Tag: AI Act Annex III

  • Digital Omnibus AI Act Delay 2026: What Research Institutions Must Know

    The digital omnibus AI Act delay 2026 is now confirmed: the European Parliament formally endorsed the deal on 16 June 2026 and the Council of the EU gave its final green light on 29 June 2026, pushing the AI Act’s high-risk obligations for stand-alone Annex III systems from 2 August 2026 to 2 December 2027. For research institutions running admissions, assessment, or exam-proctoring AI classified under Annex III’s education category, this removes an imminent compliance cliff but does not remove the obligation itself.

    The Digital Omnibus on AI is the European Commission’s targeted amendment package to Regulation (EU) 2024/1689 (the AI Act), tabled on 19 November 2025 to defer the applicability of high-risk obligations while harmonised technical standards catch up with the legislative timetable. It is distinct from the broader “Digital Omnibus” simplification package covering GDPR and the ePrivacy Directive, which is proceeding on a separate track.

    What is the Digital Omnibus on AI?

    The Digital Omnibus on AI is a package of targeted amendments to the EU AI Act, proposed by the European Commission to defer the applicability of high-risk AI obligations and to soften or clarify a handful of adjacent provisions. It does not alter the AI Act’s underlying risk-based architecture: the definitions of high-risk AI, the prohibited-practice list, and the general-purpose AI (GPAI) model rules all remain unchanged.

    Two changes matter most for institutional AI governance. First, the compliance timeline for high-risk AI systems is pushed back by more than a year. Second, a new prohibition targeting AI-generated non-consensual intimate imagery (“nudifiers”) and child sexual abuse material (CSAM) is inserted into Article 5, with a transitional period running to 2 December 2026.

    Timeline: how the delay was finalised

    The delay moved through five distinct stages before becoming binding. Each stage narrowed the uncertainty that had left institutions unable to plan with confidence through the first half of 2026.

    • 19 November 2025 — the European Commission tabled the Digital Omnibus on AI, proposing a conditional delay mechanism for Annex III high-risk obligations.
    • 18 March 2026 — the European Parliament’s lead committee signalled support for postponement, initially floating a shorter extension to 2 November 2026 rather than the Commission’s later date.
    • 6–13 May 2026 — trilogue negotiators reached a provisional political agreement, subsequently confirmed by Member State representatives in the Council (Coreper).
    • 16 June 2026 — the European Parliament formally endorsed the agreed text in plenary.
    • 29 June 2026 — the Council of the EU gave its final approval, completing the co-legislative procedure.

    Formal publication in the Official Journal of the European Union is expected before 2 August 2026, the date on which the amended provisions are designed to take legal effect. Until publication, the original 2 August 2026 deadline technically remains in force — a distinction several early client alerts flagged as a live risk for institutions that stopped preparing prematurely.

    New compliance dates for high-risk AI systems

    The Omnibus replaces the Commission’s original conditional trigger with fixed calendar dates. Annex III stand-alone high-risk systems — including those used for recruitment, credit scoring, law enforcement, border control, and education — now have until 2 December 2027 to comply, instead of 2 August 2026. Annex I systems embedded in already-regulated products, such as medical devices and machinery, move to 2 August 2028.

    Obligation Original date New date Status
    Unacceptable-risk prohibitions (Article 5); AI literacy (Article 4) 2 Feb 2025 Unchanged (literacy duty softened) In force
    GPAI model obligations; AI Office operational 2 Aug 2025 Unchanged In force
    Article 50 transparency (AI-generated content disclosure) 2 Aug 2026 2 Aug 2026 (largely unchanged) Proceeding as scheduled
    Article 50(2) watermarking grace period for existing systems 2 Aug 2026 2 Dec 2026 Deferred (grace period)
    New Article 5 ban on non-consensual intimate imagery/CSAM AI 2 Dec 2026 (transitional period ends) New provision
    Annex III high-risk obligations (incl. education/admissions AI) 2 Aug 2026 2 Dec 2027 Deferred
    Member state AI regulatory sandboxes (Article 57) 2 Aug 2027 2 Aug 2027 (sandbox timeline unaffected for Annex III) Unchanged
    Annex I high-risk obligations (embedded, e.g. medical devices) 2 Aug 2027 2 Aug 2028 Deferred

    Two provisions are not deferred. The Article 50 transparency duty — telling users they are interacting with an AI system, and labelling AI-generated content — largely proceeds on the original 2 August 2026 schedule, with only the narrower watermarking sub-obligation under Article 50(2) receiving a four-month grace period for systems already on the market.

