Regulatory update - European Commission publishes draft guidelines on high-risk AI classification

The European Commission has published three draft guidelines on the classification of high-risk AI systems under Article 6 of the AI Act, opening them for stakeholder consultation. The drafts cover (i) general principles for high-risk classification, (ii) classification under Article 6(1) and Annex I (AI as a product or safety component of a regulated product), and (iii) classification under Article 6(2) and Annex III (the eight use-case categories). They were published by the Commission's digital strategy library for stakeholder feedback, are non-binding, and the Court of Justice retains final interpretive authority.

The guidelines do not change the AI Act's framework. The four-tier risk model and the two routes into high-risk classification are as the Regulation always set them. What the guidelines do is harden the interpretive boundary in places where industry practice has been drifting wide. The draft status means refinements will follow at adoption, but the interpretive direction of travel is set. Governance teams that treat the guidelines as the working baseline starting now will have the runway through 2027 that teams waiting until final adoption will not.

Three clarifications from these draft guidelines stand out for practitioners.

The "complex systems" rule closes a workaround

The first move closes a classification workaround that some enterprises have been building toward. The guidelines specify that where several AI systems form part of a more complex AI system, "the combined configuration is treated as a single AI system for the purpose of high-risk classification." Even modules that would individually qualify for the Article 6(3) exemption lose that exemption "if the overall system's configuration and functioning influence key aspects of the decisions made with the AI system's support in the context of the high-risk use case."

The Commission goes further on autonomous systems specifically. The same principle "extends to complex, interconnected setups like agentic AI systems that coordinate and interact through linked actions as long as these linked actions or components serve in conjunction an intended high-risk purpose."

The implication for enterprise agentic deployments is direct. Multi-agent stacks need to be assessed end-to-end, not component-by-component. Architectural choices that split a workflow across several agents do not split the regulatory classification. An orchestrator coordinating sub-agents toward a high-risk decision is treated as one high-risk system, and the obligations attach to the stack as a whole. For the underlying framing on how the Act bends to absorb agentic architectures, see The EU AI Act bends for agentic AI; it need not break.

Intended purpose tightens - and the test runs across all materials

The second move tightens the interpretation of intended purpose, particularly for multi-purpose and general-purpose AI systems. The guidelines state that for systems "presented as broadly applicable across a generality of contexts and functions" that do not "consistently limit application or exclude high-risk uses," the system's intended purpose "will be deemed to also encompass high-risk use cases."

Per paragraph 12 of the general principles: "Merely asserting (for example in the terms of service) that high-risk uses are excluded is insufficient to avoid the system from being considered high-risk, where the provider's overall presentation, examples, or product positioning effectively provides for or promotes such uses."

The Commission lists the materials it will look at: instructions for use, contractual arrangements, terms of service, usage policy, promotional and sales materials, statements, and technical documentation. The test is read in the round. A contract clause excluding high-risk use, sitting alongside marketing copy that demonstrates or promotes exactly such use, does not protect the vendor - and does not protect the deployer who relied on that contract.

The cross-functional conversation has to extend beyond legal. Marketing and product positioning are now part of the compliance surface, and where they contradict the contractual restriction, the contractual restriction loses.

The Article 6(3) filter is narrower than headlines suggest

The third move is the narrower interpretation of the Article 6(3) filter - the exception that exempts otherwise-Annex-III systems from high-risk classification where they perform a narrow procedural task, improve a previously completed human activity, detect decision-making patterns without replacing human assessment, or perform a preparatory task.

The guidelines are explicit: "As Article 6(3) represents an exception from rules aimed at (among others) protecting fundamental rights, the conditions must be interpreted narrowly." They must also be read in light of the requirement that the system "should not materially influence the outcome of the decision."

The practical examples show where the line falls. A CV-screening tool that only sorts applications into predefined categories without evaluative weight may qualify for the procedural-task exemption. The same tool configured to score, rank, or assess candidate suitability does not - even if a human reviews the output. The pattern repeats across use cases: when the AI's output materially shapes the decision that follows, the exception does not apply.

