Chapter 4 of 8

The Commission's Draft High-Risk Guidelines: What They Clarify and What to Do Before 23 June 2026

16 min read

The Commission's draft high-risk AI classification guidelines arrived 19 May 2026. What they clarify, their legal weight, and how to respond by 23 June 2026.

On 19 May 2026, the European Commission published its draft guidelines on the classification of high-risk AI systems under Article 6(5) of Regulation (EU) 2024/1689 (the EU AI Act). That is roughly three and a half months after the 2 February 2026 deadline the Act itself set. The draft comes in three documents: general classification principles, the Article 6(1) route for products and safety components under Annex I, and the Article 6(2) route through the Annex III use cases. Each carries practical examples of what falls in and out of high-risk.

A targeted consultation is open until 23 June 2026, with the final version expected later in 2026. The guidelines are not legally binding. But market surveillance authorities will treat them as the default reading of Article 6, so a classification that diverges from them needs stronger documentation, not silence. This page sets out what the draft clarifies chapter by chapter, how much legal weight it carries, and the two decisions to make before the consultation closes.

Last reviewed: 10 June 2026 — the consultation closes 23 June 2026; this page will be updated when the final guidelines land.

Three and a Half Months Late: The Draft Guidelines Arrive

What Was Published on 19 May 2026 — Article 6(5)

Article 6(5) required the Commission to provide guidelines specifying the practical implementation of Article 6, together with a list of practical examples of high-risk and non-high-risk use cases, by 2 February 2026. The draft arrived on 19 May 2026, roughly three and a half months late. It was published on digital-strategy.ec.europa.eu as three downloadable documents, and surfaced through the AI Act Single Information Platform.

The lateness matters less than it would have a year ago. Days earlier, the Digital Omnibus agreement had moved the main Annex III high-risk date to 2 December 2027, pending formal adoption, so the guidelines arrive with usable runway rather than weeks before the obligations bite. The caveats around that agreement are covered below.

The Consultation Window: Open Until 23 June 2026

The targeted consultation opened alongside the draft on 19 May 2026 and runs until 23 June 2026. As of this writing, it is open. Anyone with an interest in developing, deploying, supervising or using AI systems may respond: providers, deployers, authorities, researchers and civil society organisations.

One procedural point decides whether your input counts. Only responses submitted through the Commission's EUSurvey questionnaire feed into the summary report; position papers sent by email do not. The final version is expected later in 2026, after the consultation closes and the AI Board has provided its input. No formal adoption date has been announced.

What the Draft Contains: Three Documents, One Decision Logic

The three parts of the draft mirror the two statutory routes into high-risk status under the Article 6 classification rules:

General principles: how to read intended purpose, when something is an AI system at all, and how integrated workflows are assessed.
Article 6(1) and Annex I: AI systems that are products, or safety components of products, covered by Union harmonisation legislation.
Article 6(2) and Annex III: stand-alone AI systems in the eight Annex III areas, with practical in-scope and out-of-scope examples per area.

Two reading notes. First, the Commission states that the examples are not exhaustive and may be updated over time, so the absence of your use case from the lists is not a clearance. Second, read the general principles first, because they condition everything that follows, then read only the route that matches your system: product-embedded (Annex I) or stand-alone (Annex III).

General Principles: Substance Over Disclaimers

The first document opens with the gate question: is the system an AI system at all under Article 3(1)? The definition turns on autonomy, adaptiveness and the capacity to infer, and the draft confirms that not every automated or rule-based tool qualifies. That is the first practical filter. Three principles then carry most of the analysis.

Intended Purpose Is Read From Everything You Publish — Article 3(12)

Intended purpose (Article 3(12)) is assessed across the instructions for use, promotional and sales materials and the technical documentation. The whole published record counts, not the one page that was carefully worded. The draft guidelines draw the consequence explicitly: a terms-of-service disclaimer excluding high-risk uses is insufficient if your marketing, sales decks or documentation suggest those uses are intended.

