The European Commission published draft guidelines clarifying how providers and deployers of artificial intelligence systems should determine whether a given system qualifies as high-risk under Regulation (EU) 2024/1689, the EU AI Act. The draft was open for targeted industry consultation, with the original deadline of 23 June 2026 extended to 23 July 2026. Final guidelines are expected by the end of 2026.
Under Article 6 and Annex III of the EU AI Act, an AI system qualifies as high-risk if it satisfies one of two criteria. First, it functions as a safety component of a product subject to EU harmonisation legislation that requires third-party conformity assessment. Second, it falls within one of the use cases listed in Annex III, covering eight sectors: biometric identification and categorisation of natural persons; management of critical infrastructure; education and vocational training; employment and workers management; access to essential private and public services and benefits; law enforcement; migration and border control management; and administration of justice and democratic processes. The draft guidelines supply practical examples for each Annex III category to assist providers in making the classification assessment.
Providers that classify an AI system as high-risk must complete a conformity assessment before placing the system on the EU market, register the system in the EU database under Article 71, and meet the requirements of Articles 9 to 15, covering data governance, technical documentation, record-keeping, transparency toward deployers, human oversight, accuracy, robustness, and cybersecurity. Deployers using high-risk AI systems in employment decisions, educational assessments, or for access to essential services must conduct fundamental rights impact assessments under Article 27. Providers building AI products for any Annex III sector should treat the draft guidelines as the operative interpretation of Article 6 for current compliance planning.
The draft guidelines cover classification only, not conformity assessment procedures or enforcement. The Commission is separately preparing guidelines on Article 50 transparency obligations, on serious incident reporting, and on the full set of high-risk requirements for providers and deployers. Under Article 7, the Commission can expand Annex III by delegated act to add further high-risk use cases, so the final scope of the high-risk category may differ from the current Annex III text.
Licentium advises AI developers, technology companies, and deployers on EU AI Act compliance, including high-risk classification analyses, conformity assessment preparation, and fundamental rights impact assessments. We help clients determine whether their systems fall within Annex III scope and prepare for the applicable obligations. Contact us to discuss your EU AI Act compliance position. Work we undertake includes AI system classification assessment, conformity assessment support, AI regulatory strategy, EU AI Act implementation planning, and general-purpose AI model regulatory analysis.