[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFKnZNwP6hccW_3l1Ac-KnNkbmigiuTdWnm9tUvzmcF4":3,"white_papers":59},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":8,"wordCount":9,"readTime":10,"title":11,"nbDownloads":12,"excerpt":13,"lang":14,"url":15,"intro":16,"featured":4,"state":17,"author":18,"authorId":19,"datePublication":23,"dateCreation":24,"dateUpdate":25,"mainCategory":26,"categories":42,"metaDatas":48,"imageUrl":49,"imageThumbUrls":50,"id":58},false,"> *Note: This analysis is based on the Commission's draft guidelines on the classification of high-risk AI systems, published for consultation. **These guidelines are not yet final**. What follows is **a first read.** We will **update** this piece with a fuller analysis, including any material changes from the draft and their practical implications for providers and deployers.*\n\nThe European Commission has released a series of draft guidelines to clarify the **classification of high-risk AI systems** under **Article 6 of the AI Act**. These guidelines are essential for providers, deployers, and market surveillance authorities to ensure the uniform application of the law, which aims to promote AI innovation while protecting health, safety, and fundamental rights.\n\nThe Commission acknowledges that these guidelines are **draft documents** published for stakeholder feedback and are not yet binding. To keep the list of high-risk use cases relevant, the AI Act includes a monitoring mechanism to review and update Annex III annually as technology evolves. Adhering to these principles now is a critical step for organizations to build **trustworthy and compliant AI** within the European market.\n\nIt is important to note that this is still a **draft**. The Commission has published it specifically to submit it for **stakeholder consultation** to gather input before adopting a finalised version.\n\n{% button href=\"https://digital-strategy.ec.europa.eu/en/consultations/targeted-consultation-draft-guidelines-classification-high-risk-artificial-intelligence-systems\" text=\"Click here for more information on the targeted consultation\" target=\"\\_blank\" role=\"button\" class=\"btn btn-primary\" %}\n\n## 1. What do the guidelines include? \n\nThree interconnected draft guidelines issued by the European Commission providing practical guidance on how to classify AI systems as **high-risk** under Article 6 of Regulation (EU) 2024/1689. The three drafts cover:\n\n- [**General Principles**](https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems): the classification logic, intended purpose rules, and entry into application\n- [**Annex I (Art. 6(1))**](https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems): AI systems in safety-critical regulated products\n- [**Annex III (Art. 6(2))**: ](https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems)AI systems in eight sensitive societal areas \n\n### Why high-risk classification matters\n\nThe entire logic of the AI Act is built upon a **risk-based approach**. Being categorised as a **\"high-risk AI system\"** under Article 6 triggers strict and significant obligations for both **providers and deployers**, ensuring these systems are trustworthy, safe, and respect fundamental rights. Until now, the boundary between risk levels could appear blurred. \\\n\\\nThese guidelines provide the **concrete method and criteria** to determine whether your AI system falls into this regulated category or if it qualifies for an exemption. The document includes interpretation of key concepts, practical examples across all Annex III areas (such as biometrics, employment, and education), and detailed explanations of the **\"filter mechanism\"** under Article 6(3) which allows certain systems to be exempted from the high-risk classification.\\\n\\\nA high-risk classification triggers a **full compliance framework** under Chapter III of the AI Act, including mandatory risk management, data governance, technical documentation, human oversight, accuracy/robustness requirements, transparency obligations, and conformity assessments. \n\n> Classification is **not a prohibition**, it just means the system is subject to heightened obligations to ensure it is safe and rights-respecting.\n\n---\n\n## 2. Key AI Act dates under AI Omnibus \n\n| Date | Event | What it means |\n| --- | --- | --- |\n| **2 August 2026** (→ postponed to **2 December 2027** under AI Omnibus) | Art. 6(2) + Annex III rules apply | High-risk for stand-alone use cases (biometrics, employment, etc.) |\n| **2 August 2027** (→ postponed to **2 August 2028** under AI Omnibus) | Art. 6(1) + Annex I rules apply | High-risk for safety-critical product AI |\n| 2 August 2030 | Hard deadline for public-authority deployers | All high-risk AI systems used by public authorities must comply |\n| 31 December 2030 | Large-scale IT systems (Annex X) | Legacy systems in EU large-scale IT programmes must comply |\n\n---\n\n## 3. Who Is subject to high-risk rules?