European Commission publishes draft AI Act guidelines on high-risk classification and targeted consultation

On 19 May 2026, the European Commission published draft guidelines on the classification of high-risk AI systems under Article 6 of the EU AI Act. The guidelines help businesses assess whether their AI system falls within the high-risk category, supported by a non-exhaustive list of examples and use cases which the Commission intends to update over time.

The publication follows the agreement reached on 7 May 2026 on the AI Omnibus, a legislative proposal aimed at simplifying the AI Act as part of the Commission's broader simplification agenda. On 16 June, the European Parliament voted in favour of the AI Omnibus, with enactment now expected in the coming weeks.

Alongside the guidelines, the Commission has launched a targeted consultation inviting feedback from providers and developers of AI systems, businesses, public authorities, academia and citizens. It closes on 23 July 2026. Companies may wish to use this opportunity to suggest changes and shape the final version.

The draft guidelines adopt an expansive interpretation of the high-risk conformity assessment test, meaning substantially more AI systems, including those integrated into regulated products or which are themselves regulated products under EU harmonisation legislation, may fall within the high-risk regime than a straightforward reading of the AI Act suggests. Businesses that previously assumed their products were out of scope should revisit that assumption.

Businesses whose products or AI systems touch EU-regulated product safety sectors (such as machinery, medical devices, radio equipment, automotive or toys), or whose AI systems are used in any of the Annex III use cases (such as recruitment, credit assessment or biometric categorisation), should consider whether their systems are likely to be classified as high-risk under the guidelines.

Compliance deadlines for high-risk AI systems are extended under the AI Omnibus agreement to December 2027 for Annex III systems and August 2028 for AI embedded in safety-regulated products (Annex I).

High-risk AI systems and compliance deadlines

Only AI systems explicitly listed in the EU AI Act that present significant risks to health, safety or fundamental rights are classified as high-risk. They will then be subject to comprehensive obligations covering risk management, data governance, technical documentation, human oversight and cybersecurity.

Following agreement on the provisional text of the AI Omnibus, the compliance deadlines for high-risk AI systems have been extended:

• AI systems listed in Annex III (including systems used in recruitment and critical infrastructure): obligations apply from 2 December 2027.
• AI systems embedded as safety components in products subject to EU harmonisation legislation (such as medical devices or machinery): obligations apply from 2 August 2028.

These deferred dates apply if the AI Omnibus enters into force before 2 August 2026 (when the current high-risk rules would otherwise take effect). This is now expected within weeks.

The draft guidelines

The guidelines comprise three documents following the structure of Article 6.

The first outlines the general principles for classification. The remaining two address the two routes under which an AI system can be classified as high-risk under Articles 6(1) and 6(2) respectively.

The intended purpose of an AI system, as defined by the provider in instructions for use, promotional materials and technical documentation, plays a central role in determining whether it is high risk.

Classification under Article 6(1) and Annex I

An AI system is classified as high-risk under Article 6(1) where two cumulative conditions are met:

• the AI system is intended to be used as a safety component of a product, or is itself a product, regulated by EU harmonisation legislation listed in Annex I; and
• that product (or the AI system itself) is required to undergo a third-party conformity assessment.

Annex I covers legislation such as the Medical Devices Regulation, the Machinery Regulation, the Radio Equipment Directive and the Toy Safety Regulation. AI systems regulated by Section A of Annex I are subject to the full range of high-risk obligations. Those regulated by Section B attract a narrower set.

A "safety component" is defined as a component which fulfils a safety function for a product or AI system, or whose failure or malfunction endangers the health and safety of persons or property.

An AI system fulfils a safety function where its intended purpose is to prevent or mitigate risks to health, safety or property: for example, an AI system in a train intended to monitor speed limits and prevent collisions. By contrast, an AI system in a connected toy whose sole function is to recommend music, where failure would not create a safety hazard, is unlikely to qualify.

Even where an AI system is not intended to fulfil a safety function, it may still qualify as a safety component if its failure or malfunction would create a hazard. For example, an AI system managing lift door timing may qualify even if its intended purpose is efficient operation, because a malfunction could injure people nearby. By contrast, a smart thermostat using AI to optimise energy consumption, where failure would result only in discomfort or higher energy bills, would not meet this threshold.

'Enhanced regulatory scrutiny'

An AI system is treated as high-risk under Article 6(1) where the product incorporating it (or the AI system itself) is required by Annex I legislation to undergo a conformity assessment (the process by which a manufacturer demonstrates that a product meets specified requirements before it is placed on the market).

Many businesses developing AI systems integrated into EU-regulated products have assumed that, provided their product used only a Module A (internal control) conformity assessment route (with no notified body involvement), the third-party conformity assessment limb of Article 6(1) would not be satisfied, and their AI system would therefore fall outside the high-risk regime under that route.

