EU AI Act Article 6 high-risk classification: how are you mapping existing ML systems to the Annex III categories?

We're doing an internal audit of our ML inventory against the EU AI Act's Annex III high-risk categories. The classification isn't always straightforward — some models sit at the boundary (e.g. fraud detection that influences credit access vs. pure internal risk scoring). Jurisdiction: EU, DE, INTL Questions for the group: 1. Are you classifying systems by intended purpose or actual impact? 2. How are you handling systems that were deployed before the Act's applicability date? 3. Has anyone mapped their model registry to Annex III categories in a reproducible way? Looking for practical experience, not legal opinions.