\n\n### Providers\n\nAny natural or legal person placing a high-risk AI system on the EU market or putting it into service under their own name or trademark. \\\n\\\n**Core obligations:** risk management, data governance, technical documentation, accuracy/robustness/cybersecurity, human oversight design, registration in EU database, conformity assessment, CE marking (for Annex I systems).\n\n### Deployers\n\nAny person using a high-risk AI system under their authority in a professional context. \\\n\\\n**Core obligations:** implement provider instructions, ensure human oversight, monitor performance, not use the system in ways beyond its intended purpose, log-keeping.\n\n### Becoming a provider (Art. 25(1))\n\nWhile the original provider is typically responsible for self-assessment, the draft warns that **distributors, importers, or deployers** can inherit all \"provider\" obligations.\n\nThree circumstances convert a distributor, importer, or deployer into a **provider** with full provider obligations:\n\n1. Putting their **own name or trademark** on a high-risk system already on the market\n2. Making a **substantial modification** to a high-risk system\n3. **Changing the intended purpose** of a non-high-risk system in a way that makes it high-risk\n\n> **For General Purpose AI System (GPAI) integrators:** If you build a downstream application on a GPAI model and your intended purpose includes a high-risk use case, you may become the provider of a high-risk system even if the underlying GPAI model provider is not.\n\n---\n\n## **4. The two scenarios for high-risk classification**\n\nUnder the AI Act, an AI system is deemed \"high-risk\" if it falls into one of two specific legal scenarios defined in **Article 6**:\n\n1. **Safety Components and Regulated Products (Article 6(1)):** This applies if the AI system is a product itself or a safety component of a product covered by the EU harmonisation legislation listed in **Annex I** (e.g., machinery, toys, or medical devices) **and** is required to undergo a third-party conformity assessment.\n2. **Specific Use Cases (Article 6(2)):** This applies if the AI system falls under the high-risk areas listed in **Annex III** of the AI Act.\n\n> To make these rules more accessible, the Commission has released the guidelines in separate, user-friendly chapters focusing on **General Principles**, **Annex I**, and **Annex III**.\n\n## **5. Key elements of the high-risk assessment**\n\nBefore a system can be subjected to the rigorous requirements for high-risk AI, it must meet several threshold criteria:\n\n- **It must be an \"AI System\":** Only systems meeting the definition in Article 3(1), meaning machine-based systems designed for autonomy and inference that influence environments, are covered.\n\n  {% button href=\"https://www.dastra.eu/en/blog/what-is-an-ai-system/59991\" text=\"What is an AI System? \" target=\"\\_blank\" role=\"button\" class=\"btn btn-primary\" %}\n- **The power of \"Intended Purpose\":** Classification depends heavily on how the **provider** defines the system's use in instructions, sales materials, and technical documentation. Merely stating in terms of service that \"high-risk use is prohibited\" is insufficient if the system's actual capabilities and marketing suggest otherwise.\n\n> **Preventing circumvention:** Providers cannot avoid a high-risk classification by simply stating in terms of service that \"high-risk use is prohibited\" if their overall marketing or the system's actual capabilities effectively promote such use.\n>\n> Tip: don't rely on a single disclaimer to stay out of the high-risk category. Regulators will look at your technical documentation, marketing copy, instructions, and T&Cs together. If the overall picture points to high-risk use, the disclaimer won't save you.\n\n- **Defining \"safety components\":** An AI system is a safety component if it fulfills a **safety function** (e.g., detecting human presence in a robot's path to trigger a stop) or if its failure endangers the health and safety of persons or property.