Tag: high-risk ai systems

  • AI Act Annex III Education Systems Explained

    Annex III of the EU AI Act (Regulation (EU) 2024/1689) classifies four specific education uses as high-risk: admissions and access decisions, evaluation of learning outcomes, assessment of the appropriate level of education for an individual, and monitoring students for prohibited behaviour during tests. That fourth category covers most commercial exam-proctoring software. Because these systems influence a person’s access to education, providers and institutions face conformity-assessment, documentation and human-oversight duties — and, as of mid-2026, a revised compliance timeline that most procurement guidance has not yet caught up with.

    Annex III is the section of the AI Act that lists the stand-alone use cases treated as high-risk regardless of sector, and education is one of eight listed domains. Under Article 6(2), any system matching an Annex III description is high-risk unless it falls within a narrow set of Article 6(3) exemptions for purely preparatory or narrow procedural tasks.

    What Annex III Actually Classifies as High-Risk in Education

    Annex III, point 3, lists four education and vocational-training use cases. Each is high-risk in its own right, not as a bundled “education AI” category:

    Annex III, point 3 What it covers Typical real-world system
    3(a) Access and admission Determining access, admission, or assignment of people to educational and vocational institutions at any level Admissions-ranking algorithms; automated place-allocation tools
    3(b) Evaluating learning outcomes Assessing outcomes, including where results steer a person’s subsequent learning path Automated essay and short-answer scoring; adaptive-learning placement engines
    3(c) Assessing appropriate education level Determining the level of education a person will receive or can access Streaming and tracking tools; aptitude-based course-eligibility systems
    3(d) Monitoring prohibited behaviour Detecting prohibited conduct by students during tests Remote exam-proctoring software with anomaly or gaze detection

    This structure matters for procurement: a vendor’s product might satisfy only one limb (proctoring under 3(d)) while a different module of the same platform — an automated grading feature, say — separately triggers 3(b). Each function needs its own classification check rather than a single institution-wide judgement.

    Why Proctoring and Admissions AI Meet the High-Risk Threshold

    The AI Act treats education systems as high-risk because their outputs shape a person’s access to opportunity, not because the underlying technology is novel. Recital 56 explains that AI in education can determine “the educational and professional course of a person’s life” and, where biased or opaque, can perpetuate discrimination on grounds such as disability, ethnic origin or sexual orientation.

    Two features push a system firmly into the high-risk tier. First, if the tool performs profiling of natural persons — building a behavioural or performance profile used in a decision — Article 6(3) removes the narrow-task exemptions entirely, so the system is automatically high-risk. Most commercial proctoring tools that flag “suspicious behaviour” patterns over time perform exactly this kind of profiling. Second, where a system’s error directly changes an admission, grading or progression outcome, it cannot credibly claim the “preparatory task only” or “improves a human decision” carve-outs in Article 6(3), because the human reviewer rarely has the practical capacity to re-examine every flagged case in full.

    Conformity-Assessment Duties That Follow

    Classification as high-risk is the trigger, not the end point. Providers placing an Annex III education system on the market must run it through conformity assessment under Article 43 before deployment, and both providers and deploying institutions then carry ongoing obligations:

    • Establish and maintain a risk-management system across the tool’s lifecycle
    • Use training, validation and test data that is relevant, representative and checked for bias
    • Produce technical documentation demonstrating compliance, and enable automatic logging for traceability
    • Complete a declaration of conformity, affix the CE marking, and register the system in the EU high-risk AI database under Article 49
    • Deployers must run a fundamental rights impact assessment before first use, keep human oversight with real override authority, and tell students and applicants that a high-risk system is involved

    None of these duties can be delegated to the software vendor by contract alone. An institution that deploys a high-risk admissions tool is a deployer under the Act and carries deployer-specific obligations even where the vendor, as provider, has already completed its own conformity assessment.

    The compliance timeline itself has shifted since most existing guidance was written. Article 113 originally set 2 August 2026 as the date the Annex III obligations became applicable. On 7 May 2026, the European Parliament and the Council reached a provisional political agreement on the Digital Omnibus on AI, replacing that date with fixed extensions: 2 December 2027 for stand-alone Annex III systems (including education), and 2 August 2028 for Annex I product-embedded systems. Separately, the marking obligations under Article 50(2) now fall due on 2 December 2026. Until the agreed text is formally adopted and published in the Official Journal, the original 2 August 2026 date remains the legally binding one — institutions should treat the extension as highly likely, not yet certain.