The draft guidelines challenge that position. The decisive factor, according to the Commission, is not whether a notified body's involvement is mandatory, but whether the product is subject to "enhanced regulatory scrutiny" before being placed on the market. That scrutiny is present when harmonised standards must be applied as part of a conformity assessment procedure. This applies even where the procedure only involves internal controls. This is a materially broader interpretation than many businesses will have anticipated.

As a result, substantially more AI systems integrated into EU-regulated products may fall within the Article 6(1) high-risk regime. The central analytical question becomes whether the AI system is a safety component of (or is itself) a product regulated by harmonisation legislation listed in Annex I. Businesses should conduct a careful analysis to understand whether they are out of scope.

Classification under Article 6(2) and Annex III

Under Article 6(2), an AI system is classified as high-risk if it falls within one of the specific use cases listed under the eight areas in Annex III. The guidelines include examples of systems that are clearly high-risk, those outside scope, and borderline cases, together with key horizontal principles on intended purpose, complex and agentic systems, and the Article 6(3) filter mechanism.

Filter mechanism

Article 6(3) provides a filter mechanism that allows providers to rebut a high-risk classification for Annex III systems, but its scope is narrow and its application carries its own compliance obligations.

The filter is available only where the AI system does not materially influence the outcome of the relevant decision-making process; for example, where it performs only a narrow procedural task, a purely preparatory function, or improves the result of a previously completed human activity.

It cannot be relied upon at all where the AI system performs profiling of natural persons within the meaning of the General Data Protection Regulation (GDPR), the Law Enforcement Directive or the Data Protection Regulation for EU institutions.

This exclusion is significant for a wide range of commercial AI applications, including systems used in recruitment, credit assessment, migration and law enforcement contexts: all of these AI-systems usually perform profiling in some way.

Even where the filter does apply, providers are not free of all obligations: they must carry out and document a self-assessment before placing the system on the market or putting it into service, and must register the system in the EU database under Article 71 of the Act.

Businesses should not assume that Article 6(3) provides a straightforward route out of high-risk classification without careful analysis. Providers of AI-systems should conduct a particularly thorough assessment, because their customers will not buy the AI-systems if they do not agree with the provider’s classification.

The eight Annex III areas

The guidelines examine all high-risk use cases across eight areas:

Biometrics: remote biometric identification, biometric categorisation according to sensitive or protected attributes, and emotion recognition; certain categorisations (such as those relating to race or sexual orientation) are prohibited outright.

Critical infrastructure: AI used as a safety component in the management of critical digital infrastructure, road traffic, or the supply of water, gas, heating or electricity, where the deployer is a critical entity under the Critical Entities Resilience Directive.

Education and vocational training: AI determining access to educational institutions, evaluating learning outcomes, assessing appropriate education levels, or monitoring prohibited behaviour during tests.

Employment: recruitment and selection (including targeted job advertisements, application filtering and candidate evaluation) and management of work relationships, including promotion, termination, task allocation and performance monitoring; the scope extends to self-employed persons and platform workers.

Essential private and public services: AI assessing eligibility for public benefits, creditworthiness or credit scoring, risk assessment and pricing in life and health insurance, and prioritisation of emergency calls or healthcare triage.

Law enforcement: AI used by or on behalf of law enforcement authorities to assess victim or offender risk, evaluate evidence reliability, conduct profiling, or operate as polygraph-type tools.

Migration, asylum and border control: AI used by competent authorities to assess risks posed by individuals seeking to enter or remain in a member state, assist with asylum or visa applications, or detect and identify persons in border management contexts.

Administration of justice and democratic processes: AI intended to assist judicial authorities in researching or interpreting facts and law, or applying law to facts; also AI intended to influence the outcome of elections or referenda.

Osborne Clarke comment

Both the forthcoming AI Omnibus and the publication of these guidelines significantly change the practical landscape for businesses developing or deploying AI in the EU.

While the extended deadlines offer a compliance cushion, businesses with complex AI portfolios should treat this time as an opportunity to build and implement robust AI governance frameworks as soon as possible. They will also have to account for the obligations under the AI Act when developing future high-risk AI-systems.

Notably, the guidelines adopt an expansive interpretation of the Article 6(1) conformity assessment requirement. They state that the decisive factor is whether the product is subject to "enhanced regulatory scrutiny" before it can be placed on the market. This enhanced scrutiny is satisfied not only by third-party conformity assessment procedures, but also where harmonised standards are required as part of a conformity assessment procedure.

As a result of this, more AI systems are likely to be in scope of the high-risk regime than a plain reading of the AI Act would have indicated. It also means that the bulk of analysis under the Article 6(1) test will centre on limb (a): whether the AI system is a safety component of, or a product covered by, relevant harmonisation legislation listed in Annex I.

The guidelines are in draft and may therefore be subject to further change. Businesses may wish to respond to the consultation process where their AI systems are affected, and should continue to monitor additional guidelines that the Commission intends to issue on compliance with the requirements for high-risk systems.