Search for:
Artificial Intelligence

EU AI Act High-Risk AI Systems: EU Commission Publishes Draft Guidance

By: , , and

The European Commission has published draft guidance on the classification of “high-risk” AI systems under the EU AI Act, together with practical examples of systems that, in its view, would – and would not – fall within each of the categories. The draft guidance is open for stakeholder feedback until 23 June 2026, before the Commission adopts the final version. Although non-binding, once the draft guidance is finalized it is expected to be highly persuasive as an official statement of the Commission’s interpretation of the Act’s high-risk classification rules.

The publication comes just after the EU bodies provisionally agreed a delay to the implementation of the high-risk requirements. Most notably, compliance obligations for stand-alone high-risk AI systems (under Annex III) will now come into effect on 2 December 2027, rather than August 2026, and the rules for high-risk AI systems embedded in regulated products (under Annex I) will apply from 2 August 2028. See our blog post for more information.

The high-risk classification is important because it is the gateway to many of the AI Act’s most significant compliance obligations.

  • Providers of high-risk AI systems must comply with the Chapter III requirements, including on risk management, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy, robustness and cybersecurity.
  • Deployers have a more limited set of obligations, and must use the system in accordance with instructions, assigning appropriate human oversight, monitoring operation, keeping logs where under their control and, in workplace contexts, informing workers and worker representatives.

The Commission is expected to issue separate guidance in due course on the scope and interpretation of these substantive requirements.

The draft guidance does not contain any material new developments; rather, it offers example use cases to give practical context to the Act’s text and recitals regarding each high-risk category. In doing so, it helps shed further light on the boundaries of the regime and provides greater clarity on how the Commission expects the classification rules to be applied.

Our key takeaways from the guidance are set out below.

  1. Provider-led Classification: The AI System’s Intended Purpose

The provider of the AI system is responsible for assessing whether the AI system falls within a high-risk category, based on the purpose for which the provider intends the system to be used. Where a system has multiple intended purposes, the provider will need to consider whether any of those purposes fall within a high-risk category. If one does, the AI system must comply with the Act’s heightened obligations.

The Commission emphasises that the analysis should focus on the system’s intended purpose, not on whether a user could misuse it for a high-risk purpose outside the provider’s stated use case.

  • The intended purpose should be assessed by reference to the specific context and conditions of use set out in the system’s instructions, technical documentation, promotional and sales materials, and other accompanying information.
  • Where a system can be used for multiple purposes, broad positioning across contexts or functions may bring high-risk uses within its intended purpose if the materials do not clearly and consistently exclude them, particularly where those uses are feasible and reasonably foreseeable given the system’s capabilities.
  • A mere statement in the terms of service excluding high-risk uses is not enough if the provider’s overall presentation, examples, or product positioning effectively provides for or promotes those uses. Any limits on use should be clear, concrete, and consistent across all materials.

However, the provider-led nature of the classification assessment does not eliminate risk for deployers. If a deployer takes a system that the provider has not classified as high-risk and uses or modifies it in a way that changes its intended purpose to a high-risk use case, the deployer may be treated as “stepping up” into the role of the provider under Article 25 of the Act, and become subject to the corresponding provider obligations.

  1. High Risk Categories: Broad Categories, Narrowed Through the Filter

The draft guidance is particularly useful for the practical examples it provides across the high-risk AI systems listed in Annex I, which covers AI embedded in regulated products, and Annex III, which covers stand-alone high-risk AI systems. Although these examples are not exhaustive, they help clarify how the Commission expects the high-risk categories to operate in practice.

A key theme in the guidance is that the Commission appears to favour a broad initial reading of those categories. Rather than applying a narrow or strictly literal interpretation at the threshold stage, the guidance suggests that systems should be brought within scope where their use is capable of falling within a high-risk category.

Across the categories, the Commission draws a recurring distinction between administrative support and substantive influence. The relevant question is not simply whether the AI system is “assistive”, but whether its output affects the substance, priority, eligibility, ranking, or outcome of an individual assessment.

For standalone AI systems falling within Annex III, the Article 6(3) filter – by which an AI system that falls within a high-risk category is demonstrated to not actually present a high-risk in practice – becomes the main mechanism for excluding lower-risk systems. This may apply where the AI system does not involve profiling and:

  • only performs a narrow procedural task,
  • improves the result of a completed human activity,
  • detects decision-making patterns or deviations from prior decision-making patterns without replacing or influencing human review, or
  • performs a preparatory task.