    Obligation Original deadline Revised deadline (Digital Omnibus, agreed 7 May 2026)
    Annex III stand-alone high-risk systems (education, employment, essential services) 2 August 2026 2 December 2027
    Annex I product-embedded high-risk systems 2 August 2027 2 August 2028
    Article 50(2) transparency/marking obligations 2 August 2026 2 December 2026

    What This Means for Procurement of Proctoring and Admissions AI

    For institutions and publishers buying exam-proctoring, admissions-ranking or automated-scoring tools, the practical question is no longer “is this AI regulated eventually” but “which Annex III limb applies, and can the vendor prove it.” A procurement checklist built around Annex III should require vendors to confirm, in writing, before contract renewal:

    • Whether each distinct feature of the product (scoring, proctoring, ranking) falls under Annex III, point 3(a)-(d), and if so, which limb
    • Evidence of a completed or in-progress conformity assessment and EU database registration, or a documented Article 6(3) exemption assessment
    • What training data was used, and what bias-testing was performed against protected characteristics
    • What logging and traceability the institution will have access to for its own record-keeping duties as deployer
    • Whether the tool performs any form of profiling, since this removes access to the narrow-task exemptions

    Institutions with any EU touchpoint — joint degrees, EU-based applicants, satellite campuses — should apply the same checklist even where their primary jurisdiction sits outside the EU, because the Act’s extraterritorial scope catches systems whose output is used within the EU.

    Common Questions on Annex III Education Systems

    What Is Considered a High-Risk AI System Under the AI Act?

    An AI system is high-risk if it is a safety component of a product covered by Annex I legislation, or if its use case appears in Annex III — covering biometrics, education, employment, essential services, law enforcement, migration and justice — unless it genuinely poses no significant risk under the narrow Article 6(3) exemptions.

    Which Education Apps Are High-Risk Under the AI Act?

    Annex III, point 3 names four categories: admissions and access tools, learning-outcome evaluation systems, tools assessing a person’s appropriate education level, and software monitoring students for prohibited behaviour in tests. Automated essay scoring and exam proctoring fall squarely within these limbs.

    Can an Exam Proctor Be AI?

    Yes — many institutions already use AI-based remote proctoring that analyses movement, gaze and audio to flag suspected cheating. Under the AI Act, this function sits within Annex III, point 3(d), making the software high-risk and subject to conformity-assessment and human-oversight duties, not a substitute human decision-maker.

    Are Any Education AI Practices Banned Outright, Not Just High-Risk?

    Yes. Since 2 February 2025, Article 5 has banned emotion-recognition systems in educational settings outright, with no research or institutional exemption, except narrow medical or safety uses. This sits above the high-risk tier — a banned practice cannot be brought into compliance through conformity assessment.

    The classification logic behind Annex III will not soften even as its application date moves. Institutions and publishers procuring proctoring, admissions or scoring AI gain a longer runway to 2 December 2027, but the underlying duties — bias-tested data, documented conformity assessment, human override authority, and registration in the EU database — remain the fixed reference point for any system that touches a student’s access to education.

  • AI Act Researcher Access to High-Risk Systems

    Article 92 of the EU AI Act does not create a DSA-style “vetted researcher” scheme for high-risk AI systems. It gives the European Commission’s AI Office — supported by Commission-appointed independent experts — power to demand evaluation access, including source code, to general-purpose AI models with systemic risk. Outside academics cannot yet apply for access under Article 92 itself.

    Article 92 is the provision of Regulation (EU) 2024/1689 that lets the AI Office conduct compliance and systemic-risk evaluations of general-purpose AI (GPAI) models, requesting access “through APIs or further appropriate technical means and tools, including source code” from the model’s provider. It becomes applicable on 2 August 2026, under the Article 113 staggered-application timetable.

    What Article 92 actually grants

    Article 92(1) gives the AI Office, after consulting the AI Board, the power to evaluate a general-purpose AI model in two circumstances: where information already gathered under Article 91 is insufficient to assess a provider’s compliance, or to investigate systemic risks following a qualified alert from the scientific panel under Article 90.