Two additional points sharpen the discipline. First, profiling within the meaning of Article 4(4) GDPR always disqualifies a system from the filter; there is no escape via 6(3) where profiling is involved. Second, claiming the exception is not a passive choice. Article 6(4) requires the provider to document the assessment before placing the system on the market and to register the system in the EU database under Article 71. Market surveillance authorities can reclassify under Article 80 and impose Article 99 penalties for misclassification used to circumvent high-risk requirements.

What didn't move

Several elements of the AI Act remain exactly as the Regulation set them. The Article 5 prohibitions are unchanged. The Annex I sectoral structure (covering machinery, medical devices, toys, vehicles, radio equipment, and other regulated products) is exhaustive and modifiable only through amendments to the underlying harmonization legislation. The Annex III use-case list is exhaustive and modifiable only through delegated acts under Article 7. The human oversight requirements under Article 14 continue to apply to all high-risk systems regardless of how the classification is reached.

The post-Omnibus enforcement timelines also hold. Article 6(2) obligations apply from 2 December 2027; Article 6(1) obligations from 2 August 2028. The deferral shifts only the deadline by which the work needs to demonstrate result, not the substance of the work itself. The Article 25 rules for distributors, importers, deployers, and other third parties becoming providers (by rebranding a high-risk system, substantially modifying it, or modifying its intended purpose) are clarified but not new.

What to do this week

Five actions, ordered roughly by time-sensitivity. The first three respond directly to the three clarifications above; the last two are operational discipline that will be easier to put in place now than to retro-fit when the guidelines adopt.

Re-run any Article 6(3) exception claims against the narrower interpretive lens. Any current claim that an AI system qualifies for the procedural-task or preparatory-task exemption should be re-tested against the documented criteria - particularly any claim that overlaps with evaluative weight on the underlying decision. The exception applies narrowly; documentation and EU database registration are required where it is invoked.

Coordinate with legal and marketing on contract-vs-positioning alignment. Where vendors disclaim high-risk use in contracts while marketing demonstrates or promotes exactly such use, the disclaimer does not hold. The compliance story has to be coherent across the contract and the surrounding materials, which makes this a cross-functional conversation that legal and marketing have to be in together. Legal owns the contract language, marketing owns the positioning, and governance owns the coherence test across both.

Audit multi-purpose and general-purpose AI vendor positioning for the same pattern, from the deployer side. Vendor due diligence should include a positioning audit: does the vendor's marketing, technical documentation, and product positioning consistently exclude high-risk uses, or does it tacitly include them? Reliance on the vendor's contract alone leaves the deployer exposed.

Map complex AI deployments end-to-end for the "treated as single system" rule. Any deployment involving multiple AI systems, particularly agentic stacks with orchestrators and sub-agents, needs to be assessed as a single high-risk system if the combined configuration materially influences a high-risk decision. Component-by-component classification no longer holds where the components serve in conjunction an intended high-risk purpose.

Update internal classification documentation to reference the draft guidelines as the current interpretive baseline. Refinement will be needed at final adoption (likely later in 2026 or early 2027), but capturing the position now means the discipline is already in place when the guidelines do adopt.

What we're watching next

Five signals on the calendar, ordered by how directly they could shift the practitioner's work:

• Final adoption timeline for the three draft guidelines after stakeholder consultation closes

• Sector-specific Annex I guidelines, which the Commission has flagged will follow

• Compliance guidance for high-risk requirements and provider/deployer obligations

• Article 7 delegated acts that could add or remove Annex III use cases

• The annual monitoring instrument under Article 112(1)

Where Enzai fits

The classification work these guidelines codify is the same classification work enterprise AI governance teams have been operationalizing through Enzai's framework library. It already covers the Article 5 / Annex I / Annex III / Article 6(3) classification sequence these guidelines set out. Where the guidelines add value is in the interpretive depth on the harder edges (the complex-systems rule, the marketing-vs-contract test, the narrower filter), and the framework library will incorporate the guidelines as the practitioner's interpretive reference once finalized.

