Privacy & Cybersecurity Law Blog

On May 19, 2026, the European Commission published draft guidelines on the classification of high-risk artificial intelligence (“AI”) systems under the EU Artificial Intelligence Act (the “EU AI Act”) and launched a public consultation open until June 23, 2026. The draft guidelines, which have been issued under Article 6(5) of the EU AI Act, are intended to assist providers, deployers and market surveillance authorities in determining whether an AI system falls within a high-risk category under Article 6 of the EU AI Act.

The EU AI Act, which entered into force on August 1, 2024, adopts a risk-based framework for AI systems used in the EU. Within that framework, high-risk AI systems are subject to a detailed set of requirements and obligations designed to address risks to health, safety and fundamental rights. The European Commission’s draft guidelines are aimed at supporting a more consistent interpretation of the high-risk classification rules and facilitating the application and enforcement of Article 6.

The draft guidelines are structured in three parts:

• Section 1: This section sets out the general principles for determining whether an AI system should be classified as high-risk and introduces the two categories of high-risk AI systems under Article 6 of the EU AI Act.
• Section 2: This section addresses classification under Article 6(1) and Annex I of the EU AI Act, covering AI systems that are safety components of products, or are themselves products, subject to specified EU product safety legislation.
• Section 3: This section addresses classification under Article 6(2) and Annex III of the EU AI Act, covering certain stand-alone AI systems used in areas identified by the AI Act as presenting significant risk, including biometrics, education, employment, essential services and law enforcement.

The draft guidelines provide non-exhaustive examples of AI systems that may or may not be classified as high-risk, while making clear that inclusion of a use case does not by itself establish its lawfulness under applicable law.

The publication follows a delay from the European Commission’s original timetable. Guidance on high-risk classification had initially been expected by February 2, 2026, ahead of the EU AI Act’s original compliance milestones for high-risk systems. The absence of final guidance, together with delays in the development of standards and other implementation tools, became a central issue in broader discussions on the operational readiness of the EU AI Act. Those concerns contributed to the recent Digital Omnibus on AI, which revised the implementation schedule for certain high-risk AI obligations. Under the updated timetable, requirements for stand-alone high-risk AI systems are now due to apply from December 2, 2027, while obligations for high-risk AI systems embedded in products will apply from August 2, 2028. The revised deadlines were intended to provide additional time for the development of guidance, specifications and standards, and to give organizations greater legal certainty as they prepare for compliance.

The current draft guidelines will be subject to further consultation before the European Commission adopts a final version. The European Commission also emphasizes that the guidelines are not legally binding and that authoritative interpretation of the EU AI Act ultimately rests with the Court of Justice of the European Union.

Read the draft guidelines here.