\n\n## 6. Assessing complex & agentic AI systems\n\nThe Commission clarifies that where multiple AI components jointly influence an individual decision in an Annex III use case, the **combined configuration must be assessed as a single AI system**. \n\nThis is particularly relevant for multi-component and \"agentic\" AI systems that coordinate linked actions to serve a high-risk purpose. Providers cannot avoid high-risk classification by splitting a workflow into separate modules if the overall system materially influences a relevant decision.\n\n---\n\n## 7. The \"Filter Mechanism\" of Article 6(3)\n\nArticle 6(3) provides a \"filter mechanism\" to exempt systems that do not pose significant risks, but the Commission interprets this **exception narrowly**.\n\nThis allows a system to be exempted from high-risk classification if it does not pose a significant risk of harm, such as when it:\n\n- Performs a **narrow procedural task** (e.g., indexing, formatting, deduplication)\n- Improves the result of a **previously completed human activity**.\n- Performs a **preparatory task** for an assessment (e.g., factual verification or scheduling)\n- **Exception to the Filter:** Any system that performs **profiling** of natural persons can **never** benefit from this filter and is always high-risk.\n\nThe decisive threshold is whether the system **materially influences the substance or outcome of a decision.**\n\n> **Critical rule:** The filter mechanism is **never available** where the AI system performs **profiling** (automated processing of personal data to evaluate personal aspects of natural persons as defined in Art. 4(4) GDPR). Profiling systems in Annex III areas are **always** high-risk.\n>\n> Meaning that any system that performs **profiling of natural persons** can never benefit from this filter and will always be classified as high-risk.\n\n## 8. The eight Annex III high-risk areas\n\n| Area | Why high risk | Who it applies to | Example |\n| --- | --- | --- | --- |\n| **1. Biometrics** | Processes sensitive biometric data; risks discrimination, unlawful surveillance, or misidentification with serious consequences for individual rights and freedoms. | Providers of remote biometric identification systems, and AI used for biometric categorisation or emotion recognition in workplaces or educational settings. | A facial recognition system used by an employer to control building access must be registered and undergo conformity assessment. |\n| **2. Critical infrastructure** | Failures can disrupt essential services (energy, water, transport, finance) at scale, posing systemic risk to entire populations. | Providers and operators deploying AI as a safety component in critical digital infrastructure or managing road traffic, water, gas, heating, or electricity supply. | An AI system managing load balancing for a national electricity grid (a malfunction could cause widespread outages affecting millions). |\n| **3. Education & vocational training** | Shapes access to education and life trajectories; biased or erroneous outputs can unlawfully restrict learning opportunities and career paths. | Providers of AI used to determine access to educational institutions, assess learning outcomes, or monitor students during exams. | An automated scoring system ranking university applicants based on admissions essays (errors could unjustly exclude qualified candidates). |\n| **4. Employment & worker management** | Directly affects livelihoods; algorithmic hiring and monitoring tools can embed discrimination and remove meaningful human oversight over consequential decisions. | Providers of AI used for recruitment, CV filtering, performance evaluation, task allocation, or monitoring employee behaviour. | An HR tool shortlisting CVs for job interviews: if trained on historically biased data, it may systematically exclude protected groups. |\n| **5. Essential services & public benefits** | Decisions on credit, insurance, and social benefits have fundamental welfare impact; errors can deny access to vital resources. | Providers of AI evaluating eligibility for credit, insurance, public social benefits, emergency dispatch prioritisation, or life/health insurance risk assessment. | A bank's AI credit scoring model automatically approving or rejecting personal loan applications (a flawed model could deny credit on the basis of proxy variables). |\n| **6. Law enforcement** | State coercive power backed by AI poses acute risks to liberty, presumption of innocence, and non-discrimination, particularly where outputs inform arrests or investigations. | Providers of AI used by law enforcement to assess recidivism risk, predict crime, detect emotions during questioning, or evaluate the reliability of evidence. | A predictive policing tool assigning risk scores to individuals to recommend patrol deployment (errors risk discriminatory targeting of communities). |\n| **7. Migration, asylum & border control** | Decisions affect fundamental rights (asylum, non-refoulement, family unity) for vulnerable people with limited recourse; errors can cause irreversible harm. | Providers of AI used by migration or border authorities to assess irregular migration risk, verify documents, process visa or asylum applications, or monitor borders. | An AI tool assessing the credibility of an asylum seeker's account to recommend approval or rejection (a false negative could result in return to persecution). |\n| **8.Administration of justice & democracy** | AI influence over judicial decisions or democratic processes threatens the rule of law, fair trial rights, and free elections. | Providers of AI assisting courts, arbitration bodies, or electoral authorities — including tools that research case law, recommend sentences, or support electoral administration. | A legal research tool used by judges to summarise case law and suggest sentencing principles (biased outputs risk systematically skewing judicial outcomes). |\n\n## 9. Focus on employment & worker management\n\n#### **Broad interpretation of recruitment and selection**\n\nThe section on Area 4 of Annex III (Employment) establishes a **broad interpretation of recruitment**, covering the entire process of preparing a new work-related relationship.\n\n- **In-scope systems:** this includes AI used for **targeted job advertisements**, candidate sourcing across platforms, CV screening, ranking and scoring, background checks, and determining access to self-employment.\n- **Platform workers:** Systems that rank freelancers or platform workers fall into the high-risk category because they shape access to future assignments and livelihoods.\n- **Candidate-side exclusions:** Conversely, tools intended to be **initiated and controlled by the candidate** (e.g., AI that helps an individual improve their own CV or identify suitable vacancies) are generally outside the high-risk recruitment use case.\n\n#### **Functional reading of workplace management**\n\nFor management of existing work relationships (Annex III, 4(b)), the guidelines follow a **functional reading** focused on the impact on the worker.\n\n- **High-risk decisions:** AI systems are captured if they are used to make decisions affecting **terms of work, promotion, termination, task allocation, or performance evaluation**. This applies even when a human manager formally takes the final decision but **significantly relies on the AI output**.\n- **Operational threshold:** Not every day-to-day managerial adjustment is captured. Minor organisational arrangements that **do not materially affect workers’ rights**, obligations, or career prospects (such as allocating a specific desk or a lunch break time within an assigned shift) are not automatically treated as high-risk.\n\n---\n\n## 10. Consequences of high-risk classification\n\n### For providers\n\nIf an AI system is classified as high-risk, **providers** must comply with all of the following (Chapter III, Section 2 AI Act):\n\n| Obligation | Summary |\n| --- | --- |\n| **Risk management system (Art. 9)** | Continuous, iterative risk identification and mitigation throughout the lifecycle |\n| **Data governance (Art. 10)** | Training/validation/testing datasets must meet quality criteria; bias identification and mitigation |\n| **Technical documentation (Art. 11)** | Comprehensive documentation before market placement; kept up to date |\n| **Record-keeping / logging (Art. 12)** | Automatic logging to enable post-hoc auditability |\n| **Transparency to deployers (Art. 13)** | Instructions for use covering capabilities, limitations, human oversight requirements |\n| **Human oversight (Art. 14)** | System designed to allow meaningful human intervention, monitoring, override, and shutdown |\n| **Accuracy, robustness, cybersecurity (Art. 15)** | Stated performance levels; resilience to errors, faults, inconsistencies, adversarial attack |\n| **Conformity assessment (Art. 43)** | Either internal (provider self-assessment) or third-party, depending on type; before market placement |\n| **EU database registration (Art. 71)** | Registration required before placement on market (for most systems) |\n| **CE marking (Art. 48)** | Required for systems covered by Annex I |\n| **Post-market monitoring (Art. 72)** | Continuous monitoring after deployment |\n\n### For deployers\n\n**Deployers** must:\n\n- Use the system only within its intended purpose and instructions\n- Implement human oversight measures as specified by the provider\n- Ensure relevant staff are trained\n- Monitor performance and report serious incidents\n- Not process biometric data beyond what the provider permits\n\n---\n\n *We will **update** this piece with a fuller analysis, including any material changes from the draft and their practical implications for providers and deployers.