Written by: Haim Ravia, Dotan Hammer
The European Commission has published comprehensive draft guidelines to clarify the classification of high-risk artificial intelligence systems under the landmark EU AI Act. These documents provide practical examples and interpretations designed to support providers, deployers, and market surveillance authorities in achieving uniform application of the law.
Classification as “high-risk” is a pivotal designation that triggers significant legal obligations to ensure AI is trustworthy and safe under the EU AI Act. The guidelines clarify that a system must first meet the legal definition of an AI system: a machine-based tool designed to operate with varying levels of autonomy that infers how to generate outputs—such as predictions or decisions—which influence physical or virtual environments.
The guidelines follow the two-scenario structure mandated by Article 6 of the Act. The first scenario covers AI used as safety components in products already governed by EU harmonization legislation. This includes sectors such as medical devices, machinery, toys, and aviation. For an AI system to be high-risk in this category, it must be required to undergo a third-party conformity assessment under those existing sector-specific rules.
The second scenario focuses on standalone AI systems deployed in eight sensitive areas identified as particularly susceptible to risks to fundamental rights. These areas include biometrics, where the guidelines specifically highlight remote identification and emotion recognition systems; critical infrastructure, encompassing the management of road traffic and essential utility supplies such as water and electricity; and education, where AI systems that determine admissions or evaluate learning outcomes are classified as high-risk.
In the field of employment, AI systems utilized for recruitment, task allocation, or performance monitoring are strictly regulated to prevent the perpetuation of historical patterns of discrimination. Furthermore, systems evaluating eligibility for essential public services—including social security benefits and healthcare—or those establishing a natural person’s credit score are classified as high-risk. Finally, the guidelines address tools employed in law enforcement, migration management, and the administration of justice, such as AI intended to assist judges in researching or applying the law.
A vital component of the guidelines is the “filter mechanism” under Article 6(3). This mechanism permits providers to exempt systems that do not “materially influence” the outcome of decision-making. Examples include AI systems performing narrow procedural tasks, such as sorting document folders, or preparatory tasks like indexing data for later human review. Significantly, any system that performs profiling of individuals is invariably classified as high-risk and cannot benefit from this filter.
In conjunction with the EU political agreement to simplify the AI Act, the guidelines establish a deferred implementation timeline for these rules. Requirements for standalone high-risk systems (Annex III) will apply from December 2, 2027, while those for AI-integrated products (Annex I) will take effect on August 2, 2028. Stakeholders are invited to provide feedback on the draft before its finalization by the Commission’s AI Office.
Click here to read the EU Commission’s announcement of the draft guidelines on the classification of high-risk AI systems.
