EU AI Act high-risk classification: a worked example for a pharma AI inventory.

Regulation (EU) 2024/1689 — the AI Act — entered force on 1 August 2024. The high-risk obligations under Article 6(2) for the standalone Annex III categories become operational on 2 August 2026. The high-risk obligations under Article 6(1) — where the AI is a safety component of a product already covered by Annex I Union harmonisation legislation (medical devices under MDR/IVDR being the central pharma case) — apply from 2 August 2027. For most pharmaceutical organisations the binding deadline is the closer one: any AI system newly placed on the market in the EU after 2 August 2026 is already in scope of provider obligations under the Annex III route. The timeline sounds long. It is not, given that conformity assessment, post-market monitoring, and the EU database registration have to be operational before placement.

The first concrete step is an inventory. Not a marketing inventory — an inventory that maps each AI use to Annex I (the listed Union harmonisation legislation) and Annex III (the standalone high-risk areas). Most pharma companies have never assembled this document. Most do not know that Article 6(1) catches devices already regulated under Regulation (EU) 2017/745 (MDR) or Regulation (EU) 2017/746 (IVDR) once an AI system is a safety component of those devices. The classification is automatic, not optional.

/ 01The synthetic mid-cap and its AI footprint.

Consider a mid-cap pharma — €1.4 bn revenue, three approved products, two oncology candidates in Phase II/III, a generics unit registered in EU and Brazil, a manufacturing site in Cork. The AI inventory across the company looks roughly like this on a typical 2026 audit:

• Pharmacovigilance signal detection on EudraVigilance and FAERS extracts (NLP + classifier ensemble, vendor-provided)
• Adverse-event narrative drafting (LLM-assisted summarisation for E2B(R3) ICSR preparation)
• Site-selection model for the Phase III oncology trial (ML on historical recruitment, demographics, genomics)
• Bioanalytical peak-integration assist (vendor instrument software, used in regulated GLP studies)
• Document-classification model for the eTMF (TMF Reference Model 3.3 alignment, classifier with confidence scoring)
• Manufacturing deviation classifier on the Cork-site QMS (severity prediction, vendor module)
• HR resume-screening tool (used in commercial recruitment, not R&D)

/ 02Walking each one through Annex III.

Pharmacovigilance signal detection.

This is the question that splits practitioners. Article 6(1) catches AI as a safety component of a regulated product. Pharmacovigilance is required by Directive 2001/83/EC and the GVP modules — the AI is supporting a regulated activity, but it is not itself a safety component of a medical device. Annex III is the more likely entry. The classification work here is to read the system against Annex III paragraph by paragraph; signal detection landing patient-safety decisions ultimately makes the operational answer high-risk in most readings. The narrative-drafting LLM sits behind a human-in-the-loop reviewer — limited risk under Article 50, with transparency obligations.

Site-selection model.

Clinical trial site selection is part of Regulation (EU) 536/2014 (CTR) submission. The model is informing investigator selection, which is a regulator-visible decision. There is a credible argument that the system is functioning as decision support for trial conduct under Annex III(8) on administration of justice and democratic processes — almost certainly not. The stronger reading is that the model is a high-risk AI under the medical-device adjacent reading via the substantive trial-conduct decisions it shapes, and the prudent classification is high-risk with a documented rationale. iFeed's methodology defaults to the higher classification when the reading is contested; the cost of the lower classification being wrong is a recall.

Bioanalytical peak-integration assist.

Used in regulated GLP studies under ICH M10 §3.2.3. The instrument is a regulated component; the AI is a function of vendor instrument software. The vendor is the provider in the Article 25 sense. The pharma is a deployer. Deployer obligations under Article 26 — using the system as instructed, monitoring operation, retaining logs — are still substantial, and the deployer cannot wave them off because the vendor is the legal provider.

Manufacturing deviation classifier.

This sits inside a GMP system. GMP Annex 22 (in finalisation, expected H2 2026) will land on top of the EU AI Act, not instead of it. The classifier is making severity calls that affect deviation-handling timelines, batch-release decisions, regulator-notification triggers. High-risk under Annex III(8) is the operational read for any AI driving GMP quality-system decisions.

The companies that read Annex III narrowly will find that their reading is the audit finding. Read Annex III the way the regulator will read it on inspection day.

HR resume-screening tool.

This is high-risk under Annex III(4). It is not a pharma-specific use; it is a horizontal Annex III obligation. Most pharma compliance teams skip this one because it is not in the regulated pharma footprint. The AI Act does not care about that distinction.

/ 03What the conformity assessment actually does.

Annex VIII Section A registration is administrative — a database entry. Article 43 conformity assessment is the substantive work. For high-risk AI systems not covered by Annex I, the route under Article 43(2) is internal control via Annex VI. The provider documents:

• Risk management throughout the AI system lifecycle (Article 9)
• Data governance — training, validation, testing data quality and provenance (Article 10)
• Technical documentation per Annex IV (the document itself runs 30–60 pages well-prepared)
• Automatic logs preserved for at least six months (Article 12)
• Transparency to deployers (Article 13) — which is the pharma compliance team's read
• Human oversight design (Article 14)
• Accuracy, robustness, cybersecurity (Article 15) — the technical floor

The work intersects substantially with what the pharma already does for 21 CFR Part 11 / EU Annex 11: audit trails, electronic signatures, system validation. The intersection is helpful; the documents are not equivalent. The pharma-side QMS captures the regulated-product layer; Annex IV captures the AI-system layer. Both have to be inspectable.

/ 04The two-year operational shape.

By 2 August 2026: every newly placed Annex III high-risk system has to satisfy provider obligations on the day of placement. By 2 August 2027: Annex I high-risk obligations (the MDR/IVDR safety-component route) become applicable, and general-purpose AI models placed before 2 August 2025 must be brought into compliance. Article 111(2) carves out legacy Annex III systems placed before 2 August 2026 unless they undergo significant changes in design after that date — but most pharma teams will trip the significant-change clause within the lifecycle. The internal sequencing for the synthetic mid-cap looks like: Q3 2026 inventory completion and classification with documented rationale; Q4 2026 conformity assessment kick-off for the high-risk subset; Q2 2027 deployer documentation and SOP completion; Q3 2027 first internal audit against Annex IV completeness. Companies that do not start the inventory until Q1 2027 will not finish before the deadline.

The vaccine here is the inventory itself. Most pharma compliance teams do not yet have it. The first audit finding of the post-2027 era will be the absence of the inventory document, not the absence of any specific control.