For sixteen months, EU compliance teams classified high-risk AI against a statute that had no official interpretation behind it. On May 19, the European Commission filled the gap.

The draft guidelines do more than explain the rules. They move the decisive question onto a single provision, the Article 6(3) filter, and they turn classification from a label ticked at launch into a documented, registered file that market surveillance authorities can demand on short notice. The consultation closes June 23, and whatever language goes unchallenged now will harden into the final text.

The Thesis

The Commission’s May 19 draft guidelines change how companies have to figure out whether their AI counts as high-risk under the EU AI Act, the label that triggers the heaviest compliance obligations. The new pivot point is the Article 6(3) filter, which lets some systems that would otherwise be high-risk fall out of the category. The catch is that the company has to prove the system qualifies, not the regulator. That proof has to be written down before the system goes on the market, logged in an EU database, and kept on hand for an authority to inspect whenever it asks.

The Signal

Three moves redrew the high-risk line this cycle.

Signal 01
A sixteen-month interpretation vacuum closed on May 19, and non-binding examples became the working reference overnight.

What happened. The Commission published three texts under Article 6(5): general principles, the Annex I product-safety route, and the Annex III use-case route, plus a list of practical examples. The Annex I text gives the methodology a few hard edges. A failed thermostat means inconvenience and a higher bill, so most smart appliances stay out, while a failed smart door lock or child-lock can endanger a child, so those cross into high-risk. The consultation runs until June 23 (22:00 CET) through an anonymous questionnaire, and the AI Act Single Information Platform hosts a searchable explorer of the examples.

Why it matters. Before May 19, companies were classifying against statutory language with no Commission reading behind it, which left the most consequential question under the Act unsettled, stalled internal sign-offs, and pushed cautious teams to over-classify everything in sight. The examples are explicitly non-exhaustive, and the Commission says that listing a use case settles nothing about whether it is lawful. The July 2025 GPAI guidance showed how this goes: a non-binding text becomes the reference that regulators, auditors, and counterparties reach for within weeks of publication.

Second-order effect. The consultation window is the leverage point. Feedback folds into the final version before adoption, so the position a company argues for today shapes the interpretation that will govern its classifications for years.

Signal 02
The Article 6(3) filter is the line that decides classification, and the Commission drew it narrow.

What happened. Article 6(2) makes any system in one of eight Annex III areas high-risk: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and the administration of justice. Article 6(3) lets a system escape if it meets one of four conditions, namely that it performs a narrow procedural task, improves the result of a completed human activity, detects decision patterns without replacing human judgment, or carries out a preparatory task. The Commission then bolts on two gates. The system must not materially influence the outcome, and it must not perform profiling. Because the filter is an exception to rules that protect fundamental rights, the guidance states that its conditions have to be read narrowly.

Why it matters. Bird & Bird calls 6(3) the single most asked-about provision in the whole Annex III analysis. The employment examples show where the line falls, and they reach into every sector that hires. The Commission treats systems that source, score, rank, shortlist, assess, or match candidates as high-risk, while tools that schedule interviews, verify credentials, or parse CVs into a searchable database may fall outside. Enzai’s illustration is the cleanest one to keep in mind. A CV tool that sorts applications into predefined categories can pass the procedural-task exemption, and the same tool tuned to score or rank suitability cannot, even where a human reads the result.

Second-order effect. Profiling stops the analysis cold. Any automated processing of personal data to evaluate someone’s economic situation, health, reliability, or behaviour pulls the filter off the table, which closes the door for a large share of candidate use cases. A human reviewer does not save a system on its own either. The central question is whether the human stays the substantive decision-maker or quietly rubber-stamps the model’s output.

Signal 03
Claiming the filter is a documented, registered act that regulators can audit and penalize.

What happened. The escape is an active obligation. Article 6(4) requires the provider to document the assessment before the system reaches the market, and the system goes into the EU database under Article 71. Market surveillance authorities can call for that file whenever they choose, reclassify the system under Article 80, and reach for Article 99 penalties where a misclassification looks like an attempt to dodge the regime.

Why it matters. The asymmetries in the text reward close reading, because they decide real money. Credit scoring is high-risk, with a narrow carve-out for financial-fraud detection, while health and life insurance risk assessment and pricing carries no equivalent carve-out, a gap insurers running fraud and underwriting on shared infrastructure will feel right away. For modular and agentic builds, the Commission assesses the whole configuration where the components’ joint outputs materially influence a decision, so splitting functionality across modules to slip under the threshold gets nowhere.

Second-order effect. The governance posture that produces a defensible file, meaning a model inventory mapped to use case, the profiling analysis, the documented filter rationale, and the Article 71 entry, moves from a compliance artifact into a precondition for procurement, financing, and M&A diligence. The companies that capture and register their positions before adoption are the ones holding the file the day a regulator asks for it.

Classification used to be a box you ticked at launch. It is now a file you defend on demand, and the Article 6(3) filter is the page they turn to first.

The Playbook

Six moves before the next classification sign-off or board AI review.

Step 01
Re-anchor every classification memo to the three draft texts before June 23.

Capture each position in writing now, because the language stakeholders leave unchallenged carries into the final version and becomes the benchmark a company is measured against.

Step 02
Treat every filter claim as a file rather than a label.

Pair the Article 6(4) assessment with the Article 71 registration, and assume an authority can pull both on demand, reclassify under Article 80, and reach for Article 99 penalties where the misclassification reads as circumvention.

