EU AI Act obligations for AI in public administration, law enforcement, border control, and the justice system. Covers Annex III categories 5-8 and mandatory fundamental rights impact assessments.
Public Sector and the AI Act — Why Government Is the Highest-Risk Deployer
The EU AI Act (Regulation (EU) 2024/1689) applies horizontally across sectors, but its most concentrated burden of mandatory obligations falls on public bodies. Government agencies, law enforcement authorities, judicial institutions, and border management bodies are both the heaviest deployers of consequential AI and the entities whose use of AI creates the greatest structural risk to fundamental rights. The Act reflects this asymmetry in two structural ways.
First, four of the eight Annex III high-risk categories address public-sector AI directly — categories 5 through 8 cover essential public services, law enforcement, migration and border control, and the administration of justice. These categories are not residual catch-alls: they enumerate specific AI applications commonly used in government operations that carry classification-level risk by definition.
Second, Art. 27 imposes a mandatory fundamental rights impact assessment (FRIA) on public bodies before deploying high-risk AI systems. For private-sector deployers, the FRIA is strongly recommended; for public bodies, it is a legal obligation. The assessment must examine the impact of the AI system on individuals' rights under the EU Charter of Fundamental Rights, including the right to dignity (Art. 1), protection of personal data (Art. 8), the right to an effective remedy (Art. 47), and the presumption of innocence (Art. 48).
The compliance landscape for public bodies is further complicated by the layering of AI Act obligations on top of existing sector-specific regimes: the Law Enforcement Directive 2016/680, the Schengen Information System Regulation, the Frontex Regulation 2019/1896, the General Data Protection Regulation, and the constitutional requirements of the European Convention on Human Rights as interpreted by the European Court of Human Rights. Each of these frameworks creates independent obligations that must be satisfied in parallel with EU AI Act requirements.
High-Risk AI Systems — Categories 5 Through 8
Annex III, Category 5 — Essential Public Services and Benefits Assessment
Annex III, point 5(b) classifies as high-risk any AI system used to evaluate the eligibility of natural persons for essential public benefit services and make decisions in that context. This category encompasses the full spectrum of welfare-state AI:
- Automated unemployment benefit assessment: AI systems that determine whether a claimant meets eligibility criteria based on employment records, job-search activity, or means assessments.
- Housing and disability allowance decisions: Algorithmic tools that score applications for social housing priority, disability benefit entitlement, or personal independence payments.
- Social assistance fraud detection: AI profiling systems that generate risk scores for suspected benefit fraud, potentially triggering investigations or payment suspension.
Point 5(b) also covers creditworthiness and insurance AI in relation to natural persons, though the primary public-sector exposure is in benefit and service eligibility. In all cases, the classification attaches when the AI system has a material influence on access to a public service — whether or not the final decision is taken by a human official.
Annex III, Category 6 — Law Enforcement
Category 6 covers AI used by law enforcement authorities across three domains:
Risk assessment and profiling: AI systems that evaluate the likelihood of an individual committing a criminal offence, reoffending, or posing a security threat — including recidivism scoring tools used in pre-trial detention hearings, parole decisions, and sentencing recommendations. These systems are high-risk under Annex III, point 6(a).
Detection and analysis during investigations: AI for detecting emotional states, personality traits, or deceptive behaviour from facial expressions, voice, or physiological indicators used in criminal investigations. Art. 5(1)(f) separately prohibits AI systems that infer emotions of individuals in law enforcement and border management contexts except for specific safety purposes, drawing a firm outer boundary around this use case.
Deep fake and document detection: AI used to detect manipulated digital content or assess the authenticity of documents in criminal proceedings — classified as high-risk under Annex III, point 6(c).
Annex III, Category 7 — Migration, Asylum, and Border Control
Category 7 applies to AI deployed in the context of migration and border management:
Risk assessment at borders: AI systems that assess irregular migration risk or generate threat scores for individuals crossing borders — including SIS-integrated profiling tools and Frontex risk analysis systems operating under Regulation 2019/1896.
Document and identity verification: AI systems assessing the authenticity of travel documents, visas, residence permits, or identity documents for border crossing or immigration purposes.
Asylum application processing: AI that examines asylum applications, assesses the credibility of individual claims, or profiles applicants for expedited or accelerated procedures.
All category 7 systems must be assessed for compliance not only with the AI Act but with the Refugee Convention (1951), the EU Charter Art. 18 (right to asylum), and the non-refoulement principle as interpreted in ECHR case law — a constitutional constraint that the FRIA under Art. 27 must address explicitly.
Annex III, Category 8 — Administration of Justice and Democratic Processes
Category 8 addresses AI deployed within the justice system itself:
Judicial support AI: Systems that assist in researching case law, identifying applicable legal provisions, or structuring legal reasoning for judges, prosecutors, or court administrators — high-risk under Annex III, point 8(a).