    What changes for research institutions under Annex III

    Annex III, paragraph 3 of the AI Act designates AI systems used in the education and vocational training domain as high-risk where they determine access or admission to an institution, evaluate learning outcomes, assess the appropriate level of education for an individual, or monitor and detect prohibited behaviour by students during tests. This is the category most directly relevant to research institutions and universities.

    Concretely, the delay reaches:

    • Admissions and PhD-selection algorithms that rank or filter applicants;
    • Automated assessment and grading tools used to evaluate learning outcomes;
    • Exam-proctoring and academic-integrity-monitoring systems deployed during tests;
    • Tools that assign students to a particular level or track of study.

    Research-integrity screening tools (plagiarism and image-manipulation detection) and grant- or funding-evaluation algorithms sit in a greyer area: they may qualify as high-risk under other Annex III categories — such as access to essential public services — depending on how decisively the AI output determines an outcome for the individual concerned. Institutions should not assume a blanket exemption; classification still depends on the specific use case, not the sector label.

    The practical effect of the delay is headroom, not relief. Conformity assessments, technical documentation, human-oversight design, and post-market monitoring for Annex III education systems must still be built — the deadline for having them in place has simply moved from 2 August 2026 to 2 December 2027. Institutions that paused compliance work in anticipation of the delay now have a defined, and shorter than expected, runway of roughly seventeen months from the June 2026 vote.

    Answer-first Q&A

    What is the EU AI Act Digital Omnibus?

    The Digital Omnibus on AI is a European Commission proposal, tabled 19 November 2025 and finalised through Parliament and Council votes in June 2026, that amends the AI Act to defer high-risk compliance deadlines and adjust several related provisions without changing the Act’s core risk-based structure.

    When do high-risk AI obligations now apply under the AI Act?

    Stand-alone Annex III high-risk systems, including education and admissions AI, must comply by 2 December 2027. AI embedded in already-regulated products under Annex I, such as medical devices, must comply by 2 August 2028, both later than the original 2026/2027 dates.

    Does the delay apply to AI used in education and research admissions?

    Yes. Annex III explicitly classifies AI systems governing admission decisions, learning-outcome evaluation, and exam proctoring as high-risk. These systems’ compliance deadline moves with the rest of Annex III, from 2 August 2026 to 2 December 2027, once the Omnibus is published.

    What still happens on 2 August 2026 despite the delay?

    The Article 50 transparency obligations — disclosing AI interactions and labelling AI-generated content — remain on schedule for 2 August 2026. Only the narrower watermarking duty under Article 50(2) gets a four-month grace period, to 2 December 2026, for systems already on the market.

    Implications and what happens next

    For research administrators, the confirmed timeline changes planning horizons more than it changes obligations. Governance work — data-quality checks, human-oversight protocols, and documentation for admissions and assessment AI — can now be sequenced over roughly seventeen months rather than weeks.

    The Omnibus must still be published in the Official Journal before the new dates bind; until then, 2 August 2026 remains the legal default. Institutions should treat formal publication, expected in the weeks following the 29 June 2026 Council approval, as the trigger to lock in updated compliance calendars, not the political agreement alone.

    Institutions building governance around admissions, assessment, and research-integrity AI should track both the AI Act’s Annex III scope and adjacent standards work as they mature.

    For related institutional definitions and terminology, see the CASRAI Open Research Glossary and the research administration resource hub.

  • AI Act Annex III Education Systems Explained

    Annex III of the EU AI Act (Regulation (EU) 2024/1689) classifies four specific education uses as high-risk: admissions and access decisions, evaluation of learning outcomes, assessment of the appropriate level of education for an individual, and monitoring students for prohibited behaviour during tests. That fourth category covers most commercial exam-proctoring software. Because these systems influence a person’s access to education, providers and institutions face conformity-assessment, documentation and human-oversight duties — and, as of mid-2026, a revised compliance timeline that most procurement guidance has not yet caught up with.

    Annex III is the section of the AI Act that lists the stand-alone use cases treated as high-risk regardless of sector, and education is one of eight listed domains. Under Article 6(2), any system matching an Annex III description is high-risk unless it falls within a narrow set of Article 6(3) exemptions for purely preparatory or narrow procedural tasks.