Step 03
Audit the HR and recruitment stack first.

It carries the broadest exposure and the clearest examples. Sort the tools that structure and reformat data away from the tools that score, rank, or assess, since the second group stays high-risk even with a human reviewing the output.

Step 04
Run the profiling test before reaching for the filter.

If any profiling within the GDPR’s Article 4(4) meaning sits anywhere in the pipeline, the filter is gone, and the analysis ends there.

Step 05
Map the modular and agentic chains.

Where several components’ combined outputs shape an individual decision, the whole configuration is in scope, so document the system at the level of its joint effect rather than its parts.

Step 06
Hold two enforcement dates at once.

The May 7 Digital Omnibus political agreement pushes Annex III to December 2027 and Annex I to August 2028, though it remains provisional and not yet adopted. Plan against August 2, 2026 as a hedge, since the GPAI obligations already landed on schedule and the extension may not fully arrive.

The Verification Test

Claim. This Annex III system qualifies for the Article 6(3) filter and sits outside the high-risk regime.

Test. Confirm three things in writing before the system ships: it meets one of the four 6(3) conditions, it performs no profiling within Article 4(4) GDPR, and its output does not materially influence the decision. Then confirm the Article 6(4) assessment is documented and the Article 71 registration is filed.

Pass criteria. A dated, pre-market assessment that names the specific 6(3) condition, a profiling analysis showing none is present, and a materiality analysis showing the human stays the substantive decision-maker, all of it retrievable on demand.

Fail smell. The filter rests on a human-in-the-loop alone; or the system scores, ranks, or assesses while the file calls it “procedural”; or profiling sits somewhere in the pipeline. Any one of the three signals a classification that will not survive an Article 80 review.

The Metric

CONSULTATION CLOSES · 22:00 CET JUNE 23, 2026 16-MONTH VACUUM MAY 19 Guidelines published JUNE 23 Last day for feedback AUG 2, 2026 Statutory hedge date DEC 2027 / AUG 2028 Provisional Omnibus not yet adopted
Source: European Commission, targeted consultation on the draft guidelines for the classification of high-risk AI systems, open until June 23, 2026 (22:00 CET).

What it measures. The close of the consultation window, the last date stakeholders can shape the language before the Commission folds feedback into the final version.

Why it matters now. Guidance like this hardens fast, and for a few converging reasons. The non-binding draft becomes the reference every market surveillance authority reaches for, counterparties begin citing it in diligence, and the July 2025 GPAI guidance already showed the pattern by becoming load-bearing within weeks. The interpretation a company can live with is the one it argues for before June 23. After that, the text it failed to challenge is the text it gets measured against.

The Lens — Horizon Search Institute

Responsible AI

The Commission routes the entire high-risk question through fundamental-rights protection, telling readers to interpret the Article 6(3) exception narrowly precisely because it derogates from rights safeguards. Enzai

Human Performance

The guidance turns human authority into a classification variable. A reviewer who rubber-stamps model output leaves a system high-risk, and a human who stays the substantive decision-maker can move it out. Thompson Coburn

Governance & Diplomacy

The draft makes classification an auditable governance file, documented under Article 6(4), registered under Article 71, reviewable under Article 80, and it extends the Act’s reach to any provider whose output is used in the EU. Bird & Bird

Links Worth Your Time

Sources
  1. European Commission, “Commission seeks feedback on the draft guidelines for the classification of high-risk artificial intelligence systems,” press release, May 19, 2026. digital-strategy.ec.europa.eu
  2. European Commission, Draft Commission Guidelines on the Classification of High-Risk AI Systems: General principles; Annex I; Annex III, May 19, 2026.
  3. European Commission, “Targeted consultation on the draft guidelines for the classification of high-risk artificial intelligence systems,” open until June 23, 2026. digital-strategy.ec.europa.eu
  4. Bird & Bird, “The Commission’s Draft High-Risk AI Guidelines under the EU AI Act: A First Read,” May 2026. twobirds.com
  5. Debevoise & Plimpton, “EU AI Act High-Risk AI Systems: EU Commission Publishes Draft Guidance,” Debevoise Data Blog, May 22, 2026. debevoisedatablog.com
  6. Enzai, “EU AI Act: Draft High-Risk Classification Guidelines,” May 2026. enz.ai
  7. Thompson Coburn LLP, “European Commission Releases Draft High-Risk AI Guidelines: What Businesses Should Take From Them,” May 2026. thompsoncoburn.com
  8. Hunton Andrews Kurth, “European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act,” May 2026. hunton.com
  9. Council of the EU, “Artificial intelligence: Council and Parliament agree to simplify and streamline rules,” press release, May 7, 2026 (updated May 18, 2026). consilium.europa.eu
  10. Addleshaw Goddard, “EU AI Act: Draft Commission Guidelines on Classification of High-Risk AI Systems,” May 2026. addleshawgoddard.com
  11. EU AI Act, Article 6 (Classification Rules for High-Risk AI Systems) and Annex III, official consolidated text. artificialintelligenceact.eu
Issue Credits
Author
Ashwin Telang
Managing Editor
Cynthia Chen
Editor-in-Chief
David Lovejoy
Published by Horizon Search Institute · EIN 42-1954110 · A Delaware nonprofit corporation · horizonsearch.org