The European Commission has published draft guidelines (Draft Guidelines) to clarify the classification of high-risk AI systems under the European Union's Artificial Intelligence Act (EU AI Act). This classification is crucial, as it determines whether an AI system will be subject to the EU AI Act’s most burdensome obligations. The Draft Guidelines provide general principles which inform if an AI system is high-risk, as well as a non-exhaustive list of examples of high-risk AI systems across various sectors. Organizations can provide feedback on the Draft Guidelines via this survey until June 23, 2026.
Background
Under the EU AI Act, certain AI systems are classified as "high-risk," based on the potential harm they pose to health, safety, and fundamental rights. This is the case where:
- the AI system is intended to be used as a safety component of a product subject to regulation listed in Annex I of the EU AI Act (e.g., cars, toys, aviation), or that is itself a regulated product; or
- the intended purpose of the AI system falls into one of the use cases listed in Annex III of the EU AI Act, which include, for example, certain use cases in biometrics, HR, recruitment, education, credit and insurance, critical infrastructure, and emergency services.
Where an AI system is classified as “high-risk,” the provider of such AI system will be subject to significant obligations under the EU AI Act, including: implementing risk and quality management systems; strict data governance for training datasets; developing a post-market monitoring system; providing instructions to deployers; registering with a public EU database; and maintaining detailed technical documentation. Determining whether an AI system qualifies as high-risk is therefore critical for assessing a provider’s obligations under the EU AI Act.
For information about the scope and requirements in the EU AI Act, please see our FAQ on 10 Things You Should Know About the EU AI Act.
Main Takeaways from the Draft Guidelines
The Draft Guidelines provide over 130 pages of examples of AI systems that are in or out of scope of the high-risk regime. The examples indicate that the European Commission intends to apply the high-risk regime broadly. We highlight below key elements of the Draft Guidelines:
- Description of intended purpose is key. The intended purpose of an AI system is fundamental in assessing whether it qualifies as high-risk. The Draft Guidelines clarify that, if an AI system is not clearly limited to exclude high-risk uses (e.g., a general-purpose AI system)—its intended purpose may be deemed to include those high-risk uses. Providers cannot escape a high-risk qualification through broad disclaimers or generic contractual exclusions. Providers should therefore carefully draft their promotional materials, contractual terms, and instructions for use, and avoid language promoting high-risk uses (unless they intend to place their product or service on the EU market as a high-risk AI system). The Draft Guidelines also clarify that reasonably foreseeable misuse does not, in itself, form part of an AI system’s intended purpose.
- Combined systems are treated as one. The Draft Guidelines clarify that, where several AI systems form part of a more complex AI system where each system's output influences decisions (e.g., AI agents providing data to a decision-making system), the combined configuration is treated as a single AI system for the purpose of the high-risk classification.
- Confirmation of new timeline. The Draft Guidelines confirm the new timeline for the high-risk regime that EU legislators recently agreed on:
- For high-risk AI systems subject to product regulation listed Annex I, the deadline is postponed to August 2028.
- For high-risk AI systems intended for use cases listed in Annex III, the deadline is postponed to December 2027.
- Human involvement does not automatically exclude high-risk classification. A high-risk classification is not limited to AI systems taking decisions. For instance, an AI system intended for recruitment can be high-risk, even if it merely supports a human recruiter’s decision-making. However, human involvement can indicate that one of the exemptions of Art. 6(3) EU AI Act applies (see next bullet point).
- Exemptions if AI systems do not materially influence the outcome of decision-making. Under the EU AI Act, AI systems intended for a high-risk use case will benefit from an exemption if one of four conditions applies to the system: i) performing a narrow procedural task; ii) improving the result of a completed human activity; iii) detecting human decision-making patterns or deviations; or iv) performing a preparatory task. This applies, for example, to an AI system that organizes information in CVs to facilitate recruiter searches, or to an AI system that identifies errors in finalized human work without replacing human judgement.
- Usage context matters. Whether an AI system is to be considered high-risk depends on the context in which it is deployed. For example, an AI system which grades and evaluates students’ progress in a university falls under the scope of the high-risk use case, but if such a system is used in an informal learning environment which does not lead to accreditation (e.g., a language learning app), it does not qualify as a high-risk AI system.
- Impact matters. AI systems used for decision-making with a serious impact on human life, in particular for vulnerable individuals, will be considered high-risk. This is the case, for instance, where an AI system decides if an individual is recruited for a job, accepted to a school, or qualifies for credit. As another example, a system predicting the risk of an individual being the victim of a crime is high-risk, whereas a system predicting if there will be crime in a certain location is not high-risk.
To consult the full list of examples of high-risk AI systems, please see here. The examples can also be searched through via this search index.
Next Steps
The Draft Guidelines are subject to public consultation and may still evolve before being finalized. Nevertheless, organizations can use the Draft Guidelines to start assessing how likely it is that their AI-based products and services will be in scope of the EU AI Act’s high-risk regime. Organizations should also carefully consider how to describe the intended purpose of their AI systems in technical documentation, instructions for use, and commercial materials.
For more information or if you have any questions regarding the EU AI Act, please contact Laura De Boel, Cédric Burton, Yann Padova, or Nikolaos Theodorakis from Wilson Sonsini’s Data, Privacy, and Cybersecurity practice.
Wilson Sonsini’s AI Working Group assists clients with AI-related matters. Please contact Laura De Boel, Maneesha Mithal, Manja Sachet, or Scott McKinney for more information.
Rossana Fol, Olga Kosno, Hugh Ó Laoide Kelly, and Pierre Charki contributed to the preparation of this alert.