    What Annex III Actually Classifies as High-Risk in Education

    Annex III, point 3, lists four education and vocational-training use cases. Each is high-risk in its own right, not as a bundled “education AI” category:

    Annex III, point 3 What it covers Typical real-world system
    3(a) Access and admission Determining access, admission, or assignment of people to educational and vocational institutions at any level Admissions-ranking algorithms; automated place-allocation tools
    3(b) Evaluating learning outcomes Assessing outcomes, including where results steer a person’s subsequent learning path Automated essay and short-answer scoring; adaptive-learning placement engines
    3(c) Assessing appropriate education level Determining the level of education a person will receive or can access Streaming and tracking tools; aptitude-based course-eligibility systems
    3(d) Monitoring prohibited behaviour Detecting prohibited conduct by students during tests Remote exam-proctoring software with anomaly or gaze detection

    This structure matters for procurement: a vendor’s product might satisfy only one limb (proctoring under 3(d)) while a different module of the same platform — an automated grading feature, say — separately triggers 3(b). Each function needs its own classification check rather than a single institution-wide judgement.

    Why Proctoring and Admissions AI Meet the High-Risk Threshold

    The AI Act treats education systems as high-risk because their outputs shape a person’s access to opportunity, not because the underlying technology is novel. Recital 56 explains that AI in education can determine “the educational and professional course of a person’s life” and, where biased or opaque, can perpetuate discrimination on grounds such as disability, ethnic origin or sexual orientation.

    Two features push a system firmly into the high-risk tier. First, if the tool performs profiling of natural persons — building a behavioural or performance profile used in a decision — Article 6(3) removes the narrow-task exemptions entirely, so the system is automatically high-risk. Most commercial proctoring tools that flag “suspicious behaviour” patterns over time perform exactly this kind of profiling. Second, where a system’s error directly changes an admission, grading or progression outcome, it cannot credibly claim the “preparatory task only” or “improves a human decision” carve-outs in Article 6(3), because the human reviewer rarely has the practical capacity to re-examine every flagged case in full.

    Conformity-Assessment Duties That Follow

    Classification as high-risk is the trigger, not the end point. Providers placing an Annex III education system on the market must run it through conformity assessment under Article 43 before deployment, and both providers and deploying institutions then carry ongoing obligations:

    • Establish and maintain a risk-management system across the tool’s lifecycle
    • Use training, validation and test data that is relevant, representative and checked for bias
    • Produce technical documentation demonstrating compliance, and enable automatic logging for traceability
    • Complete a declaration of conformity, affix the CE marking, and register the system in the EU high-risk AI database under Article 49
    • Deployers must run a fundamental rights impact assessment before first use, keep human oversight with real override authority, and tell students and applicants that a high-risk system is involved

    None of these duties can be delegated to the software vendor by contract alone. An institution that deploys a high-risk admissions tool is a deployer under the Act and carries deployer-specific obligations even where the vendor, as provider, has already completed its own conformity assessment.

    The compliance timeline itself has shifted since most existing guidance was written. Article 113 originally set 2 August 2026 as the date the Annex III obligations became applicable. On 7 May 2026, the European Parliament and the Council reached a provisional political agreement on the Digital Omnibus on AI, replacing that date with fixed extensions: 2 December 2027 for stand-alone Annex III systems (including education), and 2 August 2028 for Annex I product-embedded systems. Separately, the marking obligations under Article 50(2) now fall due on 2 December 2026. Until the agreed text is formally adopted and published in the Official Journal, the original 2 August 2026 date remains the legally binding one — institutions should treat the extension as highly likely, not yet certain.

    Obligation Original deadline Revised deadline (Digital Omnibus, agreed 7 May 2026)
    Annex III stand-alone high-risk systems (education, employment, essential services) 2 August 2026 2 December 2027
    Annex I product-embedded high-risk systems 2 August 2027 2 August 2028
    Article 50(2) transparency/marking obligations 2 August 2026 2 December 2026

    What This Means for Procurement of Proctoring and Admissions AI

    For institutions and publishers buying exam-proctoring, admissions-ranking or automated-scoring tools, the practical question is no longer “is this AI regulated eventually” but “which Annex III limb applies, and can the vendor prove it.” A procurement checklist built around Annex III should require vendors to confirm, in writing, before contract renewal:

    • Whether each distinct feature of the product (scoring, proctoring, ranking) falls under Annex III, point 3(a)-(d), and if so, which limb
    • Evidence of a completed or in-progress conformity assessment and EU database registration, or a documented Article 6(3) exemption assessment
    • What training data was used, and what bias-testing was performed against protected characteristics
    • What logging and traceability the institution will have access to for its own record-keeping duties as deployer
    • Whether the tool performs any form of profiling, since this removes access to the narrow-task exemptions

    Institutions with any EU touchpoint — joint degrees, EU-based applicants, satellite campuses — should apply the same checklist even where their primary jurisdiction sits outside the EU, because the Act’s extraterritorial scope catches systems whose output is used within the EU.