This gives classification reviewers a named evidence set to audit (documentation, marketing claims, sales materials, contracts) instead of arguing about intent in the abstract.

Human-in-the-Loop Is Not a Declassifier

Adding a human reviewer does not by itself remove high-risk status. Per the draft guidelines, the decisive factors remain the system's role in the decision and the materiality of its output. A recruitment-screening tool whose ranking effectively determines who reaches an interview is high-risk whether or not a person clicks "approve" at the end of the process.

You Cannot Carve a Workflow Into Innocent Pieces

Where multiple AI components form one integrated workflow that serves a high-risk purpose, the draft assesses them as a single system. A provider cannot decompose the architecture (a parsing module here, a scoring module there) and argue that each fragment, viewed in isolation, escapes classification. What governs the analysis is the workflow's purpose, not the component diagram.

Article 6(1) and Annex I: Products and Safety Components

Two Cumulative Conditions

An AI system is high-risk under Article 6(1) only where both conditions hold:

The AI system is a product, or a safety component of a product, covered by the Union harmonisation legislation listed in Annex I: machinery, medical devices, motor vehicles, civil aviation equipment, toys, lifts and the rest.
That product must undergo a third-party conformity assessment under the relevant Annex I act.

The conditions are cumulative. Coverage by an Annex I act without notified-body involvement does not make the system high-risk through this route. So product teams have a two-step check: map the product to the Annex I act that covers it, then confirm whether a notified body is involved in the conformity assessment.

Safety Function Versus Optimisation Function — Article 3(14)

A safety component (Article 3(14)) is a component fulfilling a safety function whose failure or malfunctioning endangers the health and safety of persons or property. The draft confirms that a component can qualify even where it was not designed for a safety purpose; what counts is the consequence of failure, not the design intent. Its examples are door-closing systems in elevators and lane-assist systems in vehicles.

The draft draws the opposite boundary with equal clarity. Functions serving efficiency, comfort or convenience are beneficial optimisation rather than protection, and they stay outside Article 6(1). On timing, Annex I cases carry the later application date in every scenario: 2 August 2027 under the current statute, 2 August 2028 under the agreed but not yet adopted Digital Omnibus.

Article 6(2) and Annex III: The In/Out Examples, Area by Area

Where the Examples Genuinely Help Operational Teams

The third document walks all eight Annex III areas with concrete examples; see Annex III explained for the full statutory list. In biometrics, remote biometric identification, emotion recognition and sensitive-attribute categorisation are in. In critical infrastructure, safety components for critical digital infrastructure, road traffic and water, gas, heating and electricity supply are in. Education, employment (recruitment and selection tools and workforce-management systems are in), essential private and public services, law enforcement, migration and border control and the administration of justice and democratic processes each get the same treatment.

One distinction runs through the examples and decides most cases:

Tends out of high-risk	Tends into high-risk
Sorting or structuring incoming data	Scoring or ranking natural persons
Detecting duplicate records	Labelling or categorising people substantively
Routine document handling and formatting	Recommending decisions about individuals
Narrow procedural sub-tasks	Substantively evaluating people or their behaviour

If your system touches people's outcomes, meaning who is hired, scored, granted or flagged, the examples push it in. If it touches data hygiene around a human-led process, they tend to push it out.

The Article 6(3) Filter: Four Narrow Exits

Article 6(3) provides four exemption pathways for an Annex III system that does not pose a significant risk of harm: it performs a narrow procedural task; it improves the result of a previously completed human activity; it detects decision-making patterns or deviations without replacing or influencing a prior human assessment; or it performs a preparatory task to an assessment. The draft reads all four narrowly. Chapter 3 of this guide dissects each pathway in detail.

The filter is not paperwork-free. A provider relying on it must document its assessment before the system is placed on the market or put into service (Article 6(4)) and must register the system in the EU database (Article 49(2)). An exemption you cannot evidence will not hold up.

