EU delivers draft high-risk guidance

The European Commission on May 19 published draft guidelines meant to help companies, public authorities and regulators decide when an AI system falls into the EU AI Act’s “high-risk” category. The document is one of the most consequential interpretive texts since the law was adopted because Article 6 classification is the gateway to the Act’s most demanding compliance duties. The Commission paired the release with a public consultation that runs through June 23. The guidance also lands as EU lawmakers are separately advancing a package of provisional amendments that would delay some deadlines, trim some obligations and add at least one new prohibition. ### Why did Brussels publish this now? The Commission said on May 19 that the draft is intended to support “providers and deployers” and market surveillance authorities in assessing whether a system is high-risk. The aim, according to the Commission, is more uniform application and enforcement of Article 6 of the AI Act. (digital-strategy.ec.europa.eu) IAPP reported that the guidance had been delayed before release, and the Commission has now opened stakeholder feedback rather than issuing a final text immediately. The consultation covers businesses, public authorities, researchers and citizens, and closes on June 23, 2026. ### What exactly does the draft try to classify? (digital-strategy.ec.europa.eu) Article 6 splits high-risk AI into two main buckets, and the Commission’s draft follows that structure. One category covers AI used as a safety component of products, or AI that is itself a product, under EU laws listed in Annex I when third-party conformity assessment is required. The second category covers stand-alone use cases listed in Annex III. (iapp.org) The Commission said the guidelines set out its interpretation of classification concepts and include practical examples of systems that should or should not be treated as high-risk. Those examples are not exhaustive and may be updated over time. ### Where does this bite for companies building systems now? (digital-strategy.ec.europa.eu) The Commission said the guidelines are meant to help determine whether a system is high-risk “or not,” and that matters because the classification decision triggers downstream obligations under the AI Act. Those obligations include the compliance architecture that providers and deployers have been waiting to map to specific products and use cases. (digital-strategy.ec.europa.eu) Bird & Bird said in an initial legal read that the draft is the Commission’s long-awaited Article 6 guidance, while other legal analysts noted that classification is where abstract statutory language begins to attach to concrete product and deployment choices. That is an interpretation from outside experts, but it reflects why companies had been pressing for the document. (digital-strategy.ec.europa.eu) ### What other AI Act changes are moving at the same time? Council and Parliament negotiators said on May 7 they reached a provisional agreement to simplify and streamline parts of the AI Act under the EU’s Omnibus agenda. The package would delay the application of Annex III high-risk rules from Aug. 2, 2026, to Dec. 2, 2027, and move Annex I product-related high-risk obligations to Aug. 2, 2028. (twobirds.com) The same provisional deal would extend some regulatory easings to small mid-caps, reduce requirements in limited cases and restore database registration for providers that consider their systems exempt from high-risk classification. Co-legislators also added a prohibition on AI practices involving non-consensual sexual and intimate content or child sexual abuse material, according to the Council. (consilium.europa.eu) ### What happens next? June 23, 2026, is the deadline for feedback on the draft high-risk guidelines through the Commission’s consultation process. The separate Omnibus amendments still need to complete the EU legislative process after the provisional political agreement announced on May 7 and updated by the Council on May 18. (digital-strategy.ec.europa.eu) (consilium.europa.eu)