    Common Questions on Annex III Education Systems

    What Is Considered a High-Risk AI System Under the AI Act?

    An AI system is high-risk if it is a safety component of a product covered by Annex I legislation, or if its use case appears in Annex III — covering biometrics, education, employment, essential services, law enforcement, migration and justice — unless it genuinely poses no significant risk under the narrow Article 6(3) exemptions.

    Which Education Apps Are High-Risk Under the AI Act?

    Annex III, point 3 names four categories: admissions and access tools, learning-outcome evaluation systems, tools assessing a person’s appropriate education level, and software monitoring students for prohibited behaviour in tests. Automated essay scoring and exam proctoring fall squarely within these limbs.

    Can an Exam Proctor Be AI?

    Yes — many institutions already use AI-based remote proctoring that analyses movement, gaze and audio to flag suspected cheating. Under the AI Act, this function sits within Annex III, point 3(d), making the software high-risk and subject to conformity-assessment and human-oversight duties, not a substitute human decision-maker.

    Are Any Education AI Practices Banned Outright, Not Just High-Risk?

    Yes. Since 2 February 2025, Article 5 has banned emotion-recognition systems in educational settings outright, with no research or institutional exemption, except narrow medical or safety uses. This sits above the high-risk tier — a banned practice cannot be brought into compliance through conformity assessment.

    The classification logic behind Annex III will not soften even as its application date moves. Institutions and publishers procuring proctoring, admissions or scoring AI gain a longer runway to 2 December 2027, but the underlying duties — bias-tested data, documented conformity assessment, human override authority, and registration in the EU database — remain the fixed reference point for any system that touches a student’s access to education.

  • AI Act High-Risk Classification: Annex III for Academic AI Systems

    Admissions-screening tools, exam proctoring software, and subject-profiling systems built or bought by universities are now squarely inside EU compliance scope. AI Act high-risk classification is not a label a developer chooses — it is determined by a fixed legal test set out in Article 6 and Annex III of Regulation (EU) 2024/1689, and most research-facing AI that touches education, employment, or biometric data will fail that test into the “high-risk” tier by default. This walkthrough applies the actual Annex III criteria to the tools research administrators are most likely to encounter.

    What “High-Risk” Means Under the AI Act

    The AI Act sorts systems into four tiers: unacceptable risk (banned outright, applicable since 2 February 2025), high risk, limited risk (transparency duties only), and minimal risk (unregulated). There is no fifth “probably fine” category for academic tools — a system either clears the high-risk gate or it does not.

    Article 6 sets two separate high-risk routes. The first covers AI embedded as a safety component in products already regulated under Annex I product-safety law (medical devices, machinery, and similar). The second — the one that catches nearly all academic and research-administration tools — is Annex III: a fixed list of use cases that are always considered high-risk unless a narrow exemption applies.

    Obligations tied to the Annex III route generally apply from 2 August 2026; the Annex I product-safety route gets an extra year, to 2 August 2027. Providers who conclude their own Annex III system is not high-risk must document that assessment and register it before deployment (Article 6(4)) — silence or informal judgement calls are not a defence.

    The Annex III Walkthrough for Academic AI Systems

    Annex III groups high-risk triggers into eight domains. Three of them account for almost every academic AI tool that raises a compliance question: education, employment, and biometrics. The table below maps common research-institution tools to the specific Annex III clause they hit.

    Annex III category Example academic AI use Clause Verdict
    Education and vocational training Admissions-ranking or applicant-screening AI Annex III(3)(a) High-risk
    Education and vocational training Automated scoring that steers a student’s learning path Annex III(3)(b) High-risk
    Education and vocational training Exam-proctoring software flagging “prohibited behaviour” Annex III(3)(d) High-risk
    Employment and workers management AI screening postdoc, faculty, or research-staff applications Annex III(4)(a) High-risk
    Biometrics Emotion-recognition tool used in a lecture-engagement study Annex III(1)(c) High-risk, unless a narrow medical/safety exception applies
    Biometrics Biometric categorisation inferring ethnicity or political views from images for research subject profiling Annex III(1)(b) High-risk — the profiling override applies (see below)

    Education and Training Triggers

    Annex III(3) lists four education triggers: access/admission decisions, evaluation of learning outcomes, assessment of the appropriate level of education a person can access, and monitoring of prohibited behaviour during tests. A tool only needs to match one clause — not all four — to be caught. An institutional dashboard that merely displays grades without influencing a decision is unlikely to trigger this route; a model that ranks or filters applicants does.