Predictive justice tools: AI systems that predict the likely outcome of litigation, sentencing ranges, or judicial decisions based on historical case data. These systems raise acute concerns under Art. 47 of the EU Charter regarding the right to a fair trial, since their use in judicial decision-making may structurally disadvantage parties whose profiles differ from historical norms.
Category 8 does not prohibit AI-assisted judicial work; it subjects it to the high-risk compliance regime and requires courts and justice ministries to ensure that AI outputs are always subject to substantive human review — the judge or decision-maker must be able to, and in practice must, disregard the AI's output where it is not appropriate.
Mandatory Obligations for Public Body Deployers
Public bodies operating as deployers of high-risk AI systems under the AI Act carry a defined, non-delegable set of obligations under Art. 26 and Art. 27.
Fundamental Rights Impact Assessment (Art. 27)
The FRIA is the most distinctive obligation for public deployers. It must be conducted before deployment and must address: the specific rights-affecting purposes of the system; the categories of individuals whose rights may be affected; the foreseeable risks of harm and the probability and severity of those risks; how existing legal safeguards mitigate those risks; and the measures taken to monitor the system post-deployment. The completed FRIA must be provided to the national AI supervisory authority upon request and must be updated when the system is modified or deployed in a new context.
Human Oversight and Designated Responsibility
Art. 26(1) requires deployers to assign human oversight of high-risk AI systems to natural persons with the necessary competence, authority, and resources to intervene. In public administration, this means that each automated process affecting individuals — whether benefit eligibility, border risk scoring, or judicial support output — must have an identified official who can override the system's output and who is not structurally incentivised to defer to it.
Transparency to Affected Individuals
Art. 13 requires deployers to ensure that individuals subject to AI-assisted decisions are clearly informed that an AI system is being used. In public administration, this obligation typically requires inserting AI-use disclosures into decision letters, administrative communications, and hearing procedures. Art. 86 protects the confidentiality of data submitted to supervisory authorities in the context of compliance monitoring, providing a route for sensitive internal documentation to be disclosed without public exposure.
Logging, Record-Keeping, and Incident Reporting
Deployers must maintain operational logs of AI system activity for a minimum period — at least six months for most high-risk systems, with extended retention where the legal framework governing the underlying administrative process requires it. Serious incidents — incidents resulting in death, serious injury, significant property damage, or fundamental rights violations — must be reported to the competent national AI supervisory authority without undue delay.
Prohibited Practices in Public Administration
Certain AI practices are absolutely prohibited under Art. 5 of the EU AI Act. For public authorities, three prohibitions are of direct operational relevance.
Art. 5(1)(c) — Social scoring by public authorities: AI systems that evaluate or classify individuals based on their social behaviour or personality characteristics to generate a score used to determine access to public services, benefits, or legal treatment are prohibited. This prohibition is specifically directed at public authorities and targets so-called social credit mechanisms regardless of how they are labelled or structured.
Art. 5(1)(d) — Real-time remote biometric identification in public spaces: The use of real-time AI-powered remote biometric identification systems (facial recognition, gait analysis, or other biometric tools) in publicly accessible spaces by law enforcement authorities is prohibited, subject to three narrow exceptions: targeted searches for missing children; prevention of specific, imminent terrorist threats; and identification of suspects in serious crimes where prior judicial or independent administrative authorisation has been obtained. These exceptions are exhaustive; no general surveillance programme qualifies.
Art. 5(1)(e) — Subliminal and manipulative techniques: AI systems that deploy techniques operating below the threshold of conscious awareness to manipulate individual behaviour, or that exploit vulnerabilities of specific groups, are prohibited for all deployers including public authorities.
Enforcement — Supervisory Authorities and Oversight Mechanisms
The AI Act's enforcement architecture in the public sector involves multiple layers of competent authority.
National AI supervisory authorities designated under Art. 70 are the primary enforcement bodies for the Act in each member state. In most jurisdictions, these are or will be integrated with or closely aligned to existing data protection authorities. They have powers to conduct audits, request technical documentation and FRIA results, issue corrective orders, and impose administrative fines.
Fines for public bodies are subject to member state discretion under Art. 99(6): member states may provide that public authorities are not subject to monetary penalties, but must ensure that alternative supervisory and corrective mechanisms — including mandatory audits, publication of non-compliance findings, and suspension of AI system use — are available. This discretion does not extend to permitting non-compliance; it concerns only the financial penalty mechanism.
Data protection authorities (DPAs) and the EDPB retain parallel competence over the personal data processing dimensions of public-sector AI under GDPR and the LED. Non-compliance with GDPR or LED obligations in the context of AI system operation is subject to DPA enforcement independently of the AI Act supervisory authority.
The European Court of Human Rights constitutes an external constitutional constraint: decisions taken on the basis of algorithmic processes — particularly in criminal justice and immigration — must satisfy the Convention standards for Art. 6 (fair trial) and Art. 8 (private life) as interpreted in the ECHR's evolving case law on automated decision-making.
