Draft EU Guidelines Clarify When AI Systems Are High-Risk Under the AI Act

Legal and Regulatory Context

The AI Act establishes a set of stringent obligations for providers and deployers of high-risk AI systems, designed to ensure that such systems are trustworthy, safe in use, and compliant with fundamental rights requirements.

Article 6 of the AI Act sets out two alternative scenarios for determining when an AI system qualifies as high-risk:

• Where the system is intended to be used as a safety component of a product—or itself constitutes a product—covered by an EU harmonization legislation listed in Annex I of the AI Act, and is required to undergo a third-party conformity assessment (Article 6(1) AI Act).

• Where the system falls within one of the high-risk use cases set out in Annex III of the AI Act (Article 6(2) AI Act), unless it does not present a significant risk of harm to the health, safety, or fundamental rights of natural persons (Article 6(3) AI Act).

The Guidelines set out the Commission's interpretation of key concepts relevant to the classification of high-risk AI systems and provide practical examples of AI systems that should, or should not, be considered high-risk, in order to assist stakeholders in carrying out a case-by-case assessment for each AI system.

Scope and Structure

The Guidelines mirror the structure of Article 6 of the AI Act and are divided into three main sections addressing: the general principles for the classification of AI systems, the classification of high-risk AI systems embedded in or constituting "regulated products," and the classification of high-risk AI systems falling within the high-risk use cases of Annex III of the AI Act.

General Principles for the Classification of High-Risk AI Systems

The Guidelines clarify that the intended purpose of an AI system is generally the key criterion for determining whether it qualifies as high-risk. The intended purpose is defined as the use for which the system is intended by the provider, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials, and statements, as well as in the technical documentation. Providers are therefore expected to define the system's intended uses clearly and consistently across technical documentation, instructions for use, contractual terms, and marketing materials.

Where a system is intended for use across a variety of contexts and applications, these should all be described in order to assess whether the system is intended to be used in a manner that could lead to a high-risk classification. AI systems with broad applicability across multiple contexts, including general-purpose AI systems (i.e., AI systems designed for a wide range of uses, typically by incorporating a general-purpose AI model that has been trained on broad-scale data and designed to be usable in a wide range of distinct tasks and downstream systems, without being limited to a single, narrowly defined purpose), will be considered high-risk where high-risk uses are not expressly and consistently excluded and are reasonably foreseeable in light of the system's functionalities and capabilities.

High-Risk Classification for AI Systems Embedded in or Constituting "Regulated Products" (Article 6(1))

The Guidelines clarify that classification as high-risk under Article 6(1) AI Act is subject to two cumulative conditions.

First, the AI system must either be intended to be used as a safety component of a regulated product, or itself constitute a regulated product, covered by one of the EU harmonization legislations listed in Annex I of the AI Act. The AI Act provides an autonomous and, as interpreted in the Guidelines, expansive definition of a "safety component," identifying two alternative situations in which an AI system qualifies as a safety component:

• Where the AI system is intended to perform a safety function, i.e., to prevent or mitigate risks to the health or safety of persons or property. Examples include systems designed to detect abnormal system behavior, monitor maintenance requirements, supervise other safety-related systems, or trigger safe-stop mechanisms. By contrast, AI systems aimed solely at performance optimization, service efficiency, automation, convenience, or non-safety-related quality control do not qualify as performing safety functions.

• Where the AI system's failure or malfunction could endanger the health and safety of persons or property, even if the system is not designed to perform a safety function. Therefore, AI systems aimed solely at efficiency, convenience, automation, or performance optimization may nonetheless qualify as safety components where their malfunction could create safety hazards, for example in the case of AI systems used for vehicle lane assistance.

Second, the regulated product must be subject to a third-party conformity assessment pursuant to the applicable EU harmonization legislation. In this respect, the Guidelines emphasize that where the relevant EU harmonization legislation allows manufacturers of a regulated product to avoid a third-party conformity assessment by relying instead on "harmonized standards," this does not exempt the underlying AI system from classification as high-risk for the purposes of the AI Act.

High-Risk Classification for AI Systems Falling Within the High-Risk Use Cases of Annex III (Articles 6(2) and (3) AI Act)

The Guidelines clarify that, within the eight broad areas identified in Annex III of the AI Act as being particularly susceptible to risks arising from the use of AI systems, only a limited set of specifically listed use cases are classified as high-risk.

