On 19 May 2026, the European Commission published draft guidelines on the classification of high-risk AI systems under Article 6 of the AI Act. Open for consultation until 23 July 2026, these guidelines have a clear objective: to help providers, deployers, and competent authorities determine more concretely whether an AI system falls within the scope of the high-risk regime. Although they are not legally binding, they currently reflect the Commission’s interpretation of the AI Act and are expected to guide supervisory authorities in its application.
The obligations applicable to high-risk AI systems will be introduced progressively, with a first major compliance milestone on 2 December 2027 for systems covered by Annex III, followed by 2 August 2028 for AI systems integrated into products regulated under Annex I.
The Commission further explains that the guidelines are intended to promote a consistent application of Article 6 of the AI Act across the European Union. To support this objective, they rely on practical examples designed to facilitate interpretation and help organizations assess their obligations more effectively.
I- The Two Classification Scenarios Under Article 6
1. First scenario: Article 6(1) and Annex I
An AI system is classified as high-risk when it meets three cumulative conditions:
- It is intended to be used as a safety component of a product, or is itself such a product.
- The product is covered by one of the EU harmonisation laws listed in Annex I.
- The product is subject to a third-party conformity assessment.
In other words, the mere presence of AI within a regulated product is not sufficient to trigger a high-risk classification. Such classification requires a connection to a product safety function and an interaction with existing European conformity assessment regimes. The guidelines also reiterate that the AI Act itself does not determine the applicable conformity assessment procedures. Those procedures remain governed by the relevant sector-specific EU harmonisation legislation.
2. Second scenario: Article 6(2) and Annex III
The second scenario concerns AI systems that fall within one of the use cases listed in Annex III of the AI Act. In this case, the assessment is not centred on a product but rather on a specific use of AI in areas considered particularly sensitive. The guidelines emphasize a fundamental point: the categories covered by Annexes I and III are exhaustive. As a result, the fact that an AI system is used in a sensitive sector does not automatically make it high-risk if its specific use case is not expressly listed in Annex I or Annex III of the AI Act.
The Commission identifies eight broad areas covered by Annex III:
- Biometrics;
- Critical infrastructure;
- Education and vocational training;
- Employment, worker management and access to self-employment;
- Access to essential private services, public services and essential social benefits;
- Law enforcement;
- Migration, asylum and border control management;
- Administration of justice and democratic processes.
II- The Decisive Role of the System’s Intended Purpose
1. The need to define the system’s intended purpose
The classification of an AI system as high-risk depends not only on its technical capabilities, but also on how its intended purpose is described by the provider in the technical documentation, contractual materials, terms of use, and promotional and marketing content.
This point is particularly important for general-purpose or multi-purpose AI systems. Where an AI system is intended to be used across a wide range of contexts and applications, without a clear limitation excluding high-risk uses, such uses may be considered part of its intended purpose if they are reasonably foreseeable. The guidelines therefore clarify that it is not sufficient to formally state that certain high-risk uses are excluded if, in practice, the product description suggests or promotes multiple uses that include such use cases. In other words, the assessment is not based solely on disclaimers, but on how the system is objectively presented and can reasonably be expected to be used.
2. A system does not need to be already in use to be classified as high-risk
The guidelines further clarify that an AI system may be classified as high-risk even before it is actually used. What matters is its intended purpose prior to being placed on the EU market or put into service. Providers must therefore assess the system’s classification at that stage and, where applicable, prepare to comply with the requirements applicable to high-risk AI systems.
III- Clarifications on the Concept of a “Safety Component”
The guidelines provide a dual interpretation of the concept of a safety component.
1. An intent-based approach: the safety function
An AI system qualifies as a safety component when, according to the purpose defined by the provider, it is intended to prevent or mitigate risks to the health or safety of persons or to property. This definition is autonomous and applies independently of existing sector-specific definitions. It covers, for example, functions aimed at detecting anomalies, identifying critical maintenance needs, preventing unsafe operation, limiting the effects of a risk, or triggering safety measures.
2. A risk-based approach: failure or malfunction
An AI system may also qualify as a safety component where its failure or malfunction is capable of endangering the health or safety of persons or property. This approach encompasses situations such as false positives, false negatives, loss of functionality, performance instability, model drift, or classification errors that may lead to unsafe decisions. By contrast, reputational harm, financial losses, minor damage, or inconvenience are expressly excluded from this notion of endangerment.
IV- Article 6(3): Clarifications on the “Filtering Mechanism”
Article 6(3) establishes a filtering mechanism that allows an AI system to be exempted from classification as high-risk where its intended purpose falls within a use case listed in Annex III, but the system does not present a significant risk of harm.
This exemption is subject to strict conditions. It applies only where the system does not pose a significant risk of harm to health, safety, or fundamental rights, and where it meets at least one of the four conditions set out in the AI Act. The guidelines further emphasize that this mechanism is based on a central principle: the system must not materially influence the outcome of the decision-making process.
1. A strictly conditional exemption
The filtering mechanism is not a general derogation that allows high-risk classification to be easily disregarded. Rather, it is an interpretative exception that requires a concrete assessment of the system’s purpose, its context of use, and its actual influence on decision-making. The guidelines clarify that providers must carefully assess the tasks the system is intended to perform. This assessment is directly linked to the system’s intended purpose, its conditions of use, and the decision-making framework within which it operates.
