EU AI Act High-Risk Systems — European Commission Issues Draft Guidelines

At a Glance

• The focus for most commercial businesses will be on determining whether their uses of AI fall within the "high-risk" category, which triggers significant compliance obligations. For US companies, the most common trigger is providing AI systems (directly or through intermediaries) that are placed on the EU market or put into service in the EU.
• For US companies already tracking the AI Act timeline, the Omnibus package provides welcome breathing room, although earlier transparency obligations remain on the original schedule. Given the complexities of assessing AI use cases, businesses should proceed with their compliance efforts as soon as possible.
• While the guidelines are still in draft form, they are welcome given the vague and open-ended nature of many of the provisions and are certainly helpful in assessing the direction of travel.

The European Commission (the Commission) has published three interconnected draft guidelines on the classification of high-risk AI systems under Article 6 of the AI Act (Regulation (EU) 2024/1689), issued for a targeted stakeholder consultation running until 23 June 2026. Together, these constitute a single communication that the Commission intends to finalise following stakeholder feedback and consultation with the EU AI Board. Importantly, the AI Act has extraterritorial reach: it applies to providers placing AI systems on the EU market or putting them into service in the EU regardless of where the provider is established, and to deployers located within the EU. US-headquartered companies whose AI systems are used in the EU, or whose outputs are intended for use in the EU, should assess whether they are subject to provider or deployer obligations under the AI Act.

While the AI Act completely prohibits some categories of AI systems (e.g., social scoring, real-time remote biometric identification in public spaces subject to narrow exceptions), in practice these will be of limited relevance to most commercial businesses and their focus will be on determining whether their uses of AI fall within the "high-risk" category, which triggers significant compliance obligations but does not prohibit a system's use.

The guidelines help companies approach the classification of AI systems with practical examples of AI systems that fall "in" or "out" of the category of high-risk AI systems. They also address complex system architectures (e.g., modular or agentic AI). If linked components jointly serve a high-risk purpose, the overall configuration will be treated as one system and cannot be carved up to escape classification. Similarly, the guidelines confirm that simply including a human in the loop does not in itself declassify a high-risk AI system. The guidelines further clarify that merely asserting in a system's terms of service that high-risk uses are excluded is insufficient where the provider's overall presentation effectively provides for or promotes such uses. EU regulators will look at the substance not the form of the arrangements. While useful, these examples are nonbinding; authoritative interpretation remains with the Court of Justice of the European Union.

EU AI Act Omnibus — Timelines and New Measures

The guidelines follow on from the recently agreed-upon Omnibus package, which introduces targeted amendments to simplify implementation and limit duplication with sectoral product-safety regimes. For US companies already tracking the AI Act timeline, the Omnibus package provides welcome breathing room, although earlier transparency obligations remain on the original schedule. The Omnibus has not yet been formally adopted so may yet change, although substantive amendment is unlikely.

In particular, the Omnibus:

1. Introduces revised application dates. The main obligations for stand‑alone high‑risk systems (Annex III) will now apply from 2 December 2027 (previously 2 August 2026), and product‑based high‑risk systems (Annex I) from 2 August 2028 (previously 2 August 2027).
   
   Existing high-risk AI systems placed on the market before the applicable dates benefit from transitional relief.
2. New prohibitions. In response to new technologies and practices, a new ban targets AI systems that create child sexual abuse material (CSAM) or "nudifier" apps that generate nonconsensual explicit imagery of identifiable persons, with a provisional date for application of 2 December 2026. 
3. Watermarking timeline adjusted. Obligations to watermark AI-generated content have been delayed, provisionally until 2 December 2026. 
4. Sectoral overlap clarified. Where sectoral safety laws already contain equivalent AI‑specific controls (e.g., machinery and medical device legislation), implementing acts may limit duplicate AI Act obligations so that relevant products need only comply with sectoral safety rules. Additionally, the definition of "safety component" is clarified so optimisation/assistive functions are not automatically high‑risk, absent safety impact. 
5. Filter registrations. Providers relying on the Article 6(3) filter (outlined below) must document the self‑assessment before placing on the market and register the system in the EU database, with a risk of penalties for misclassification. 

One of the key criticisms of the AI Act was that it required companies to comply with somewhat vague rules, with relatively limited guidance, in a very short time frame. The Omnibus and draft guidelines ease the pressure on businesses, although given the complexities of assessing AI use cases, businesses should proceed with their compliance efforts as soon as possible. 

The Two Limbs to High-Risk Classification

Under Article 6 of the AI Act, an AI system may be classified as high-risk under two alternative pathways: 

• Product Safety (Article 6(1) and Annex I)
• Designated High-Risk AI Systems (Article 6(2) and Annex III)

Product Safety — Article 6(1) and Annex I 

To fall within this limb, two cumulative conditions must be satisfied: 

1. The AI system must be a product, or a safety component of a product, which is covered by EU harmonisation legislation listed in Annex I of the AI Act.
2. That product is required to undergo third-party conformity assessment (due to its complex design or high compliance risks).

This limb is most relevant for AI embedded in regulated products such as machinery, medical devices, toys, radio equipment, and vehicles. 

In line with the AI Act's risk-based approach, only AI systems that present significant risks to health, safety, or fundamental rights are classified as high-risk, as explained in Recitals 47 to 51 of the AI Act. Consequently, not all AI systems that are components of regulated products, or that are themselves regulated products, constitute high-risk AI systems. Only a subset of such products will be within scope. 

The AI Act distinguishes between: 

1. AI systems that are themselves actual products covered by EU safety legislation; and
2. Those that are safety components of a product covered by such legislation. 

An AI system qualifies as a safety component where it is, or is intended to be, part of a product regulated by EU safety legislation, even if that system is also placed on the market independently of that product. 