Profiling Closes Every Exit

The third subparagraph of Article 6(3) is absolute: an Annex III system that performs profiling of natural persons is always high-risk. Profiling eliminates eligibility for all four filter pathways. This bites hardest in HR tech, financial services and adtech, where profiling is often the product's core mechanism rather than a side effect.

The task this sets up is concrete. Map every Annex III classification you hold to a named example in the draft, and decide whether the draft supports your call, challenges it, or stays silent. Record the exact example and paragraph in each case. That log is the working asset for the final section.

Legal Status: Not Binding, But Not Ignorable

The guidelines are not legally binding, and the Commission says so itself in the draft: authoritative interpretation of Regulation (EU) 2024/1689 rests with the Court of Justice of the European Union. The final text may also change after the consultation and AI Board input. That is why every position on this page is attributed to "the draft guidelines."

Market surveillance authorities will nonetheless lean on the guidelines as the default reading of Article 6. A classification that diverges from them does not automatically become wrong, but it needs stronger documentation, not silence.

The financial stakes are what make the documentation matter. Wrongly classifying a system out of high-risk feeds exposure under Article 99(4): fines up to EUR 15 million or 3% of total worldwide annual turnover, whichever is higher. An incorrect, incomplete or misleading Article 6(4) assessment supplied to authorities falls under Article 99(5): up to EUR 7.5 million or 1% of turnover. For SMEs and start-ups, Article 99(6) caps each fine at the lower of the two figures, a proportionality cap rather than an exemption.

The Digital Omnibus Backdrop: Which Deadlines These Guidelines Actually Serve

Agreed, But Not Yet Law

Days before the guidelines landed, the Digital Omnibus reached provisional political agreement on 6-7 May 2026, with the COREPER text confirmed around 13 May 2026. The agreement defers stand-alone Annex III high-risk obligations (Article 6(2)) from 2 August 2026 to 2 December 2027, and Annex I product-embedded high-risk (Article 6(1)) from 2 August 2027 to 2 August 2028.

The caveat matters: as of June 2026 this is agreed but not yet law. It still needs a European Parliament plenary vote, formal Council adoption and publication in the Official Journal. Until that happens, the statute still reads 2 August 2026 for Annex III high-risk. The background is in what the Digital Omnibus changed, and the deferral detail in the Digital Omnibus and the 2027 deadline.

The new dates are fixed calendar dates, and that is easy to get wrong. The standards-contingent "stop the clock" proposal was rejected, so the deferral is not tied to harmonised-standards availability, and the obligations will not slip further just because standards are unfinished.

What Did Not Move

Not everything moved. The Article 5 prohibitions have applied since 2 February 2025 and the GPAI obligations under Articles 51-55 since 2 August 2025; both are untouched. Most Article 50 transparency duties are unchanged, with the content-marking and watermarking obligations landing on 2 December 2026, the same date as the newly added CSAM and "nudifier" ban, and earlier than either deferred high-risk date.

So classification work done now should be re-tested once it is clear what the rules are, against the final guidelines and against the Omnibus dates once they are in the Official Journal, rather than redone repeatedly as each text settles.

What to Do Before 23 June — and What to Park Until the Final Text

Respond If an Example Cuts Against You

The first decision is whether to submit consultation feedback before 23 June 2026. The consultation is the single lever available to influence the final text, so respond if (and realistically only if) a draft example contradicts a classification your compliance position relies on. The procedure runs in four steps:

Pull your inventory of Annex III and Annex I classifications.
Check each against the draft's named examples.
Where an example cuts against a classification you depend on, draft a focused response citing the specific example and your reasoning.
Submit through the EUSurvey questionnaire before the deadline.

Log, Don't Re-Classify

Do not re-classify systems on the strength of the draft alone. The text may change after the consultation and AI Board input, and reclassifying twice costs budget and credibility with internal stakeholders. Instead, build the classification log described above: for each AI system, record whether the draft supports, challenges or is silent on your call, with the specific example and paragraph cited. Keep your Article 6(3) assessments documented under Article 6(4) exactly as before.