    Under Article 92(3), the Commission may request access to the model “through APIs or further appropriate technical means and tools, including source code.” Article 92(4) requires each request to state its legal basis, purpose, and the fine under Article 101 that applies if the provider refuses. This is a regulator-to-provider compliance channel, not an open door for the research community.

    Who can request access — and who cannot

    The Commission may itself request access, or it may appoint independent experts to carry out the evaluation on its behalf, drawn in particular from the scientific panel established under Article 68. Those experts must meet the Article 68(2) criteria before they can touch any model.

    • Particular expertise and competence in AI, demonstrated through up-to-date scientific or technical knowledge.
    • Independence from any provider of AI systems or general-purpose AI models.
    • A demonstrated ability to carry out evaluation activities diligently, accurately, and objectively.

    There is no equivalent of the DSA’s open application route. A university researcher cannot submit a “duly substantiated application” to a national authority and be awarded status; the Commission selects panel members, and the AI Office decides when to deploy them. Article 68(4) further binds experts to confidentiality and impartiality, and requires each to file a public declaration of interests.

    What data, logs, and systems are in scope

    Article 92 targets general-purpose AI models — not the full universe of “high-risk AI systems” listed under Annex III (recruitment tools, credit-scoring systems, education-admission systems, and the like). The provision is narrower and sits in Chapter V’s enforcement toolkit for GPAI providers, with particular focus on models presenting systemic risk.

    A GPAI model is presumed to carry systemic risk once its cumulative training compute exceeds 1025 floating-point operations (FLOPs), per the AI Act’s Article 51 threshold; the Commission can also designate a model systemic on the scientific panel’s advice. Once access is requested, the scope can include:

    • API-level access to the model’s outputs and behaviour under specified test conditions.
    • Source code, where API access is insufficient to complete the evaluation.
    • Prior “structured dialogue” under Article 92(7), where the AI Office first discusses the provider’s internal testing and risk-mitigation measures before formally requesting access.

    Article 92(6) leaves the fine-grained detail — expert-selection procedure, evaluation arrangements, timelines — to a future Commission implementing act, so several operational details remain unsettled ahead of the 2 August 2026 application date.

    Article 92 vs the DSA’s vetted-researcher regime

    Commentary that describes Article 92 as “modelled on the DSA” understates a structural difference: the Digital Services Act’s Article 40(8) builds a standing, application-based pathway for named external researchers, while the AI Act channels evaluation through a Commission-controlled expert panel. The table below sets out the contrast.

    Feature AI Act Article 92 DSA Article 40
    Who gets access AI Office directly, or independent experts appointed by the Commission External “vetted researchers” who apply and are approved
    Application route None — experts are selected by the Commission from the Article 68 scientific panel Duly substantiated application to a Digital Services Coordinator
    Eligibility test Article 68(2): AI expertise, independence, diligence Article 40(8): research-organisation affiliation, independence, funding disclosure, data-security capability, proportionality, public-results commitment
    Subject matter General-purpose AI models, especially those with systemic risk Data held by very large online platforms and search engines
    Trigger Insufficient Article 91 information, or a systemic-risk alert Research into systemic risks under Article 34(1)
    Legal instrument Regulation (EU) 2024/1689 Regulation (EU) 2022/2065

    For a researcher hoping to independently audit a high-risk AI system deployed by a university, employer, or public body, Article 92 currently offers no comparable entry point. The closer analogue for that kind of scrutiny remains national market-surveillance authority activity under Chapter IX of the AI Act, not a researcher-access clause.

    Answer-first Q&A

    Does the AI Act give researchers open access to high-risk AI systems?

    No. Article 92 grants access powers to the AI Office and Commission-appointed independent experts, not to self-nominating academic researchers. Unlike the DSA, there is no statutory application process through which an outside researcher can request evaluation access to a high-risk AI system or a general-purpose AI model.

    What is the difference between AI Act Article 92 and DSA Article 40?

    Article 92 lets the Commission compel access to general-purpose AI models for compliance and systemic-risk evaluation, using its own appointed experts. DSA Article 40 instead lets external “vetted researchers” apply to a Digital Services Coordinator for access to platform data, a genuinely open external-researcher pathway that Article 92 does not replicate.