*","\u003Cblockquote>\n\u003Cp>\u003Cem>Note: This analysis is based on the Commission's draft guidelines on the classification of high-risk AI systems, published for consultation. \u003Cstrong>These guidelines are not yet final\u003C/strong>. What follows is \u003Cstrong>a first read.\u003C/strong> We will \u003Cstrong>update\u003C/strong> this piece with a fuller analysis, including any material changes from the draft and their practical implications for providers and deployers.\u003C/em>\u003C/p>\n\u003C/blockquote>\n\u003Cp>The European Commission has released a series of draft guidelines to clarify the \u003Cstrong>classification of high-risk AI systems\u003C/strong> under \u003Cstrong>Article 6 of the AI Act\u003C/strong>. These guidelines are essential for providers, deployers, and market surveillance authorities to ensure the uniform application of the law, which aims to promote AI innovation while protecting health, safety, and fundamental rights.\u003C/p>\n\u003Cp>The Commission acknowledges that these guidelines are \u003Cstrong>draft documents\u003C/strong> published for stakeholder feedback and are not yet binding. To keep the list of high-risk use cases relevant, the AI Act includes a monitoring mechanism to review and update Annex III annually as technology evolves. Adhering to these principles now is a critical step for organizations to build \u003Cstrong>trustworthy and compliant AI\u003C/strong> within the European market.\u003C/p>\n\u003Cp>It is important to note that this is still a \u003Cstrong>draft\u003C/strong>. The Commission has published it specifically to submit it for \u003Cstrong>stakeholder consultation\u003C/strong> to gather input before adopting a finalised version.\u003C/p>\n\u003Cdiv class=\"content-btn-container\">\u003Ca href=\"https://digital-strategy.ec.europa.eu/en/consultations/targeted-consultation-draft-guidelines-classification-high-risk-artificial-intelligence-systems\" target=\"_blank\" role=\"button\" class=\"btn btn-primary\" rel=\"nofollow\">Click here for more information on the targeted consultation\u003C/a>\u003C/div>\n\u003Ch2 id=\"what-do-the-guidelines-include\">1. What do the guidelines include?\u003C/h2>\n\u003Cp>Three interconnected draft guidelines issued by the European Commission providing practical guidance on how to classify AI systems as \u003Cstrong>high-risk\u003C/strong> under Article 6 of Regulation (EU) 2024/1689. The three drafts cover:\u003C/p>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems\" rel=\"nofollow\">\u003Cstrong>General Principles\u003C/strong>\u003C/a>: the classification logic, intended purpose rules, and entry into application\u003C/li>\n\u003Cli>\u003Ca href=\"https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems\" rel=\"nofollow\">\u003Cstrong>Annex I (Art. 6(1))\u003C/strong>\u003C/a>: AI systems in safety-critical regulated products\u003C/li>\n\u003Cli>\u003Ca href=\"https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems\" rel=\"nofollow\">\u003Cstrong>Annex III (Art. 6(2))\u003C/strong>: \u003C/a>AI systems in eight sensitive societal areas\u003C/li>\n\u003C/ul>\n\u003Ch3 id=\"why-high-risk-classification-matters\">Why high-risk classification matters\u003C/h3>\n\u003Cp>The entire logic of the AI Act is built upon a \u003Cstrong>risk-based approach\u003C/strong>. Being categorised as a \u003Cstrong>\"high-risk AI system\"\u003C/strong> under Article 6 triggers strict and significant obligations for both \u003Cstrong>providers and deployers\u003C/strong>, ensuring these systems are trustworthy, safe, and respect fundamental rights. Until now, the boundary between risk levels could appear blurred. \u003Cbr />\n\u003Cbr />\nThese guidelines provide the \u003Cstrong>concrete method and criteria\u003C/strong> to determine whether your AI system falls into this regulated category or if it qualifies for an exemption. The document includes interpretation of key concepts, practical examples across all Annex III areas (such as biometrics, employment, and education), and detailed explanations of the \u003Cstrong>\"filter mechanism\"\u003C/strong> under Article 6(3) which allows certain systems to be exempted from the high-risk classification.\u003Cbr />\n\u003Cbr />\nA high-risk classification triggers a \u003Cstrong>full compliance framework\u003C/strong> under Chapter III of the AI Act, including mandatory risk management, data governance, technical documentation, human oversight, accuracy/robustness requirements, transparency obligations, and conformity assessments.