For governance teams currently running classification work in spreadsheets or ad-hoc legal review, the case for moving to a structured operational workflow becomes harder to ignore. Classification is no longer a one-off act; it is a discipline that has to absorb the interpretive layer the Commission is now adding on top of the Regulation, with auditable documentation for each Article 6(3) claim and EU database registration to follow. The work transfers either way; the question is whether it moves through a structured platform or accumulates as a debt that lands all at once at the 2027 deadline.

For practitioner detail on the underlying classification framework, including the decision tree, the Annex III use-case categories, and the edge cases, see Enzai's EU AI Act Risk Classification Guide. For a working session on what these guidelines mean for your AI portfolio specifically, book time with our team.

References

Primary legislation and official sources

• Regulation (EU) 2024/1689, the AI Act: https://eur-lex.europa.eu/eli/reg/2024/1689/oj

• European Commission, Draft Commission Guidelines on the classification of high-risk AI systems: https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems

• European Commission, news release on the draft guidelines consultation (19 May 2026): https://digital-strategy.ec.europa.eu/en/news/commission-seeks-feedback-draft-guidelines-classification-high-risk-artificial-intelligence-systems

• European Commission, targeted consultation page (open until 23 June 2026): https://digital-strategy.ec.europa.eu/en/consultations/targeted-consultation-draft-guidelines-classification-high-risk-artificial-intelligence-systems

• AI Act Article 5 (prohibited practices): https://artificialintelligenceact.eu/article/5/

• AI Act Article 6 (high-risk classification): https://artificialintelligenceact.eu/article/6/

• AI Act Article 7 (Annex III delegated acts): https://artificialintelligenceact.eu/article/7/

• AI Act Article 14 (human oversight): https://artificialintelligenceact.eu/article/14/

• AI Act Article 25 (provider/deployer obligations): https://artificialintelligenceact.eu/article/25/

• AI Act Article 71 (EU database registration): https://artificialintelligenceact.eu/article/71/

• AI Act Article 80 (market surveillance reclassification): https://artificialintelligenceact.eu/article/80/

• AI Act Article 99 (penalties): https://artificialintelligenceact.eu/article/99/

• AI Act Article 112(1) (annual monitoring): https://artificialintelligenceact.eu/article/112/

• AI Act Annex I (regulated products): https://artificialintelligenceact.eu/annex/1/

• AI Act Annex III (high-risk categories): https://artificialintelligenceact.eu/annex/3/

• Regulation (EU) 2016/679, the GDPR (Article 4(4) profiling): https://eur-lex.europa.eu/eli/reg/2016/679/oj

News and analysis

• IAPP, "European Commission delivers draft high-risk AI guidelines after delays": https://iapp.org/news/a/european-commission-delivers-draft-high-risk-ai-guidelines-after-delays

• William Fry, "EU Publishes Draft Guidelines on Classification of High-Risk AI Systems": https://www.williamfry.com/knowledge/eu-publishes-draft-guidelines-on-classification-of-high-risk-ai-systems/

• Snellman EU Digital Compliance Tracker, "European Commission Publishes Draft Guidelines on High-Risk AI Systems": https://digitalcompliance.snellman.com/european-commission-publishes-draft-guidelines-on-high-risk-ai-systems/

Background

• Enzai, EU AI Act Risk Classification Guide: https://www.enz.ai/eu-ai-act-risk-classification-guide

• Enzai, The EU AI Act bends for agentic AI; it need not break: https://www.enz.ai/blog/the-eu-ai-act-bends-for-agentic-ai-it-need-not-break

• Enzai, Regulatory update - EU extends the high-risk AI enforcement deadlines (May 2026): https://www.enz.ai/blog/regulatory-update-eu-extends-the-high-risk-ai-enforcement-deadlines