Implementation Roadmap for Government Agencies
Phase 1 — AI System Inventory and Classification (Months 1-3)
Public bodies must first establish a comprehensive inventory of all AI systems currently in use or under procurement. Each system must be assessed against Annex III categories 5-8 and the prohibition provisions of Art. 5. Systems involving personal data processing should be assessed simultaneously against GDPR and LED requirements. The output of this phase is a classified inventory — prohibited, high-risk, limited-risk, or minimal-risk — that drives the compliance programme.
Phase 2 — Fundamental Rights Impact Assessments (Months 3-6)
For each identified high-risk system, public bodies must commission and complete a FRIA under Art. 27. This requires legal, technical, and policy input: legal analysis of the rights at stake; technical documentation of the system's operation, training data, and known failure modes; and a policy assessment of the mitigating measures available. FRIAs must be documented and ready for submission to supervisory authorities.
Phase 3 — Provider Verification and Procurement Reform (Months 3-9)
Public procurement processes must be updated to require AI providers to demonstrate compliance with the EU AI Act as a condition of contract award. Deployers must verify CE marking, Declaration of Conformity, technical documentation, and post-market monitoring commitments before deployment. Public bodies acting as joint operators or co-developers with technology vendors must clarify responsibility allocation for conformity assessment obligations contractually.
Phase 4 — Operational Safeguards and Staff Training (Months 6-12)
Designated human oversight officials must be identified for each high-risk AI system, trained in the system's capabilities and limitations, and equipped with override procedures. Transparency notices for affected individuals must be drafted and embedded in existing administrative procedures. Logging infrastructure must be verified or established. Incident reporting protocols must be integrated with existing administrative and data protection incident management processes.
Phase 5 — Continuous Monitoring and Annual Review
High-risk AI system compliance is not a one-time certification exercise. Post-market monitoring obligations require public bodies to actively track system performance, document any changes in accuracy, bias, or behaviour, and update FRIAs when material changes occur. Annual supervisory authority reporting, where required under national law, must be supported by the documentation generated through the monitoring programme.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Yes. AI systems used to determine eligibility for public benefit services — including unemployment benefits, housing assistance, disability allowances, and social assistance — are expressly listed as high-risk under **Annex III, point 5(b)** of the EU AI Act. Public bodies deploying such systems must comply with the full set of high-risk deployer obligations under **Art. 26** and must conduct a **mandatory fundamental rights impact assessment (FRIA)** under **Art. 27** before deployment. Individuals subject to automated eligibility decisions retain rights to explanation and human review.
Public bodies deploying high-risk AI systems must: verify that the system bears a CE mark and is accompanied by an EU Declaration of Conformity; conduct a mandatory **fundamental rights impact assessment (FRIA)** under **Art. 27**, which must be submitted to the competent national AI supervisory authority where required; implement the provider's instructions for use and designate qualified staff responsible for human oversight under **Art. 26(1)**; maintain operational logs for at least six months; notify individuals that an AI system is being used in decisions that affect them, as required by **Art. 13**; and register deployment in the **EU database for high-risk AI (EUAI DB)** where applicable under **Art. 49(2)**.
Predictive policing AI — systems that generate risk assessments or profiling scores for individuals based on past behaviour, social characteristics, or geographic data — is classified as high-risk under **Annex III, point 6(a)**. Use is not prohibited outright, but it triggers the full high-risk compliance regime including mandatory conformity assessment, FRIA under **Art. 27**, human oversight obligations, and technical documentation. Separately, **Art. 5(1)(c)** prohibits AI-based social scoring by public authorities for general purposes unrelated to law enforcement. Additionally, **Art. 5(1)(d)** prohibits real-time remote biometric identification in publicly accessible spaces for law enforcement except in three narrowly defined circumstances with prior judicial or independent administrative authorisation.
No, but it is tightly regulated. AI systems used to research facts, interpret applicable law, or predict judicial outcomes are classified as high-risk under **Annex III, point 8**. They may only be deployed by courts and justice authorities if they pass conformity assessment, are accompanied by complete technical documentation, include robust human oversight mechanisms, and are subject to a FRIA under **Art. 27**. AI systems may not autonomously issue judgments; any output must be subject to meaningful judicial review. The **EU Charter of Fundamental Rights Art. 47** (right to a fair trial) and the case law of the European Court of Human Rights impose additional constitutional constraints on algorithmic justice.
The Law Enforcement Directive (LED) 2016/680 governs the processing of personal data by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences. It operates in parallel with — and is not displaced by — the EU AI Act. When law enforcement bodies deploy high-risk AI systems involving personal data processing (profiling, risk scoring, biometric analysis), both frameworks apply simultaneously. LED requires a lawful basis and purpose limitation for data processing; the AI Act imposes additional obligations on the AI system itself — data governance, technical documentation, post-market monitoring, transparency to affected individuals. Compliance with LED does not fulfil AI Act obligations, and vice versa. Deployers must maintain a legal analysis demonstrating dual compliance.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.