    Employment and Research-Staff Triggers

    Annex III(4) covers recruitment and selection tools (targeted job adverts, CV filtering, candidate scoring) and tools used in promotion, termination, task allocation, or performance monitoring of an existing workforce. Research institutions using AI to shortlist grant-funded researchers, PhD candidates, or lab staff sit inside this trigger on the same footing as any commercial employer.

    Biometric-Categorisation and Profiling Triggers

    Annex III(1) is the sharpest edge for research tools. It covers remote biometric identification, biometric categorisation systems that infer sensitive attributes (race, political opinion, trade union membership, religious belief, sex life, or sexual orientation) from biometric data, and emotion-recognition systems — with only a narrow carve-out for systems used purely for medical or safety purposes. A study instrument that infers demographic or affective attributes from facial or voice data for research subject profiling falls inside this trigger even when the researchers’ intent is purely academic.

    The Narrow-Task Exemption — and Why Profiling Overrides It

    Article 6(3) gives Annex III systems four possible escapes: performing a narrow procedural task, improving the result of work a human already completed, detecting deviations from a prior human decision without replacing it, or performing a preparatory task before a human assessment. A system that clears one of these tests can be treated as not high-risk — but the provider must still document that judgement.

    Critically, Article 6(3) carries an override that most summaries omit: an Annex III system is always high-risk if it performs profiling of natural persons, regardless of whether it would otherwise qualify for the narrow-task exemption. Profiling is defined broadly under EU data-protection law as automated processing used to evaluate personal aspects such as performance, behaviour, preferences, or location. Any admissions tool, proctoring tool, or research instrument that builds a profile of an individual cannot use the narrow-task escape — it is high-risk by default.

    One further nuance matters for university researchers: Article 2 excludes AI systems developed and used solely for scientific research and development from the Regulation’s scope entirely. That exclusion evaporates the moment the same tool is deployed operationally — for example, adapted from a lab study into a live admissions or proctoring product.

    Common Questions on AI Act High-Risk Classification

    What is high risk under the AI Act?

    An AI system is high-risk if it is a safety component of a product regulated under Annex I, or if its use case appears in Annex III — covering biometrics, education, employment, and public services — unless a documented Article 6(3) exemption applies and no profiling occurs.

    What are the four levels of risk in the AI Act?

    The Regulation defines four tiers: unacceptable risk (prohibited outright), high risk (strict pre-market obligations), limited risk (transparency duties, such as disclosing AI-generated content), and minimal risk (largely unregulated, voluntary codes only).

    What are high-risk use cases under the AI Act?

    Annex III lists eight domains: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential services, law enforcement, migration and border control, and administration of justice or democratic processes.

    What are examples of high-risk AI systems?

    Documented examples include admissions-screening AI, exam-proctoring software, CV-filtering recruitment tools, creditworthiness scoring, biometric categorisation systems, and remote facial-recognition identification tools used by public authorities.

    Implications for Research Administrators and Developers

    For institutions procuring or building these tools, the practical checklist is short but unforgiving:

    • Map every AI tool touching admissions, assessment, proctoring, staff recruitment, or biometric data against the specific Annex III clause it might trigger.
    • Test each candidate system against the four Article 6(3) exemption conditions — and check separately whether it performs profiling, which overrides any exemption.
    • Document the classification assessment before deployment, even where the conclusion is “not high-risk,” and be ready to produce it to national competent authorities on request.
    • Re-run the assessment when a research prototype moves from the Article 2 scientific-research exclusion into operational use — the exclusion does not travel with the tool.
    • Track the compliance calendar: prohibited-practice bans applied from 2 February 2025; most Annex III obligations apply from 2 August 2026; the Annex I product-safety route follows in August 2027.

    Research administrators sit at the intersection of procurement, ethics review, and data governance, which makes this classification exercise an institutional responsibility rather than a vendor’s alone. Bodies advancing research-administration practice — including CASRAI’s research administration resources — increasingly treat AI-tool risk mapping as a standard due-diligence step alongside existing data-protection and research-integrity checks, and institutions building internal glossaries can cross-reference definitions of profiling, biometric categorisation, and related terms in the CASRAI dictionary.

    The European Commission is due to publish detailed implementation guidelines and worked examples for Article 6 classification. Until then, the safest institutional posture is to assume Annex III applies wherever an academic AI system reaches a decision about a person’s access, evaluation, employment, or biometric profile — and to document the reasoning either way.