Licentium

From the journal

European Commission Publishes Draft Guidelines on High-Risk AI Classification on 19 May 2026

On 19 May 2026, the European Commission published draft non-binding guidelines on the classification of high-risk AI systems under Article 6 of Regulation (EU) 2024/1689 (the EU AI Act). The guidelines address agentic and multi-component AI architectures. The Article 6(3) filter cannot be applied at the component level where an AI system contributes to a high-risk use case. A targeted consultation runs until 23 July 2026.

2 min read

On 19 May 2026, the European Commission published draft, non-binding guidelines on the classification of high-risk AI systems (HRAIs) under Regulation (EU) 2024/1689 (the EU AI Act). The guidelines consist of three documents: a general principles section, a guide to Annex I classification for AI as safety components in regulated products, and a guide to the Annex III listed high-risk use cases. A targeted consultation is open until 23 July 2026; the Commission expects to adopt final guidelines by end of 2026.

Article 6(1) of the EU AI Act classifies an AI system as high-risk when it serves as a safety component of a product in Annex I and the product requires third-party conformity assessment. Article 6(2) designates AI systems in Annex III use cases as high-risk. Article 6(3) allows a provider to rebut high-risk status by demonstrating the system poses no significant risk. The draft guidelines confirm that the Article 6(3) filter is unavailable where an AI component is not genuinely separable from a broader system that contributes to a high-risk output.

The Annex III use cases cover healthcare, biometric identification, employment screening, critical infrastructure management, education, law enforcement, border control, administration of justice, and democratic processes. Providers and deployers of AI systems in these categories must assess their classification against these guidelines. The guidelines treat agentic AI architectures and multi-component AI systems as requiring full-system classification analysis. Providers that previously relied on component-level analysis to argue non-high-risk status should review that position against the new interpretation of Article 6(3).

The guidelines are non-binding and will be finalised after the consultation closes 23 July 2026. The GPAI Code of Practice process addresses general-purpose AI model obligations under Chapter V of the EU AI Act separately; these guidelines do not cover those obligations. The Annex I list of regulated product categories remains unchanged.

Licentium advises AI system providers and deployers on EU AI Act compliance, including high-risk classification, conformity assessment procedures, and technical documentation requirements. We can assist with classification analysis and consultation submissions. Work we undertake includes EU AI Act compliance strategy, HRAI classification assessments, agentic AI regulatory analysis, AI governance documentation, and cross-sector AI regulatory advisory.

Source: European Commission, Draft Guidelines on the Classification of High-Risk AI Systems under the EU AI Act, 19 May 2026

AI Regulatory

More from the journal

See all

Google Engineer Charged with Commodities Fraud on Polymarket Using Confidential Data, May 2026

On 27 May 2026, the U.S. Attorney for the Southern District of New York unsealed a criminal complaint charging Michele Spagnuolo, a Google staff software engineer, with commodities fraud, wire fraud, and money laundering. Spagnuolo allegedly used confidential internal Google Search data to place approximately $2.75 million in bets on Polymarket event contracts tied to Google's Year in Search report between October and December 2025, netting roughly $1.2 million in profit. The CFTC filed a parallel civil action seeking penalties and trading bans.

Georgia Enacts Payment Stablecoin Act, Establishing Issuer Licensing Regime, May 2026

On 11 May 2026, Georgia signed HB 1272 (Act 452), the Georgia Payment Stablecoin Act, into law. The statute directs the Georgia Department of Banking and Finance to license stablecoin issuers incorporated under Georgia or foreign law. Licensed issuers must maintain one-to-one reserves of eligible assets and may only engage in stablecoin issuance, redemption, reserve management, and related custodial activities. The law takes effect on the earlier of 18 January 2027 or 120 days after federal GENIUS Act implementing regulations are finalized.

European Commission Opens Targeted Consultation on MiCA Review, May 2026

On 20 May 2026, the European Commission launched a targeted consultation on Regulation (EU) 2023/1114, the Markets in Crypto-Assets Regulation (MiCA), running alongside a parallel public consultation. The targeted consultation spans 86 questions across four thematic blocks and invites responses from industry representatives and public authorities. Submissions close 31 August 2026, with results feeding into the Commission's review reports under Articles 140 and 142 of MiCA.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started

Where to go from here

Try Licentium AI

Licentium's AI workspace for regulatory questions. Web3 and AI teams shipping fast.

Browse the Fintech Licensing Hub

Jurisdiction-by-jurisdiction guides on licensing pathways, timelines, and costs.

Talk to us

Book a 30-minute consultation. We'll map your path and tell you what's required.