Annex III Categories
High-risk categories include: critical infrastructure, education/vocational training, employment/worker management, access to essential private services, law enforcement, migration/border control, administration of justice, biometric categorization.
The eight categories are codified in Annex III of Regulation (EU) 2024/1689. Point 4 (employment) and point 5 (essential services including credit, public assistance, life and health insurance, emergency dispatch) are the two most likely to capture CRM workflows. Point 1 (biometrics outside law enforcement) catches voice CX systems that perform speaker identification rather than mere transcription. The Commission can amend Annex III via delegated act, so the list will expand — track the AI Office’s quarterly updates.
CRM Intersection Points
Hiring AI in Workday/Dynamics integrated with CRM. Credit decisions triggered from CRM data. Customer service AI making access decisions. Employee-monitoring AI via HR/CRM integration. Most B2B sales CRM use cases are not Annex III; specific enterprise use cases are.
Concrete examples in scope: an Einstein-scored lead model that gates which prospects get quoted financing terms (point 5b). A Service Cloud agent that decides whether a policyholder qualifies for emergency roadside coverage (point 5e). A Salesforce-integrated workforce-management tool that routes shifts based on performance scores (point 4b). Out of scope: standard sales forecasting, opportunity stage prediction, and email summarization — these are productivity tools that don’t make decisions about persons.
Compliance Essentials
Technical documentation of the AI system. Risk management system throughout lifecycle. High-quality training data with bias mitigation. Logging for traceability. Transparency to users. Human oversight. Accuracy, robustness, cybersecurity requirements.
Article 9 demands a documented risk management system updated continuously, not a one-time exercise. Article 10 requires training, validation, and test datasets to be “relevant, sufficiently representative, and to the best extent possible, free of errors” — with documented bias-detection results. Article 12 mandates automatic logging of system events for the lifetime of the system, retained at least six months. Article 14 requires human-oversight measures designed in, not bolted on. ISO/IEC 42001 certification is becoming the de facto evidence base for these articles.
Audit Readiness
Don’t wait for the first penalty case. Internal audit: what AI is deployed where, what category it falls under, what documentation exists. Remediate gaps before August 2, 2026. External audit post-deployment is part of the conformity regime.
Build a system inventory in a single registry — Collibra, OneTrust, or a structured spreadsheet works. For each system capture: provider, deployment context, Annex III mapping, risk classification rationale, oversight lead, last review date. National competent authorities (BfDI in Germany, CNIL in France) are staffing AI-Act units now and will request inventories on first contact.
Common Failure Modes
Three patterns. Treating “we use ChatGPT” as out of scope when it’s wired into a hiring funnel. Assuming the vendor’s CE marking covers your deployment configuration — it does not. Confusing GDPR DPIAs with the AI Act’s fundamental rights impact assessment (FRIA) under Article 27 — the FRIA is broader and required separately for many deployers.
What to Do This Week
Stand up an AI system inventory and tag each entry against the eight Annex III categories with a yes/no/needs-legal-review classification.