\u003C/p>\n\u003Cblockquote>\n\u003Cp>Classification is \u003Cstrong>not a prohibition\u003C/strong>, it just means the system is subject to heightened obligations to ensure it is safe and rights-respecting.\u003C/p>\n\u003C/blockquote>\n\u003Chr />\n\u003Ch2 id=\"key-ai-act-dates-under-ai-omnibus\">2. Key AI Act dates under AI Omnibus\u003C/h2>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Date\u003C/th>\n\u003Cth>Event\u003C/th>\n\u003Cth>What it means\u003C/th>\n\u003C/tr>\n\u003C/thead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>2 August 2026\u003C/strong> (→ postponed to \u003Cstrong>2 December 2027\u003C/strong> under AI Omnibus)\u003C/td>\n\u003Ctd>Art. 6(2) + Annex III rules apply\u003C/td>\n\u003Ctd>High-risk for stand-alone use cases (biometrics, employment, etc.)\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>2 August 2027\u003C/strong> (→ postponed to \u003Cstrong>2 August 2028\u003C/strong> under AI Omnibus)\u003C/td>\n\u003Ctd>Art. 6(1) + Annex I rules apply\u003C/td>\n\u003Ctd>High-risk for safety-critical product AI\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>2 August 2030\u003C/td>\n\u003Ctd>Hard deadline for public-authority deployers\u003C/td>\n\u003Ctd>All high-risk AI systems used by public authorities must comply\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>31 December 2030\u003C/td>\n\u003Ctd>Large-scale IT systems (Annex X)\u003C/td>\n\u003Ctd>Legacy systems in EU large-scale IT programmes must comply\u003C/td>\n\u003C/tr>\n\u003C/tbody>\n\u003C/table>\n\u003Chr />\n\u003Ch2 id=\"who-is-subject-to-high-risk-rules\">3. Who Is subject to high-risk rules?\u003C/h2>\n\u003Ch3 id=\"providers\">Providers\u003C/h3>\n\u003Cp>Any natural or legal person placing a high-risk AI system on the EU market or putting it into service under their own name or trademark. \u003Cbr />\n\u003Cbr />\n\u003Cstrong>Core obligations:\u003C/strong> risk management, data governance, technical documentation, accuracy/robustness/cybersecurity, human oversight design, registration in EU database, conformity assessment, CE marking (for Annex I systems).\u003C/p>\n\u003Ch3 id=\"deployers\">Deployers\u003C/h3>\n\u003Cp>Any person using a high-risk AI system under their authority in a professional context. \u003Cbr />\n\u003Cbr />\n\u003Cstrong>Core obligations:\u003C/strong> implement provider instructions, ensure human oversight, monitor performance, not use the system in ways beyond its intended purpose, log-keeping.\u003C/p>\n\u003Ch3 id=\"becoming-a-provider-art.251\">Becoming a provider (Art. 25(1))\u003C/h3>\n\u003Cp>While the original provider is typically responsible for self-assessment, the draft warns that \u003Cstrong>distributors, importers, or deployers\u003C/strong> can inherit all \"provider\" obligations.\u003C/p>\n\u003Cp>Three circumstances convert a distributor, importer, or deployer into a \u003Cstrong>provider\u003C/strong> with full provider obligations:\u003C/p>\n\u003Col>\n\u003Cli>Putting their \u003Cstrong>own name or trademark\u003C/strong> on a high-risk system already on the market\u003C/li>\n\u003Cli>Making a \u003Cstrong>substantial modification\u003C/strong> to a high-risk system\u003C/li>\n\u003Cli>\u003Cstrong>Changing the intended purpose\u003C/strong> of a non-high-risk system in a way that makes it high-risk\u003C/li>\n\u003C/ol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>For General Purpose AI System (GPAI) integrators:\u003C/strong> If you build a downstream application on a GPAI model and your intended purpose includes a high-risk use case, you may become the provider of a high-risk system even if the underlying GPAI model provider is not.\u003C/p>\n\u003C/blockquote>\n\u003Chr />\n\u003Ch2 id=\"the-two-scenarios-for-high-risk-classification\">\u003Cstrong>4. The two scenarios for high-risk classification\u003C/strong>\u003C/h2>\n\u003Cp>Under the AI Act, an AI system is deemed \"high-risk\" if it falls into one of two specific legal scenarios defined in \u003Cstrong>Article 6\u003C/strong>:\u003C/p>\n\u003Col>\n\u003Cli>\u003Cstrong>Safety Components and Regulated Products (Article 6(1)):\u003C/strong> This applies if the AI system is a product itself or a safety component of a product covered by the EU harmonisation legislation listed in \u003Cstrong>Annex I\u003C/strong> (e.g., machinery, toys, or medical devices) \u003Cstrong>and\u003C/strong> is required to undergo a third-party conformity assessment.