    Who qualifies as an independent expert under Article 68?

    Under Article 68(2), experts must show up-to-date AI expertise, complete independence from any AI system or model provider, and the ability to work diligently and objectively. The Commission selects the panel, sets its size, and must ensure fair gender and geographical representation among members.

    When does Article 92 take effect?

    Article 92 becomes applicable on 2 August 2026, in line with the AI Act’s staggered timetable under Article 113. The supporting scientific panel under Article 68 was already applicable from 2 August 2025, giving the Commission a year to establish the panel before evaluation powers activate.

    Implications for research administrators and institutions

    Research administration teams should separate two distinct exposures. First, if their institution deploys AI systems that fall under Annex III — admissions or assignment tools for educational institutions, recruitment and candidate-evaluation systems, or emergency-services triage tools — those systems are “high-risk” under the AI Act’s own Chapter III framework and carry provider or deployer obligations regardless of Article 92.

    Second, if their institution’s researchers want to study a general-purpose AI model with systemic risk, Article 92 does not currently give them a route to request evaluation access in the way DSA Article 40 lets accredited researchers request platform data. Institutions monitoring AI governance developments in research administration should track the Commission’s pending Article 92(6) implementing act, since it may eventually broaden how external expertise is brought into the evaluation process.

    Outlook

    The gap between Article 92’s provider-facing evaluation power and the DSA’s researcher-facing access regime is likely to remain a live policy debate through 2026 and 2027, as the AI Office builds out its scientific panel and issues the implementing acts required by Article 92(6). Until then, claims that the AI Act “grants researcher access to high-risk systems” overstate what the text currently delivers: a regulator’s evaluation tool, not a researcher’s request mechanism.

  • Digital Omnibus AI Act: New 2027 Deadlines

    The Digital Omnibus AI Act agreement, reached by EU co-legislators on 7 May 2026, postpones the AI Act’s high-risk obligations to 2 December 2027 for standalone systems and 2 August 2028 for product-embedded systems, pushes the national AI regulatory sandbox deadline from 2 August 2026 to 2 August 2027, and shortens the AI-generated-content labelling grace period to a new deadline of 2 December 2026. Prohibited-practice and general-purpose-AI (GPAI) obligations already in force are unaffected.

    The Digital Omnibus on AI is the EU’s amending regulation to Regulation (EU) 2024/1689 (the AI Act) that recalibrates several implementation deadlines and simplifies selected compliance requirements without altering the Act’s underlying risk-based framework.

    What Has Changed Under the Digital Omnibus?

    The European Commission published its Digital Omnibus on AI proposal on 19 November 2025, and the Council presidency and European Parliament negotiators reached a provisional political agreement on 7 May 2026. The European Parliament granted final approval on 16 June 2026. As of early July 2026, formal Council adoption and publication in the Official Journal are still pending, with completion expected by 2 August 2026 — the very date the original high-risk deadline would otherwise have taken effect.

    Until the amending regulation is published, the AI Act’s original text remains binding law. This is a narrow but real compliance-planning window: institutions cannot yet treat the new dates as legally settled, only as highly likely.

    The package also adds a new prohibition on AI systems that generate child sexual abuse material (CSAM) or non-consensual sexually explicit content (“nudifier” apps), reinstates the EU database registration requirement for AI systems exempted from high-risk classification, and reverts a proposed relaxation on processing special category data for bias detection back to a strict-necessity test.

    What Are the New AI Act Compliance Deadlines?

    The revised timeline replaces the Commission’s original “standards-linked” mechanism with fixed calendar dates, giving institutions a firm planning horizon rather than a moving target tied to standardisation progress.

