Last week the European Commission published long awaited draft guidance on classifying high-risk AI systems under Article 6 of the EU AI Act (the Guidance). The draft Guidance is currently open for public consultation until 23 June 2026. 

The Guidance is aimed at providers, deployers and market surveillance authorities. It focuses exclusively on classification (i.e. whether a system is high‑risk), with further guidance on compliance obligations to follow. The guidelines were originally due to be published by 2 February 2026 and, as such, their arrival has been eagerly anticipated. 

Structure of the Guidance

The Guidance is delivered across three separate documents:

  • The General Principles: The first document sets out the general principles for assessing high‑risk classification.
  • Annex I Guidance – High-Risk Classification according to Article 6(1): The second document covers classification of AI systems considered high‑risk under Annex I (Article 6(1) AI Act), such as those contained in toys, lifts, or medical devices.
  • Annex III Guidance – High-Risk Classification according to Article 6(2): The third, deals with AI systems classified as high‑risk under Annex III (Article 6(2) AI Act), such as AI systems used in recruitment and insurance pricing. This document also includes guidance on the applicability of the Article 6(3) AI Act high-risk derogations.

The Guidance includes extensive examples of in‑scope and out‑of‑scope use cases and Document 3 provides detailed examples across all eight Annex III use cases.

The General Principles

The general principles set out the overarching approach of the Guidance. Of particular note is the importance placed on the intended purpose of the AI system to classification. 

An AI system’s intended purpose (which can be summarised as the use for which that system is intended by the provider) is assessed by reference to a number of factors, including: the instructions for use; promotional or sales materials and statements; as well as the technical and contractual documentation. 

Crucially, the Guidance explains that where the provider presents the AI system as being broadly applicable across a generality of contexts and functions, and does not consistently limit the AI system’s application or exclude high-risk uses, then “the system’s intended purpose will be deemed to also encompass high-risk use cases and therefore qualify as high-risk”. This approach takes into account the broader context of the system’s foreseeable functionalities and capabilities. The Guidance further notes that “merely asserting (for example in the terms of service) that high-risk uses are excluded is insufficient to avoid the system from being considered high-risk” where the overall presentation effectively provides for or promotes high-risk uses. 

This clarification highlights the importance of a provider having a cohesive strategy when preparing both the contractual documents and promotional materials in order to ensure that its system is accurately classified. Failure to do so could lead to an AI system being inadvertently categorised as high-risk. 

Annex I Guidance – High-Risk Classification according to Article 6(1)

The Commission’s draft Annex I guidance provides important clarifications for legal technology providers and organisations developing AI within regulated products (i.e. products covered by Annex I of the AI Act). Article 6(1) of the AI Act sets out classification rules for AI systems intended to be used as safety components of a product or AI systems which are themselves products covered by EU harmonisation legislation listed in Annex I. 

Not all AI systems that are components of regulated products, or that are themselves regulated products, are high-risk AI systems. The Guidance confirms that classification of “high-risk” AI under Article 6(1) is deliberately narrow and hinges on two cumulative conditions: (i) the AI system must be intended to be used as a safety component of a product or itself be a product covered by the Annex I EU harmonisation legislation, and (ii) it is required to undergo a third-party conformity assessment. 

Condition 1 Safety Component: The concept of a “safety component”, is therefore central. A safety component is where the AI system fulfils a “safety function” or where the system’s failure or malfunctioning endangers the health and safety of persons or property.  

  • An AI system fulfills a  “safety function”, and will therefore be a safety component, where its intended purpose, as determined by the provider, is to prevent or mitigate risk to health and safety of persons or property. The Guidance provides helpful indicative examples of in-scope and out-of-scope functions. The Guidance states that the mere fact that an AI system is integrated into or operates within a product that is subject to safety regulation does not automatically mean that it fulfils a safety function.  
  • An AI system may also constitute a safety component if its failure or malfunctioning could endanger the health and safety of persons or property, even if it is not intended to perform a safety function. The assessment focuses on the control or influence an AI system has over hazardous processes and whether failure may create or amplify risks. Notably, the Guidance specifically identifies AI systems used for cybersecurity purposes as potentially in-scope. 

