EU AI Act in Public Administration: Annex III, 5 + 6 + 7 + 8

April 27, 2026· Category: EU AI Act · Reading time: 3 min · As of 2026-05-02

Practitioner note: This is not legal advice. For specific situations, consult a qualified attorney or compliance officer.

TL;DR

Four Annex III areas hit public administration: social benefits (5), law enforcement (6), migration/asylum (7), justice and democracy (8)
Social scoring by public authorities is prohibited under Art. 5 EU AI Act
Mass biometric identification in public spaces is prohibited (with narrow law-enforcement exceptions)
FRIA mandatory for public-body Deployers from Aug 2, 2026
Supervision: in Germany, Federal Network Agency (Bundesnetzagentur) plus BfDI plus sector-specific authorities

1. Annex III, 5: Social benefits

Housing benefit, unemployment benefit, child-benefit auto-calculation. High-risk where AI substantially determines entitlement. FRIA required, plus accessible appeal channels for citizens.

2. Annex III, 6: Law enforcement

Predictive policing, AI evidence assessment, suspect risk profiling. Strict prerequisites; many uses are de facto prohibited in DACH jurisdictions due to constitutional and Art. 5 EU AI Act constraints.

3. Annex III, 7: Migration and asylum

Risk assessment of applicants, security scoring at borders. Familiar from EU Frontex practice. Rare for SMEs; primarily relevant to government contractors.

4. Annex III, 8: Justice and democracy

AI in court preparation, sentencing support, electoral systems. The highest standards apply: full conformity assessment, transparency, and demonstrable human oversight by qualified judicial staff.

5. Prohibitions (Art. 5)

Social scoring by public authorities is prohibited. Untargeted biometric scraping is prohibited. Mass facial recognition in public spaces is prohibited — with narrow, judicially authorized law-enforcement exceptions.

Summary

Public administration faces the broadest and strictest EU AI Act obligations. Authorities and their IT vendors must map every AI tool against Annex III items 5-8, exclude prohibited practices, and prepare FRIA plus full conformity packages. Supervision involves multiple bodies depending on sector.

View EU AI Act Kit →

Frequently Asked Questions

Who is affected?

Public authorities, social services providers, police, judiciary. Also IT service providers for public authorities.

Special supervisory authority?

BNetzA (Federal Network Agency) + BfDI (Federal Commissioner for Data Protection) + sector-specific supervisory authorities (e.g. Ministry of Justice).

Sources

Regulation (EU) 2024/1689 — EU AI Act (Art. 5 prohibitions, Annex III) (As of: 2026-05-02)
EU AI Act Annex III — public administration areas (5–8) (As of: 2026-05-02)
EU AI Act Art. 27 — FRIA (As of: 2026-05-02)

Tools & self-assessments

EU AI Act Quick Test Classifies your AI system by risk level (Art. 6, Annex III). Fining Calculator Estimate the potential fine exposure for your organisation. EU AI Act Self-Assessment Classification plus obligations mapping for all AI systems in the organisation. AI Inventory Quick Check Systematic capture of your AI applications in 8 steps.