    Obligation Original deadline New deadline Change
    Standalone high-risk systems (Annex III: education access, employment/HR, credit scoring, critical infrastructure, law enforcement) 2 August 2026 2 December 2027 16-month delay
    High-risk systems embedded in regulated products (Annex I: medical devices, machinery, toys) 2 August 2027 2 August 2028 12-month delay
    AI-generated content labelling/watermarking (Article 50(2)) 2 August 2026 2 December 2026 Grace period cut to 4 months
    National AI regulatory sandbox establishment (Article 57) 2 August 2026 2 August 2027 12-month delay
    Ban on CSAM/non-consensual intimate AI content Not previously prohibited 2 December 2026 New obligation
    Prohibited AI practices (Article 5) 2 February 2025 Unchanged Already in force
    GPAI model obligations (Articles 53–55) 2 August 2025 Unchanged Already in force

    Per the Council’s 7 May 2026 press release, “the provisional agreement also introduces a fixed timeline for the delayed application of high-risk rules: the new application dates would be 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products.” The same text confirms the sandbox deadline is postponed “until 2 August 2027.”

    Which AI Act Obligations Still Apply in 2026?

    Despite the headline delays, several obligations remain live this year. Institutions should not read “Digital Omnibus” as “AI Act paused.” The Act’s prohibited-practice regime and its general-purpose-AI rules were untouched by the negotiations.

    • Prohibited AI practices under Article 5 (e.g. social scoring, certain biometric categorisation, manipulative systems) have applied since 2 February 2025 and remain fully enforceable.
    • GPAI model provider obligations (transparency documentation, copyright-policy summaries, systemic-risk assessment for the most capable models) have applied since 2 August 2025.
    • Most Article 50 transparency duties — informing individuals they are interacting with an AI system, or that content is AI-generated — still take effect from 2 August 2026; only the specific machine-readable watermarking sub-obligation is delayed to 2 December 2026.
    • The narrowed research exemption in Article 2(6)/(8) is unchanged: it still covers only AI systems developed for the “sole purpose” of scientific research and development, and does not extend to real-world testing outside that narrow scope — a gap industry and legal commentators flagged but the Omnibus did not close.

    What Should Research Institutions Do Now?

    The Annex III high-risk categories map directly onto functions many universities, funders, and research offices already run or procure: “access to education and vocational training,” and “employment-related uses” covering recruitment, performance monitoring, and promotion decisions. Any admissions-scoring tool, proctoring system, or HR-screening AI a research institution uses now has until 2 December 2027 rather than August 2026 to meet high-risk documentation, human-oversight, and conformity-assessment requirements.

    That extra runway does not extend to everything an institution touches:

    • GPAI-based research tools (foundation models used in text/data mining, literature synthesis, or research-assistant products) are already subject to provider transparency obligations since August 2025 — this was not delayed and should already be reflected in procurement due diligence.
    • AI regulatory sandboxes, a route some national research funders and public research bodies planned to use for supervised testing of experimental AI tools, will not be mandatory at national level until 2 August 2027 — a year later than institutions may have budgeted for.
    • The research exemption remains narrow. Institutions running real-world pilots of AI tools (learning-analytics trials, clinical-AI validation studies) outside a controlled research-only environment should not assume blanket exemption; the classification tests apply as originally drafted.
    • AI-content labelling (Article 50(2), now due 2 December 2026) is directly relevant to scholarly publishing workflows: journals, repositories, and preprint servers using generative tools in editorial or production processes should track this date alongside their existing disclosure policies for AI-assisted content.

    Research administration offices coordinating compliance calendars should treat 2 December 2027 and 2 August 2028 as the two hard deadlines for high-risk systems, while keeping the unaffected 2025-dated GPAI and prohibited-practice obligations on their existing tracker — the Digital Omnibus changes the pace of the high-risk regime, not its scope.

    Answer-First Q&A

    What is the timeframe for the AI Act?

    The AI Act entered into force on 1 August 2024. Prohibited practices applied from 2 February 2025 and GPAI obligations from 2 August 2025. Following the Digital Omnibus, standalone high-risk systems now apply from 2 December 2027 and product-embedded high-risk systems from 2 August 2028.

    When do the AI Act’s high-risk obligations now apply?

    Under the provisional agreement, standalone Annex III high-risk systems (education, employment, credit, critical infrastructure) must comply by 2 December 2027. Annex I product-embedded systems (medical devices, machinery) have until 2 August 2028 — 16 and 12 months later than the AI Act’s original dates, respectively.

    Does the Digital Omnibus delay the AI Act sandbox deadline?

    Yes. The national AI regulatory sandbox deadline under Article 57 moves from 2 August 2026 to 2 August 2027, giving competent authorities an extra year to build supervised testing environments for innovators and public bodies.