Condition 2 Third-Party Conformity Assessment: The AI Act does not determine the applicable conformity assessment procedures for AI systems, but instead relies on the choice of assessment established under the Annex I EU harmonisation legislation. This means an analysis of the AI system in question against the conformity assessment requirements of the relevant Annex I legislation is required.

Annex III Guidance – High-Risk Classification according to Article 6(2)

Annex III provides guidance on high-risk AI systems across a number of use cases. In particular, it sets out principles that are specifically applicable to classifying systems as being within scope of Annex III. Again, a key takeaway is that classification is driven by the intended purpose of the AI system, as defined by the provider. The principles include:  

  • Human Involvement: The Guidance notes that the presence of human involvement cannot change the intended purpose and, therefore, will not, in itself, remove a system from the high-risk category. However, human involvement may be relevant to the derogation/exemption analysis (see below). 
  • Complex Systems: Where an AI system forms part of more complex systems, the combined intended purpose is assessed as a single AI system for the purpose of high-risk classification (where it is intended that such joint outputs or joint intended purpose will materially influence an individual decision). Such joint assessment could materially alter the application of the derogations. However, the Guidance does not rule out separating AI systems where the components are genuinely separable. 
  • ‘Intended Use’: The Guidance clarifies that the meaning of  “intended use” (as used in Annex III) is identical to the meaning of ‘intended purpose’ which is defined at Article 3(12) of the AI Act and discussed above. If the intended purpose does not encompass one of the Annex III use cases, the system is not intended to be used for such a use case. It is not necessary for the AI system to actually be in use in a high-risk manner to gain a high-risk classification, instead the provider must assess the intended use of the AI system. 

Guidance is provided on eight use cases, including: Biometrics, Employment/Human Resources and Access to and enjoyment of essential private services .

Biometrics

The first area within Annex III of the AI Act outlines three biometric use cases, covering AI systems used for remote biometric identification (RBI), biometric categorisation according to sensitive attributes or characteristics, and AI systems used for emotion recognition. 

  • RBI: Three conditions are necessary here for the AI system to be a high-risk RBI, (1) its purpose must be biometric identification; (2) identification must occur without the active involvement of the person concerned (typically at a distance); and (3) the AI system must perform a comparison between the person’s biometric data and data contained in a reference database. AI systems falling within this category include AI systems intended to compare CSAM found on the internet to established national and international databases or AI systems that conduct voice print matching against a database. 
  • Biometric Categorisation:  AI systems intended to be used for biometric categorisation according to sensitive or protected characteristics based on the inference of those attributes or characteristics are categorised as high-risk. These can include AI systems intended to categorise customers based on their gender to offer/improve personalised experience to customers and AI systems used for age estimation.
  • Emotion Recognition: AI systems that conduct emotion recognition outside the prohibited practices are high-risk. These include AI systems intended to measure gaming experience of individuals to further improve the product or AI systems used in call centres to infer emotions of customers. This includes using AI systems to assign shifts and rest periods to individuals and an AI system used to manage workload. 

The guidance notes the close interplay between biometric use cases that are high-risk and those that are prohibited. It further highlights that the definitions of biometric data in the GDPR and AI Act are not the same. The AI Act definition does not include the words “which allow or confirm the unique identification” which is the functional use of biometric data. Accordingly, the definition of biometric data under the AI Act is intended to cover a broader set of uses.

Employment

Certain use cases in relation to employment are also considered high-risk and can be broken down into two broad categories: 

  • Recruitment: AI systems intended to be used for recruitment of individuals and in particular to place target job ads, analyse/filter job applications, and to evaluate candidates are to be considered high risk. Examples provided in the guidance include automated job matching and ranking tools, or ranking of self-employed service providers. 
  • Work-related relationships: AI systems used to make decisions affecting work-related relationships, promotion, termination, allocation of tasks in certain circumstances, or to monitor or evaluate performance are all high-risk. The Guidance highlights examples such as AI systems for training performance evaluation or office space optimisation and use cases that have the potential to be high-risk. 