Re-Test When the Final Version Lands

Schedule a re-test of the challenged and borderline classifications for when the final guidelines land later in 2026, and pin your obligation dates to whatever the Omnibus text says once it is published in the Official Journal. Running the support/challenge log inside a structured risk classification workflow keeps that re-test cheap. If you want to know where each system stands against the full obligation stack today, run a readiness assessment.

The decision you need to make: before 23 June 2026, decide whether any draft example cuts against a classification you rely on, and respond through EUSurvey if it does. Then decide which classifications you will re-test against the final text later in 2026. Everything else about the draft can wait; those two decisions cannot.

How Confir helps

Confir's risk classification module runs exactly the workflow this page describes. It asks plain-English questions about what each AI system does, derives the risk tier under Articles 5 and 6 (including the Article 6(3) filter pathways and the profiling override), and produces the documented assessment that Article 6(4) requires. The engine is deterministic and rule-based: the same inputs produce the same classification every time, with no model inference and no hallucination. That is precisely the property you want in evidence shown to a market surveillance authority.

Because every classification decision and its rationale land in an immutable audit log, recording where the draft guidelines support or challenge each call is a structured exercise rather than a spreadsheet. When the final guidelines are adopted and the Digital Omnibus reaches the Official Journal, Confir's rule set updates to the final positions and the enacted dates, so the re-test this page recommends runs against current rules, not stale ones.

Frequently Asked Questions

What are the Commission guidelines on the classification of high-risk AI systems?

They are draft interpretive guidelines published by the European Commission on 19 May 2026 under Article 6(5) of the EU AI Act. Across three documents they explain how to decide whether an AI system is high-risk: general classification principles, products and safety components under Annex I, and the Annex III use cases — with practical examples of systems that fall in and out of scope.

Are the draft high-risk AI classification guidelines legally binding?

No. The guidelines reflect the Commission's interpretation of Article 6 but are not legally binding — only the Court of Justice of the European Union can interpret the AI Act authoritatively. In practice, market surveillance authorities are expected to rely on them, so a classification that contradicts the guidelines should be documented with particular care.

Can I still respond to the consultation on the high-risk classification guidelines?

Yes — as of this writing, the targeted consultation is open until 23 June 2026. Anyone with an interest in AI systems can respond, but only submissions made through the Commission's EUSurvey questionnaire count toward the summary report. Respond if a draft example cuts against a classification your compliance position relies on.

Why were the high-risk classification guidelines published late?

Article 6(5) of the AI Act required the Commission to deliver the guidelines by 2 February 2026. The draft arrived on 19 May 2026, roughly three and a half months late, landing days after the Digital Omnibus political agreement that — once formally adopted — defers the main Annex III high-risk date to 2 December 2027, which softens the practical impact of the delay.

Does human review stop an AI system from being high-risk?

Not by itself. The draft guidelines state that adding a human in the loop does not declassify a high-risk system — what matters is the system's role and the weight of its output in the decision. The Article 6(3) exemptions are read narrowly, and any Annex III system that performs profiling of natural persons remains high-risk regardless.

Should companies re-classify their AI systems based on the draft guidelines?

No — not on the draft alone. The text may change after the consultation and AI Board input before final adoption later in 2026. The better move is to log which of your existing classifications the draft supports or challenges, keep your Article 6(3) assessments documented under Article 6(4), and re-test the borderline calls against the final version.

When do the high-risk AI classification rules start to apply?

Under the statute as it stands, Annex III high-risk obligations apply from 2 August 2026. The Digital Omnibus political agreement of May 2026 defers this to 2 December 2027, and Annex I product cases to 2 August 2028 — but that change is not yet law. It still needs the Parliament plenary vote, formal Council adoption and Official Journal publication.