    What AI Act obligations still apply in 2026?

    Prohibited practices and GPAI model obligations remain fully in force, having applied since 2025. Most Article 50 transparency duties still take effect on 2 August 2026, and the new CSAM/nudifier ban and AI-content watermarking sub-obligation both land on 2 December 2026.

    What Happens Next?

    The amending regulation still requires formal Council adoption and publication in the Official Journal before the new dates become legally binding, a process both the Council and independent legal analysis expect to conclude by 2 August 2026. Research institutions should build compliance calendars around the dates above now, while monitoring the Official Journal publication to confirm the fixed timeline takes definitive legal effect, and continue tracking CEN-CENELEC’s harmonised AI standards, whose slower-than-expected delivery was the stated driver for the entire postponement.

  • EU AI Act Compliance: University AI Checklist

    EU AI Act compliance obligations activate the moment a university’s AI system moves from a research prototype into real-world use. An admissions screening tool, a plagiarism detector, or a student-facing chatbot that starts operating on live applicant or student data falls outside the Article 2(6) research exemption and must meet the Regulation’s governance, documentation and human-oversight requirements for high-risk systems.

    The EU AI Act — Regulation (EU) 2024/1689 — is the European Union’s binding, risk-based framework that classifies artificial intelligence systems by risk level and imposes proportionate obligations on providers and deployers, including universities that operate AI tools within the EU or whose outputs affect EU users.

    What the Article 2(6) Research Exemption Actually Covers

    Article 2(6) excludes AI systems and AI models “specifically developed and put into service for the sole purpose of scientific research and development” from the Regulation’s scope. The exemption is narrow by design: it protects genuine R&D activity, not any AI project that happens to originate in a university lab.

    Most institutional coverage of the AI Act stops here, treating the research exemption as a blanket shield for higher education. It is not. The exemption tracks purpose, not origin: a model stays exempt only while its sole function is research — the instant it is repurposed to inform an operational decision, the exemption lapses for that use.

    This matters because universities routinely graduate tools from prototype to production: a thesis project becomes an admissions triage assistant, a plagiarism-detection experiment becomes the software every faculty uses to screen coursework. Each transition is a legal event under the AI Act, not just a technical rollout.

    Which University AI Systems Lose Exemption on Deployment

    Annex III of the AI Act designates four categories of education-sector AI as high-risk once deployed operationally: systems used to determine admission or assignment to an institution, to evaluate learning outcomes, to assess the appropriate level of education an individual should receive, and to monitor or detect prohibited student behaviour during tests — the Annex III wording that squarely covers exam-integrity and plagiarism-detection tools.

    A separate, already-enforceable rule applies to emotion-detection features sometimes bundled into exam-proctoring software: Article 5(1)(f) has banned emotion-recognition systems in educational institutions since 2 February 2025, with narrow exceptions for medical or safety purposes. A proctoring tool that infers stress or attentiveness from webcam data is not merely high-risk — it may be prohibited outright.

    Student-facing chatbots sit differently on the risk scale. A general enquiries chatbot typically falls under the lighter Article 50 transparency regime — it must disclose that users are interacting with AI — unless its outputs feed directly into an Annex III decision such as admissions ranking, in which case the high-risk obligations apply to that decision pathway.

    Deployment stage Example AI Act status University’s primary duty
    Lab prototype Model trained on institutional data, never used operationally Exempt — Article 2(6) Monitor for change of purpose
    Pilot with real users Admissions-triage assistant tested on live applicant files Conditionally exempt via regulatory sandbox Informed consent; sandbox registration (Article 57)
    Live admissions tool AI ranks or screens applicants operationally High-risk — Annex III(3)(a) Full Articles 9–15 obligations; FRIA (Article 27)
    Live exam-integrity monitor AI flags prohibited behaviour during tests High-risk — Annex III(3)(d) As above, plus an Article 5(1)(f) emotion-recognition check
    Public-facing chatbot Answers prospective-student enquiries Limited risk — Article 50 AI-interaction disclosure only

    The Governance and Documentation Checklist

    Once a system loses exemption, the deployer obligations that apply are the same ones any commercial organisation faces — but universities carry one duty that most private-sector guidance omits. Under Article 27, deployers that are bodies governed by public law must complete a Fundamental Rights Impact Assessment before putting a high-risk system into use. Most EU public universities meet that definition, which makes the FRIA a default step, not an optional extra.