Access to and enjoyment of essential private services 

Guidance is also provided in respect of (1) AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score; and (2) AI systems intended to be used for risk assessment and pricing in relation to natural persons in the case of life and health insurance.

  • Creditworthiness/Credit Scoring: Annex III refers to AI systems relating to creditworthiness/credit scoring as being high-risk. The Guidance helps to define these concepts by stating that creditworthiness refers to the assessment of a natural person’s ability and willingness to fulfil contractual obligations to pay for services provided or credit granted. A credit score refers to the creation and building of a representation of an individual’s creditworthiness.  This includes AI systems used for credit scoring for consumer lending and mortgages. 
  • Insurance Pricing: Risk assessment or pricing decisions for health or life insurance is high-risk. It can include AI systems used by an insurer to review applications for life insurance.

“Filter Mechanism”: The Derogations/Exemptions to Annex III

The AI Act provides for exemptions from a high-risk classification in certain situations. The Guidance refers to this as the “Filter Mechanism” and it provides guidance on each of the Article 6(3) exemptions from a high-risk classification.  

AI systems that would normally be classified as high-risk based on its purpose under Article 6(2) and Annex III of the AI Act, may be exempt if they do not materially influence the decision-making outcome and, therefore, do not pose a significant risk of harm. To be eligible for this exemption, the AI system must fall into at least one of the following conditions:

  1. perform a narrow procedural task;
  2. improve the result of a previously completed human activity;
  3. detects decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence the previously completed human assessment, without proper human review; or
  4. perform a preparatory task to an assessment relevant for the purposes of the use cases listed in Annex III. 

However, it is important to note that AI systems which perform profiling cannot avail of the  “filter mechanism”. 

Each of the conditions for exemption under the  “filter mechanism”  are explained in detail by the Guidance: 

  • Perform a Narrow Procedural Task: AI systems that categorise, change the format, structure, or presentation of data, or change its metadata, will be exempt. In contrast, AI systems that perform value judgments of data for decision-making or attribute rankings to input data will likely not be performing a narrow procedural task. 
  • Improve the result of a previously completed human activity: The Guidance states that there are three elements all of which must be present for this condition to apply – (i) completion of a human activity, (ii) leading to a result, (iii) which is improved by the AI system without changing the outcome or conclusion. The Guidance notes the use of the word  “improve”  rather than  “review”  and it highlights that the AI system may refine, but must not provide a materially different result.
  • Detect decision-making patterns or deviations: This condition allows for a more substantive role for the AI system in the assessment process. However, the Guidance stresses that the concept of decision-making patterns should be interpreted narrowly, and it outlines three ways in which this exemption is limited when implemented namely (1) that human assessment must have already been completed meaning the evaluation has already taken place; (2) the AI system can only perform post completion comparative analysis to determine whether the decision aligns with previous patterns, it cannot interfere with the criteria from those previous decisions; and (3) that a proper human review of the AI system’s output is still required if it will change the outcome of the AI system. 
  • Preparatory Task: The Guidance clarifies that preparatory tasks are differentiated from narrow procedural tasks because they must occur prior to the actual assessment process (although a task may be both a preparatory task and narrow procedural task). The task’s role in the process and proximity to the final human decision will be decisive. Nevertheless, the task should not have an impact on the substance or outcome of decision-making.  

Whether an AI System can benefit from the “filter mechanism” depends on a self-assessment by the provider. Providers are required to document the assessment before placing the AI system on the market or putting it into service, and to register the AI system in the EU database. 

Updated Timeline and Targeted Stakeholder Consultation

The Guidance notes that the AI Omnibus has postponed the entry into application of the rules for high-risk AI systems: Article 6(2) and Article 6(1), along with the corresponding obligations under each provision, will now apply from 2 December 2027 and 2 August 2028, respectively.

Stakeholders can submit input on the draft Guidance from 19 May 2026 until 23 June 2026.

A copy of the Draft Guidance is available here

For further information in relation to the AI Act please contact John Cahir, partner, Dr Stephen King, partner, Aideen Burke, partner, Chris Bollard, partner, Andrew Sheridan, partner, or your usual ALG Technology contact.ALG has also published a more detailed guide to the AI Act which is accessible here