In practice, this means that where there is ambiguity, the Commission may expect systems to be assessed as potentially in scope at the first stage, even if they arguably fall outside a narrow reading of the Act’s wording. The more substantive narrowing exercise is then likely to take place through the Article 6(3) filter, rather than through a restrictive interpretation of the high-risk categories themselves.

  1. Employment & Recruitment: Ranking, Scoring and Allocation Are Squarely in Scope

The employment examples are among the clearest signals in the draft guidance. The Commission treats AI systems used to source, score, rank, shortlist, assess, match, or advertise opportunities to candidates as high-risk where they materially influence recruitment or selection outcomes. This includes tools that match CVs to job descriptions, generate “top candidate” lists, score interview answers, source candidates across online platforms, conduct background checks, or target job advertisements based on user characteristics.

By contrast, the examples suggest that more administrative HR tools may fall outside scope, or may qualify for the Article 6(3) filter, where they do not materially influence employment-related decisions. This may include tools used for interview scheduling, credential verification, CV parsing into a searchable database, employer-brand advertising, or candidate-side support, such as tools that help individuals tailor a CV or identify open roles.

The guidelines use an AI-enabled job description workflow as an example of a use case that can cut either way depending on whether the tool performs more than a narrow procedural task. The “low-risk” version of an AI system used to generate a job description is a workflow where the AI creates a job description based off a list of necessary qualifications and skills previously defined by a human recruiter. The high-risk version of the use case is one where the AI system itself generates the necessary qualifications and skilled based on only a high-level description of the job position or where it executes an additional function of evaluating candidate’s CV’s against the job description it created to make recommendations.

The key distinction is whether the system merely supports the recruitment or employment process, or whether it materially influences decisions relating to hiring, promotion, termination, pay, task allocation, or performance evaluation.

  1. Takeaways

As we have previously noted, for most private companies, only a limited number of high-risk AI system categories are likely to be relevant:

  • Recruitment and employment-related use cases;
  • Biometrics including certain (non-prohibited) emotion recognition use cases;
  • Credit assessments of individuals; and
  • Life and health insurance.

The draft guidance should help clarify the contours of these categories. Businesses should therefore use it as a practical basis for updating and refining their AI governance policies, intake processes, and risk-classification workflows, so that they more accurately reflect the intended scope of the Act.

The guidance also reinforces the benefit for businesses in using purpose-built AI tools for higher-risk use cases, rather than adapting general-purpose tools, or developing their own ones, for sensitive contexts. Where a tool is clearly designed, marketed, or supplied for a high-risk purpose it will be harder for the provider to argue that the system was not intended for that use. This is important because most compliance obligations for high-risk AI systems fall on the provider; businesses that use the tool only as deployers, and within the provider’s stated purpose and instructions, should therefore be better insulated from provider-level compliance burdens.

The greatest uncertainty remains the scope and interpretation of the substantive high-risk requirements themselves. The Commission is expected to issue separate guidance on those obligations. In the meantime, the delayed implementation timetable gives businesses more time to prepare – but the direction of travel is now clearer.

****

To subscribe to the Data Blog, please click here.

The cover art used in this blog post was generated by ChatGPT.

The Debevoise STAAR (Suite of Tools for Assessing AI Risk) is a monthly subscription service that provides Debevoise clients with an online suite of tools to help them responsibly fast-track their AI adoption. Please contact us at STAARinfo@debevoise.com for more information.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Robert Maddox is a partner in Debevoise & Plimpton LLP’s Data Strategy & Security practice, based in London. In 2021 he was named to Global Data Review’s “40 Under 40” and is described as “a rising star” in cyber law by The Legal 500 US (2022). His practice focuses on cybersecurity incident preparation and response, internal investigations and regulatory defence. Mr. Maddox also advises on data strategy and compliance in the context of emerging technologies, including AI, and operational resilience matters. He can be reached at rmaddox@debevoise.com.

Author

Martha Hirst is an associate in Debevoise's Litigation Department based in the London office. She is a member of the firm’s White Collar & Regulatory Defense Group, and the Data Strategy & Security practice. She can be reached at mhirst@debevoise.com.

Author

Diane C. Bernabei is an associate in the Litigation Department. She can be reached at dcbernabei@debevoise.com.

Related Posts