI system

If you're reading this trying to figure out whether your AI is exempt, here's the honest answer for the most common cases:

• AI that scores, ranks, or evaluates specific individuals: not exempt. You're high-risk.
• AI that predicts behavior, performance, or outcomes for specific people: not exempt. You're high-risk.
• AI that recommends decisions affecting specific people: not exempt. You're high-risk.
• AI that converts data formats, organizes documents, or polishes text: might be exempt. Check the conditions carefully.

The exemption was written narrowly on purpose. Regulators didn't want it to swallow the rule. If your AI is doing meaningful evaluative work on individuals, the regulators want you in the high-risk regime with proper documentation.

What to do this week

If you've been operating on the assumption that your AI is exempt under Article 6(3), now is the time to honestly reassess. The deadline is August 2, 2026.

1. Read your system description against the four exemption conditions. Be honest about whether you fit cleanly.
2. Apply the profiling test. If your AI evaluates or predicts personal aspects of individuals, the exemption is closed.
3. If the exemption doesn't apply, start the high-risk compliance work now. You have time if you start in May. You don't if you start in July.
4. Document your reasoning either way. If you claim the exemption, document why each condition is met. If you don't, document your acknowledgment of high-risk status and the work plan to comply.

The mistake that destroys companies isn't being high-risk. The mistake is being high-risk and not knowing it, then finding out from a regulator after the deadline.

Run the free classifier to confirm your status →

---

Common questions about the Article 6(3) exemption

If our AI is exempt, do we have zero obligations? Not necessarily. You might still fall under Article 50 limited-risk obligations (transparency requirements) if your AI interacts with humans or generates synthetic content. Article 6(3) exempts you from high-risk classification, not from all obligations.

Can we claim the exemption now and add high-risk compliance later if needed? Risky. The regulator can look at your historical classification and ask why you didn't classify as high-risk earlier. Better to make a clear classification decision and document it from the start.

What if regulators issue more detailed guidance on Article 6(3)? The EU AI Office is expected to publish further guidance throughout 2026 and 2027. This guidance will likely tighten interpretation in some areas. Companies that took aggressive exemption positions may need to reclassify when guidance arrives.

Does the exemption apply to GPAI systems? GPAI (general-purpose AI) systems have separate obligations under Articles 51-55 that exist alongside Article 6 classification. If you're using or providing GPAI, you have those obligations regardless of high-risk status.

How do we document an exemption claim? Document the reasoning thoroughly. Include: which Annex III area your system falls under, which exemption condition applies, why profiling doesn't apply, the risk assessment showing no significant harm, and the date of the assessment. Update this documentation when your system changes meaningfully.

---

Run the classifier to test your system →

Related guides:

• Is My AI System High-Risk Under the EU AI Act?
• The EU AI Act for HR Tech: A Vertical Guide
• EU AI Act vs GDPR: How They Overlap and Where They Don't
• The 2026 EU AI Act Compliance Checklist