The EU AI Act’s high-risk classification system places significant compliance obligations on AI systems used in specific contexts: employment and worker management, access to education, access to essential services, law enforcement, critical infrastructure. US companies selling AI products into European markets need to understand whether their products fall into these categories — and many do, without their legal teams having fully worked through it.
The compliance obligations for high-risk systems are substantial: conformity assessment (either self-assessment or third-party audit depending on the category), technical documentation including model cards and training data summaries, logging requirements sufficient for post-market monitoring, human oversight mechanisms, and accuracy/robustness certifications. These are not checkbox exercises — they require sustained engineering and documentation investment.
The 2-year compliance window (measured from August 2024 when the Act entered force) means the deadline for high-risk systems is August 2026. That is closer than most product teams recognize when they read the news coverage.
The specific categories with the most US company exposure: HR tech using AI for hiring screening or employee monitoring falls squarely in Annex III. EdTech using AI for admissions decisions or performance assessment is in scope. Credit and insurance underwriting AI is in scope. These are real product categories with real EU revenue exposure.
The operational reality: companies that have not started conformity assessment work by Q4 2025 will likely not be compliant at deadline. The path is legal review to determine scope, technical documentation of the AI system’s design and training, and either self-certification (for the self-assessment track) or a notified body engagement (for the mandatory audit track in higher-risk categories).