The Guidelines explain that where several AI systems operate together as part of a broader configuration and jointly influence decisions relating to a high-risk use case, those systems must be assessed collectively as a single "complex" AI system for the purposes of classification rather than each separately.

The Guidelines then provide a detailed analysis of each of the high-risk use cases. Key clarifications include:

Biometrics. The Guidelines confirm a broad definition of "biometric data," which includes personal characteristics that are physical, physiological, or behavioral in nature, including gait, keystrokes, signatures, voice, click patterns, eye tracking, and heartbeats. As a result, systems relying on behavioral signals that providers may not regard as "biometric" in the everyday sense—such as keystroke dynamics or click patterns used for authentication or fraud detection—may fall within the high-risk regime, and providers should test their products against this wider definition rather than a narrow, physiological one.

Critical Infrastructure. The Guidelines confirm that two conditions must be satisfied for an AI system to fall within one of the high-risk use cases.

• First, the AI system must be intended to be used as a safety component, meaning that it performs a direct protective function with respect to the physical integrity of the infrastructure. This interpretation appears to exclude from scope AI systems that are not designed to perform such a function, even where their malfunction could nonetheless create safety hazards. The Guidelines further provide an exhaustive list of six safety functions used to determine when an AI system should be considered a safety component of critical infrastructure.

• Second, the AI system must be intended for use in one of the following critical sectors: digital infrastructure, road traffic, or the supply of water, gas, heating, or electricity. In this respect, the Guidelines clarify that an AI system will qualify as high-risk only where it is used by an entity that has been formally identified as a critical entity by a Member State pursuant to the Critical Entities Resilience Directive. Accordingly, in practice, critical entities will primarily bear responsibility for ensuring through procurement processes that the AI systems they deploy comply with the AI Act's high-risk requirements.

Employment. The Guidelines adopt a broad approach that extends beyond formal employees to include platform workers, freelancers, independent professionals, and service providers, irrespective of their contractual status. The various high-risk use cases identified in this area are designed to cover the entire lifecycle of work-related relationships, from preparatory recruitment activities (such as advertising) to candidate screening, workplace management, and the termination of employment or other work-related relationships. In practice, this means that recruitment and workforce-management tools used in the gig economy, and HR systems deployed by businesses that engage contractors rather than employees, are unlikely to escape the high-risk regime on the basis of the workers' employment status alone.

AI systems used in high-risk contexts may nonetheless be exempt from classification as high-risk because they do not pose a significant risk to the health, safety, or fundamental rights of natural persons. The Guidelines confirm that this exemption applies only in limited cases, which must be interpreted narrowly, namely where the system performs a narrow procedural or preparatory task, supports a previously completed human activity, or detects (deviation from) decision-making patterns, and only if the system does not engage in profiling. The Guidelines clarify that it is the provider's responsibility to assess whether an exemption applies and to document that assessment. The Guidelines further specify the required content, which must cover the system's intended purpose, the reasons why the system would otherwise qualify as high-risk under Article 6(2) AI Act, the specific exemption condition relied upon and the justification for its application, and an explanation of why the system does not perform profiling.

Practical Implications and Next Steps

Although the Guidelines are not binding, they are expected to carry persuasive authority, as market surveillance authorities may rely on them when interpreting the AI Act and assessing whether a specific AI system qualifies as high-risk. Both the Guidelines and the revised compliance timeline remain provisional: The Guidelines are still in draft and subject to consultation, while the December 2027 and August 2028 application dates rest on the political agreement of May 7, 2026, on the Digital Omnibus, which had yet to complete formal adoption at the time of writing. Providers should plan against these dates as the working baseline while monitoring for changes in the final texts.

The Guidelines are open to stakeholders' consultation until June 23, 2026. Providers and deployers of AI systems should therefore begin preparing by:

• Participating in the public consultation, in particular to flag any areas where the European Commission's interpretation may create unintended compliance burdens or legal uncertainty.
• Conducting a preliminary classification assessment for each AI system currently in development or on the market, applying the criteria and practical examples set out in the Guidelines.
• Reviewing the intended purpose descriptions across all documentation to ensure consistency, and verifying that any high-risk uses they wish to exclude are expressly and unambiguously carved out.