2. The four conditions of the filtering mechanism
The mechanism is based on four clearly defined situations in which an AI system remains in a supporting role and does not materially influence the final decision. These conditions are alternative rather than cumulative, but they must be interpreted narrowly.
a. Performing a narrow procedural task
The system performs a task that is so limited in scope that it gives rise only to a low level of risk. Such tasks are inherently narrow and well-defined, meaning that the associated risks remain limited, even when they arise within a use case covered by Annex III. These tasks typically involve support functions such as the organization, structuring, or processing of information. However, the guidelines make clear that this condition does not apply to all categorization systems. Where a system makes value judgments regarding information relevant to a decision-making process, it can no longer be considered purely procedural.
b. Improving the result of a previously completed human activity
The system adds a layer of improvement to an activity that has already been completed by a human, without replacing it or fundamentally reviewing it. This condition is based on three cumulative requirements: a human activity must have been carried out, that activity must have produced an identifiable result, and the AI system must intervene solely to improve that result. The system must therefore neither substantially revise the underlying work nor substitute its own assessment for that of the human. Its role is limited to enhancing the quality, presentation, or effectiveness of an existing outcome. The underlying rationale is that the system remains a direct extension of the initial human intervention.
c. Detecting consistent decision-making patterns or deviations from established decision-making practices
In this scenario, the system operates ex post by analyzing decisions that have already been made, without replacing or influencing the initial human assessment in the absence of appropriate oversight. Three cumulative conditions must be satisfied: the human assessment must already have been completed, the system must be limited to a retrospective comparative analysis, and it must not be intended to replace or influence the original assessment. The system therefore serves as a monitoring or analytical function, for example by identifying inconsistencies, anomalies, or recurring trends in decision-making practices. However, it does not participate in the decision itself and does not directly steer future decisions.
d. Performing a preparatory task for a relevant assessment
The system prepares, organizes, or facilitates the information required for a subsequent assessment, without altering the logic or outcome of that assessment. Such preparatory activity takes place upstream of any decision-making process and is limited to organizing information relevant to the evaluation. It must not modify the substance, purpose, or reasoning of the subsequent assessment. Furthermore, the system must not directly contribute to the decision itself. Its role is limited to preparing the inputs required for the assessment, without materially influencing the final outcome. It must not make decisions or classify individuals or situations for decision-making purposes.
3. The profiling exception: three cumulative criteria to assess
To determine whether a system actually performs profiling, three conditions must be met cumulatively: the system must involve automated processing, that processing must relate to personal data, and its purpose must be to evaluate certain personal aspects of a natural person.
Accordingly, the mere use of personal data is not sufficient. Likewise, the classification or segmentation of individuals based on personal characteristics (such as age or sex) does not necessarily constitute profiling where the purpose is not to draw conclusions, make predictions, or assess the individuals concerned.
By contrast, where a system uses personal data to analyze, predict, or assess characteristics such as a person’s professional performance, reliability, preferences, interests, or likely behavior, it does constitute profiling.
For example, an AI system used in a recruitment process to assess recruiters’ decisions and behaviors in order to identify deviations from a company’s hiring policies performs profiling, as it evaluates personal characteristics of the individuals concerned on the basis of personal data. Conversely, a system used by customs authorities to assess the risk of non-compliant goods based on information relating to shipments and economic operators does not evaluate personal aspects of natural persons and therefore does not constitute profiling.
4. AI systems embedded in complex architectures must be assessed as a whole
The AI Act guidelines clarify that the classification of a high-risk AI system cannot be assessed solely on the basis of each individual component considered in isolation.
Where an AI system consists of multiple systems or interacts with other AI systems within a more complex architecture, it is the combined configuration and its overall intended purpose that must be assessed.
Accordingly, where several AI systems jointly contribute to an individual decision or are intended to be used within a high-risk use case, the entire configuration may qualify as a high-risk AI system, even if certain components, considered separately, could benefit from an exemption under Article 6(3).
This approach also applies to interconnected architectures and agentic AI systems coordinating multiple actions or tools. Where these elements collectively pursue a high-risk intended purpose, they must be assessed as a whole.
V- What Obligations Remain when a System Benefits from the Filtering Mechanism?
Exemption from the high-risk classification does not mean a complete absence of obligations. A provider that decides to rely on the filtering mechanism must carry out a documented self-assessment before placing the system on the market or putting it into service. This documentation must, in particular, describe:
- the system’s intended purpose;
- the reasons why it falls within the scope of Article 6(2);
- the reasons justifying the application of one of the conditions set out in the filtering mechanism under Article 6(3);
- the reasons why the system does not perform profiling.
In addition, the system must be registered in the European Union database established under Article 71 of the AI Act. Market surveillance authorities may review the classification, require corrective measures where necessary, and impose penalties where a system has been incorrectly classified in order to circumvent the applicable regulatory requirements.
Conclusion
With these new guidelines, the message is clear: classifying an AI system as high-risk requires a structured, documented, and context-specific assessment that combines an analysis of the system’s intended purpose, actual functionalities, operating environment, level of influence on decision-making, and, where relevant, the existence of profiling or integration within a broader AI system.
For organizations, an incorrect classification may lead to an underestimation of applicable obligations, weaken AI governance frameworks, and increase the risk of non-compliance.
👉 Need to classify your AI systems and structure your compliance with the AI Act?
Discover our AI management platform, designed to help you centralize your AI use cases and operationalize compliance by managing your obligations over time within a framework that integrates directly with your existing ecosystem.