    1. Inventory and classify every AI system reaching operational use, including vendor and embedded tools — not only in-house builds.
    2. Re-test Article 2(6) applicability at every go-live decision; log the classification rationale.
    3. Complete a Fundamental Rights Impact Assessment (Article 27) before deployment, particularly where the institution is a public-law body.
    4. Screen for Article 5 prohibited practices, including emotion recognition in educational settings.
    5. Establish human oversight checkpoints under Article 14: named staff, defined intervention points, escalation routes.
    6. Centralise technical documentation, instructions for use and event logging under Articles 11–13.
    7. Verify the vendor’s conformity assessment where a third-party tool is used — compliance cannot be outsourced to the supplier.
    8. Register the system in the EU high-risk database (Article 71) once the applicable Annex III deadline is reached.

    The compliance timeline has moved since most explainer content was written. Article 5 prohibitions and AI-literacy obligations have applied since 2 February 2025. General-purpose AI model obligations under Articles 51–55 have applied since 2 August 2025. Article 50 transparency duties take effect on 2 August 2026. Following the AI Act Omnibus political agreement of 7 May 2026, the Annex III high-risk deadline for use-based systems — including the education-sector list above — has been deferred to 2 December 2027, pending formal adoption and publication in the Official Journal.

    The deferral changes the runway, not the workload. Institutions that wait for the 2027 deadline to start classification and documentation work will find the FRIA and human-oversight design take longer to build than the calendar suggests.

    Compliance-Checker Tools and Regulatory Sandboxes

    The European Commission operates an official EU AI Act Compliance Checker through its AI Act Service Desk, which helps providers and deployers work out which obligations apply to a given system. It is a useful first-pass triage tool, but it does not substitute for a documented FRIA — it tells an institution which article applies, not how to evidence compliance with it.

    For institutions building a repeatable governance structure rather than a one-off assessment, ISO/IEC 42001 — the international standard for AI management systems — maps closely to the AI Act’s risk-management, data-governance and documentation articles, and offers a certifiable framework that research offices can run alongside existing research-integrity governance.

    Universities piloting a system before full operational rollout have a formal route available: Article 57 requires each Member State to establish at least one AI regulatory sandbox, giving providers — including public research institutions — a supervised environment to test systems with real users under national-authority oversight before the full high-risk regime applies.

    This governance shift sits alongside a broader move across research administration, where institutions are building the same kind of structured accountability for AI tools that they have long applied to research-integrity and data-management obligations.

    Common Questions on EU AI Act Compliance for Universities

    Does the EU AI Act research exemption cover university AI tools after deployment?

    No. The Article 2(6) exemption applies only while a system is developed and used solely for scientific research. Once a university deploys the same tool operationally — for admissions, plagiarism detection or another administrative decision — the exemption ends and high-risk or transparency obligations apply.

    Which university AI systems count as high-risk under the EU AI Act?

    Annex III lists four education categories: systems deciding admission or assignment, evaluating learning outcomes, assessing appropriate education level, and monitoring prohibited behaviour during tests. Admissions-screening tools and exam-integrity or plagiarism-detection systems fall squarely within this list once operational.

    What is a Fundamental Rights Impact Assessment and does it apply to universities?

    A Fundamental Rights Impact Assessment (Article 27) evaluates a high-risk AI system’s effect on individuals’ rights before deployment. It is mandatory for deployers that are bodies governed by public law — a category that covers most public universities in the EU deploying Annex III systems.

    When do EU AI Act high-risk obligations for education systems take effect?

    Following the Omnibus political agreement of 7 May 2026, Annex III high-risk obligations — including the education-sector list — are deferred to 2 December 2027, pending formal adoption. Article 5 prohibitions and GPAI obligations are already enforceable now.

    For research administrators, the practical implication is sequencing: build the AI inventory, classification log and human-oversight design now, while the Annex III deadline still allows time for a proper Fundamental Rights Impact Assessment rather than a rushed one. Waiting for the deadline to arrive before starting is the most common way institutions turn a manageable governance project into a last-minute compliance emergency.