From the journal

European Commission Consults on Draft Guidelines for High-Risk AI Classification Under AI Act Article 6, Deadline 23 June 2026

The European Commission published draft guidelines on the classification of high-risk AI systems under Article 6 of Regulation (EU) 2024/1689 (the EU AI Act) and opened a targeted public consultation running to June 23, 2026 at 22:00 CET. The guidelines interpret Article 6's two classification routes and the self-assessment procedure allowing providers to conclude that certain Annex III systems pose no significant risk of harm.

3 min read

The European Commission published draft guidelines on the classification of high-risk artificial intelligence systems under Article 6 of Regulation (EU) 2024/1689 (the EU AI Act) and opened a targeted public consultation with a submission deadline of June 23, 2026 at 22:00 CET. This is a pre-adoption consultation; feedback received will be considered by the Commission before it adopts the final guidelines. The guidelines are intended to support uniform application and enforcement of the Act's high-risk classification rules across EU member states and to assist national market surveillance authorities in their supervisory work.

Article 6 of the EU AI Act establishes two routes to high-risk classification. Article 6(1) applies to AI systems that are safety components of products listed in Annex I, such as machinery, medical devices, and civil aviation equipment, or that are themselves such products subject to CE marking under Union harmonization legislation. Article 6(2) applies to AI systems whose use case falls within one of the eight areas listed in Annex III: biometric identification and categorization; critical infrastructure management; education and vocational training; employment and worker management; access to essential private and public services; law enforcement; migration and asylum management; and administration of justice. The draft guidelines interpret key classification terms under both limbs, provide worked examples, and explain the Article 6(2) self-assessment procedure under which a provider or deployer may conclude that their Annex III system is not high-risk because it presents no significant risk of harm to health, safety, or fundamental rights.

Providers and deployers of AI systems in financial services, healthcare, insurance underwriting, credit scoring, HR and recruitment, law enforcement, education, and border management face the most direct compliance exposure. A high-risk classification under Title III of the AI Act triggers: mandatory conformity assessment before market placement; registration in the EU database of high-risk AI systems; technical documentation requirements; logging and audit trail obligations; transparency requirements toward deployers and affected persons; human oversight measures; and post-market monitoring programs. Affected organizations should review their product portfolios against the draft guidelines before the June 23, 2026 consultation deadline, which is the last formal opportunity to shape the final interpretive text before it informs supervisory practice across EU member states.

The final guidelines are non-binding as a matter of law but national competent authorities and the EU AI Office are expected to apply them in supervisory and enforcement decisions. The August 2, 2026 application date for Title III obligations covering Annex III high-risk systems means post-consultation time for compliance adjustment will be narrow. AI systems already on the market when the Act's provisions applied have transitional periods; new products placed on the EU market from August 2, 2026 onward must comply from placement. The AI Act Service Desk at ai-act-service-desk.ec.europa.eu publishes the draft guidelines in a searchable format organized by area and use case.

Licentium advises AI system providers and deployers on EU AI Act compliance across member states. We may be able to assist with classification questions and compliance preparation, and maintain a partner network with deep EU AI Act expertise. We invite you to get in touch. Work we undertake includes AI system classification assessments, conformity assessment preparation, technical documentation drafting, EU AI regulatory submissions, and AI Act gap analysis for product portfolios.

Source: European Commission, Draft Commission Guidelines on the Classification of High-Risk AI Systems under Article 6 of Regulation (EU) 2024/1689, targeted consultation open to 23 June 2026

AI Regulatory

More from the journal

See all

Illinois signs Artificial Intelligence Safety Measures Act into law, effective January 2027

Governor JB Pritzker signed the Illinois Artificial Intelligence Safety Measures Act on 6 July 2026, making Illinois the first US state to require mandatory annual third-party audits of frontier AI model developers. The Act applies to large frontier developers operating or deploying models in Illinois, requires transparency reports before each new or substantially modified frontier model deployment, and establishes civil penalties. Core obligations take effect 1 January 2027.

UK consults on modernising payment services regulation covering stablecoins and AI agents, 2026

HM Treasury launched a consultation on modernising the UK payment services regulatory regime, with responses due by 6 October 2026. The consultation addresses how to adapt regulation for tokenised payments including qualifying stablecoins, Open Banking expansion, and agentic AI systems authorised to conduct payments. It follows the February 2026 Payments Forward Plan and the government's decision to transfer Payment Systems Regulator functions to the Financial Conduct Authority.

Hong Kong SFC mandates phishing-resistant authentication for internet brokers and VATPs, July 2026

The Hong Kong Securities and Futures Commission issued a circular on 9 July 2026 requiring licensed corporations engaged in electronic trading and SFC-licensed virtual asset trading platform operators to replace one-time passwords with phishing-resistant authentication methods. Covered firms must implement passkeys or bound-device recognition for client login and device binding. Large internet brokers must act immediately. All other in-scope firms have up to 12 months to comply.