When considering the safety component requirement, the guidance is clear that even where an AI system is not intended by its provider to fulfil a specific safety function, it may still qualify as a safety component if its failure or malfunctioning would create a safety hazard to health and safety of persons or property. For example, the intended purpose of an AI system managing door closing and obstacle detection in an elevator may be efficient elevator operation. At the same time, the malfunctioning of such a system could cause injury and thus endanger health and safety of persons. Similarly, a lane-assist function in a car could be intended purely to enhance driver experience. However, a malfunctioning system could cause a collision and therefore endanger the health and safety of persons and property.

AI systems integrated into products covered by the Annex I safety legislation that are neither intended to fulfil a safety function, nor whose failure or malfunctioning endanger health, safety, or property, do not fall within the definition of a safety component, e.g., an AI system that recommends music in a connected toy neither fulfils a safety function, nor would its malfunction endanger health, safety. or property.

Designated High-Risk AI Systems — Article 6(2) and Annex III 

The second limb covers AI systems that fall within one of the specifically listed use cases across eight sensitive areas set out in the EU AI Act: 

1. Biometrics
2. Critical infrastructure
3. Education and vocational training
4. Employment, workers' management, and access to self-employment
5. Access to essential private and public services
6. Law enforcement
7. Migration, asylum, and border control
8. Administration of justice and democratic processes

The Filter Mechanism (Article 6(3))

As the categories of high-risk AI systems expanded during the passage of the AI Act, a filter mechanism was introduced in Article 6(3), which allows providers to exempt AI systems from high-risk classification even where the system falls within Annex III. For the filter to apply, the use case must come within one of the following categories (and the guidance provides some illustrative examples):

1. The system performs a narrow procedural task — e.g., sorting applications into pre-defined categories. However, this does not apply to all categorization systems — in particular, it will not apply to AI systems that perform a value judgement based on data relevant to decision making. 
2. The system is intended to improve the result of a previously completed human activity without replacing or reversing that activity — e.g., by flagging errors or contradictions in human decisions or mapping conclusions to evidentiary records to aid traceability. However, if an AI system checks a decision made by humans and provides a substantially different solution, this would not be considered merely "improving" a previously completed human activity and would not come within the exception. 
3. The system is intended to detect decision-making patterns or deviations without replacing or influencing human assessment, e.g., AI systems used to detect inconsistencies or anomalies in eligibility checks, used solely as an after-the-fact checking mechanism, rather than producing an independent decision. 
4. The system performs a preparatory task to an assessment, where its output has very low impact on the outcome — e.g., an AI system used for assessing data relevant to a decision and providing the human operator with references to the relevant guidelines, without going so far as to directly influence the actual decision reached. 

The filters will be useful in practice. Some of the examples given in the guidance of potentially high-risk AI use cases which will be exempted under the filter include AI systems intended to be used for scheduling interviews, to check human patterns in hiring, or to recognize and organize information submitted in resumes. 

The filter mechanism cannot be applied where the AI system performs profiling of natural persons — i.e., automated processing of personal data to evaluate personal aspects, within the meaning of Article 4(4) of the General Data Protection Regulation (GDPR). This is a critical limitation: many AI tools deployed in human resources, financial services, and adtech will involve profiling and therefore cannot rely on the filter regardless of how narrow the task may appear. Market surveillance authorities may impose penalties on providers who misapply the filter to circumvent high-risk requirements.

Practical Implications for US Companies — Actions to Be Taking Now

Businesses must take into account the extraterritorial effect of the AI Act and consider where operations may fall within scope — including with respect to potential future uses of AI systems where these do not currently touch on the EU market. For US companies, the most common trigger is providing AI systems (directly or through intermediaries) that are placed on the EU market or put into service in the EU. The AI Act applies irrespective of whether the provider is established in the EU. While the guidelines are still in draft form, they are helpful in assessing the direction of travel; and US businesses should consider prioritising the following:

• Inventory and classify. Map AI systems to Annex I or Annex III intended purposes now; for any proposed uses of the filter mechanism under Article 6(3), prepare a written self-assessment and EU database registration before market placement. Note that the self-assessment must describe the intended purpose of the system, why it qualifies as high-risk under Article 6(2), which filter condition(s) apply, and why the system does not perform profiling.
• Update contracts. Build AI-specific schedules into master service agreements (MSAs) and statements of work (SOWs) covering classification, technical documentation, conformity assessment, post-market monitoring, incident reporting, and audit rights — and include indemnities and re-classification triggers where vendors seek to rely on the Article 6(3) filter. US companies acting as importers or distributors of AI into the EU should ensure contractual allocation of provider-level obligations under Article 25(1).
• Assess governance. Treat high-risk AI assessment and readiness as a cross-functional programme involving multiple functions, including legal, privacy, security, product development, and procurement. Define intended purpose and system boundaries early; avoid technology unbundling that obscures combined high-risk use. 
• Align with GDPR and the NIS2 Directive. Integrate AI risk management, data-provenance records, bias testing, and incident response with existing data protection impact assessment (DPIA) and security frameworks; harmonise AI logs with audit trails. 
• Secure IP and supply-chain rights. Require general-purpose AI system providers to supply training-data summaries, copyright policies, and update notices; specify ownership of fine-tuned weights, prompts, and evaluation datasets in vendor agreements. 
• Use the Omnibus extension wisely. High-risk obligations apply from December 2027 and August 2028, but transparency duties, such as informing users about interactions with AI systems, bite earlier (most from August 2026). Providers should also note that they must register any systems relying on the filter mechanism in the EU database and document their self-assessment, all of which requires forward-planning even before the initial product design stage.