On 19 May 2026 the European Commission published draft guidelines on how to classify high-risk AI systems under Article 6 of the AI Act. If your team has been waiting for clearer guidance on whether your specific AI system falls under the high-risk regime, this is what the wait was for.
The targeted stakeholder consultation is open until 23 June 2026 at 22:00 CET. The current text gives you the Commission’s working interpretation. It is not legally binding, but the Commission says the guidelines reflect its interpretation and will guide enforcement. You can still submit feedback before the final version is fixed.
The two paths to high-risk classification
Article 6 of the AI Act defines two scenarios for an AI system to be considered high-risk:
- Annex I path: the AI system is a safety component of a product, or the AI system itself is a product, that is covered by the EU harmonisation legislation listed in Annex I, AND that product is required to undergo a third-party conformity assessment. If both conditions hold, the AI system is high-risk under Article 6(1).
- Annex III path: the AI system falls into one of the use cases listed in Annex III. If yes, the AI system is high-risk under Article 6(2).
The guidelines address each path separately. Section III walks through Annex I. Section IV walks through Annex III. The Commission published the sections as separate downloads so you can read just the part that applies to your system.
Important nuance: Annex III is not always automatic. An Annex III system can fall outside high-risk classification if it does not pose significant risk and only performs a narrow procedural task, improves a previous human activity, detects patterns without replacing human review, or performs a preparatory task. If it performs profiling of natural persons, the carve-out does not apply and the system remains high-risk.
Why the Annex III path matters more for most teams
For most AI builders, the Annex III path is where the action is. It covers use cases like AI in:
- Education and vocational training
- Employment, worker management, and access to self-employment
- Access to essential private and public services (including credit scoring)
- Law enforcement, migration, asylum, and border control
- Administration of justice and democratic processes
- Biometric identification and categorisation
- Critical infrastructure management
If your AI sits in any of these areas, the guidelines give you the Commission’s interpretation of what counts as a covered use case and what does not. The practical examples are where this becomes useful: you can compare your system to specific cases the Commission says are high-risk and to cases it says are not.
What to do with this
Three concrete steps for any team building AI in the EU:
- Self-classify. Walk your system through the Annex III list. If you cannot rule it out, read the relevant section of the guidelines for the Commission’s interpretation.
- If you are high-risk: the proposed Omnibus timeline would give Annex III systems until 2 December 2027 to comply. Use the runway to build proper documentation, risk management, and conformity processes.
- If you are not sure: submit feedback through the targeted stakeholder consultation. The Commission is explicitly asking for input before the final version lands.
The Commission has indicated that the examples are not exhaustive and will be updated over time. Treat the current guidelines as the best available read of how Article 6 will be enforced, not as the final word.
Read the Commission’s draft guidelines: Classification of high-risk AI systems
Read the targeted consultation page
Read AI Act Article 6 on the AI Act Service Desk
Share this article
