Draft guidelines on high-risk AI systems

On May 19, 2026, the European Commission (“the Commission”) published draft guidelines on classifying high-risk artificial intelligence (“AI”) systems, pursuant to article 6 of Regulation (EU) 2024/1689 on AI (the “AI Act”), available here. The Commission has simultaneously opened a public consultation period aimed at stakeholders.

These guidelines serve as a key interpretive tool for providers, deployers, and market surveillance authorities, because they clarify the criteria for determining whether an AI system should be classified as high-risk, thereby facilitating the uniform application of the AI Act.

The guidelines are structured into three sections: (i) general principles for classification; (ii) high-risk classification according to article 6.1 and Annex I (systems integrated into regulated products); and (iii) high-risk classification according to article 6.2 and Annex III (autonomous systems in sensitive areas). Below, we highlight the main interpretive issues addressed by the Commission.

General principles for classification

As a general rule, the guidelines stipulate that (i) the system must qualify as an AI system within the meaning of article 3.1 of the AI Act (not all software applications fall under this definition); and (ii) the system’s “intended purpose” (supplied by the provider in the instructions for use, technical documentation and promotional or sales materials) is decisive for its classification.

Classification in accordance with article 6.1 and Annex I: systems integrated into regulated products

Article 6.1 requires two conditions to be met: (i) the AI system itself is a product, or is intended to be used as a safety component of a product, covered by the harmonization legislation listed in Annex I; and (ii) the product, or the AI system itself as a product, must undergo a third-party conformity assessment. Below, we analyze both requirements.

(i) AI systems that are themselves regulated products: This covers AI systems that are themselves a product directly covered by the harmonization legislation in Annex I (placed on the market independently and directly regulated by sectoral regulations). The Commission clarifies that the classification applies irrespective of whether the AI system is physically embedded within the product or is supplied as a software update, add-on, or remote service.

(ii) The concept of “safety component”: a broader autonomous definition than that provided by EU product rules. One of the most relevant interpretive issues is the characterization of the concept of a “safety component”—as defined under article 3.14 of the AI Act—as an autonomous definition. This means it is independent from sector-specific definitions included in the legislation listed in Annex I, and potentially broader than definitions found in product harmonization legislation. The definition lays down two alternative scenarios: (i) an intent-based criterion focusing on the system’s intended purpose to prevent or mitigate health and safety risks (excluding functions related to optimization, efficiency, and comfort); and (ii) a consequence-based criterion where the system’s failure or malfunctioning could endanger the health and safety of persons or property, even if its intended purpose is not safety-related. Examples include an AI system for lane assistance whose failure could cause a collision, or an AI system designed to optimize combustion efficiency in household gas appliances whose failure could cause carbon monoxide formation.

The second requirement is that the product, or the AI system itself as a product, must undergo a third-party conformity assessment. The sector-specific legislator must have concluded that the product poses a risk that requires the involvement of a notified body. The AI Act refers to the assessment procedures established in the corresponding sector-specific harmonization legislation.

Classification in accordance with article 6.2 and Annex III: autonomous AI systems in sensitive areas

(i) General aspects:

Article 6.2 classifies high-risk AI systems as those whose intended purpose falls within the use cases listed in Annex III. It identifies eight areas: Biometrics; critical infrastructure; education and vocational training; employment; essential services; law enforcement; migration, asylum and border control; and administration of justice and democratic processes.

Regarding horizontal issues, the Commission clarifies that human involvement does not preclude a high-risk classification: the only relevant determinant is the system’s intended purpose, and human oversight is a prerequisite for compliance, not an exclusion factor. If a system forms part of a more complex AI system whose joint outputs materially influence an individual decision—including agentic AI systems—the exemptions established in article 6.3 will not apply.

(ii) Article 6.3 exemptions: exemption from high-risk classification:

Article 6.3 stipulates that systems that do not pose a significant risk of harm are exempt from high-risk classification, even if they fall within one of the use cases listed in Annex III. The AI system must meet any one of these four alternative conditions: (a) perform a narrow procedural task; (b) improve the result of a previously completed human activity; (c) detect decision-making patterns without replacing human assessment; and (d) perform a preparatory task to an assessment. The Commission highlights that these conditions must be interpreted narrowly, given that they represent exceptions from the rules aimed at protecting fundamental rights.

Regarding point (a), the function must be clearly defined, purely procedural in nature, and have minimal impact on the substantive decision (indexing, document conversion, filing items into predefined folders). Regarding point (b), human activity must have been completed, and the AI system must have merely refined the result without reversing it or altering the legal or economic status of the individuals concerned. Regarding (d), this refers to actions taken prior to the evaluation process: the decisive factor is how close they are to the final decision; if the AI system produces a specific recommendation or evaluation, it cannot be considered preparatory.

It is important to note that, according to article 6.3, a system that performs profiling within the meaning of article 4.4 of the General Data Protection Regulation, will always be classified as high-risk, and cannot benefit from these exceptions.

(iii) Illustrative examples by areas listed in Annex III:

The guidelines include several practical examples. For critical infrastructure, the AI system must directly protect the infrastructure’s physical integrity, excluding functions that are merely informative or optimization-oriented, as well as systems intended exclusively for cybersecurity. In the context of employment, a broad functional interpretation is adopted: when a system analyzes applications in a way that may restrict access to job opportunities, the analysis and filtering constitute a high-risk continuum. In the administration of justice, the systems used by lawyers and legal representatives are excluded from the use case as they do not act “on behalf of a judicial authority.”

Public consultation, deadlines and regulatory context

The guidelines are subject to public consultation, which is open from May 19 to June 23, 2026, during which stakeholders can submit observations via an online questionnaire. It is worth noting that the guidelines are not binding. Any authoritative interpretation of the AI Act may ultimately be given only by the Court of Justice of the European Union. Nevertheless, these guidelines serve as a valuable tool for guiding providers' self-assessment and oversight by competent national authorities, providing greater legal certainty at a critical moment for the implementation of the AI Act.

The publication of this draft responds to the proximity of the entry into force—in August 2026—of the first obligations for operators of high-risk AI systems under article 6.2, while the obligations under article 6.1 will apply from August 2027. It is precisely this imminent deadline, together with the delay in developing harmonized standards and the regulatory ecosystem’s insufficient preparedness, that has prompted the proposal to extend these deadlines through the Digital Omnibus Regulation on AI—currently in the trilogue phase (see our previous posts here and here)—which proposes postponing them to December 2, 2027, and August 2, 2028, respectively.