EU AI Act & grading with AI

Annex III (the list of high‑risk use cases) covers certain education scenarios. It includes systems that decide on admission or placement, and systems that evaluate performance or learning outcomes where results have significant effects (for example, automated grading used to determine a final mark). Tools that are clearly decision support, with a documented human making the final decision, may fall outside the high‑risk classification, but they still require transparency and careful use.

Where AI assists with grading/marking, institutions act as deployers. Define intended use, keep humans in control, and ensure transparency and logging. See obligations for deployers and Annex III summaries at artificialintelligenceact and the Commission overview.

In practice, institutions should put in place the following:

• Define purpose and context of use; document intended users
• Assign trained human overseers with ability to override outcomes
• Inform students/users when AI assists, unless obvious from context
• Follow provider instructions for use; set access and training policies
• Keep and review logs of relevant events
• Evaluate accuracy, robustness and potential bias in your context
• Conduct DPIA where appropriate; align with GDPR and DPAs
• Manage suppliers contractually; keep documentation accessible

Providers of high‑risk functionality must implement structured quality and risk controls and complete conformity steps before placing on the market. See Annex III, provider obligations and conformity assessment summaries at artificialintelligenceact and the Commission overview.

In practice, providers should put in place the following:

• Quality and risk management system across the lifecycle
• Representative, relevant datasets and data governance
• Technical documentation and clear instructions for use
• Logging of relevant events
• Human oversight measures by design
• Accuracy, robustness and cybersecurity controls
• Conformity assessment; EU declaration of conformity; CE marking
• Post‑market monitoring and serious‑incident reporting
• Register high‑risk systems in the EU database (where applicable)

The Act applies gradually. From 2 February 2025, prohibited AI practices are banned. From 2 August 2025, obligations for providers of general‑purpose AI models apply. From 2 August 2026, most remaining provisions, including requirements for high‑risk systems in Annex III, apply. Non‑compliance can lead to significant fines, up to €35 million or 7% of global annual turnover depending on the infringement.

Eval is designed for human‑in‑the‑loop use in education. Every AI‑generated suggestion is reviewed and explicitly accepted by the teacher before it can be exported or applied. This preserves meaningful human oversight and ensures the educator remains the decision‑maker. Eval keeps relevant logs, provides clear explanations of suggestions, and documents purpose and context of use. Data is handled under GDPR principles with DPAs and hosting in the EEA. Together, these controls support the Act’s requirements for deployers and, where relevant, for providers of high‑risk functionality.