\u003C/li>\n\u003Cli>\u003Cstrong>Specific Use Cases (Article 6(2)):\u003C/strong> This applies if the AI system falls under the high-risk areas listed in \u003Cstrong>Annex III\u003C/strong> of the AI Act.\u003C/li>\n\u003C/ol>\n\u003Cblockquote>\n\u003Cp>To make these rules more accessible, the Commission has released the guidelines in separate, user-friendly chapters focusing on \u003Cstrong>General Principles\u003C/strong>, \u003Cstrong>Annex I\u003C/strong>, and \u003Cstrong>Annex III\u003C/strong>.\u003C/p>\n\u003C/blockquote>\n\u003Ch2 id=\"key-elements-of-the-high-risk-assessment\">\u003Cstrong>5. Key elements of the high-risk assessment\u003C/strong>\u003C/h2>\n\u003Cp>Before a system can be subjected to the rigorous requirements for high-risk AI, it must meet several threshold criteria:\u003C/p>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>It must be an \"AI System\":\u003C/strong> Only systems meeting the definition in Article 3(1), meaning machine-based systems designed for autonomy and inference that influence environments, are covered.\u003C/p>\n\u003Cdiv class=\"content-btn-container\">\u003Ca href=\"https://www.dastra.eu/en/blog/what-is-an-ai-system/59991\" target=\"_blank\" role=\"button\" class=\"btn btn-primary\">What is an AI System? \u003C/a>\u003C/div>\n\u003C/li>\n\u003Cli>\u003Cp>\u003Cstrong>The power of \"Intended Purpose\":\u003C/strong> Classification depends heavily on how the \u003Cstrong>provider\u003C/strong> defines the system's use in instructions, sales materials, and technical documentation. Merely stating in terms of service that \"high-risk use is prohibited\" is insufficient if the system's actual capabilities and marketing suggest otherwise.\u003C/p>\n\u003C/li>\n\u003C/ul>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Preventing circumvention:\u003C/strong> Providers cannot avoid a high-risk classification by simply stating in terms of service that \"high-risk use is prohibited\" if their overall marketing or the system's actual capabilities effectively promote such use.\u003C/p>\n\u003Cp>Tip: don't rely on a single disclaimer to stay out of the high-risk category. Regulators will look at your technical documentation, marketing copy, instructions, and T&amp;Cs together. If the overall picture points to high-risk use, the disclaimer won't save you.\u003C/p>\n\u003C/blockquote>\n\u003Cul>\n\u003Cli>\u003Cstrong>Defining \"safety components\":\u003C/strong> An AI system is a safety component if it fulfills a \u003Cstrong>safety function\u003C/strong> (e.g., detecting human presence in a robot's path to trigger a stop) or if its failure endangers the health and safety of persons or property.\u003C/li>\n\u003C/ul>\n\u003Ch2 id=\"assessing-complex-agentic-ai-systems\">6. Assessing complex &amp; agentic AI systems\u003C/h2>\n\u003Cp>The Commission clarifies that where multiple AI components jointly influence an individual decision in an Annex III use case, the \u003Cstrong>combined configuration must be assessed as a single AI system\u003C/strong>.\u003C/p>\n\u003Cp>This is particularly relevant for multi-component and \"agentic\" AI systems that coordinate linked actions to serve a high-risk purpose. Providers cannot avoid high-risk classification by splitting a workflow into separate modules if the overall system materially influences a relevant decision.\u003C/p>\n\u003Chr />\n\u003Ch2 id=\"the-filter-mechanism-of-article-63\">7. The \"Filter Mechanism\" of Article 6(3)\u003C/h2>\n\u003Cp>Article 6(3) provides a \"filter mechanism\" to exempt systems that do not pose significant risks, but the Commission interprets this \u003Cstrong>exception narrowly\u003C/strong>.\u003C/p>\n\u003Cp>This allows a system to be exempted from high-risk classification if it does not pose a significant risk of harm, such as when it:\u003C/p>\n\u003Cul>\n\u003Cli>Performs a \u003Cstrong>narrow procedural task\u003C/strong> (e.g., indexing, formatting, deduplication)\u003C/li>\n\u003Cli>Improves the result of a \u003Cstrong>previously completed human activity\u003C/strong>.\u003C/li>\n\u003Cli>Performs a \u003Cstrong>preparatory task\u003C/strong> for an assessment (e.g., factual verification or scheduling)\u003C/li>\n\u003Cli>\u003Cstrong>Exception to the Filter:\u003C/strong> Any system that performs \u003Cstrong>profiling\u003C/strong> of natural persons can \u003Cstrong>never\u003C/strong> benefit from this filter and is always high-risk.\u003C/li>\n\u003C/ul>\n\u003Cp>The decisive threshold is whether the system \u003Cstrong>materially influences the substance or outcome of a decision.\u003C/strong>\u003C/p>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Critical rule:\u003C/strong> The filter mechanism is \u003Cstrong>never available\u003C/strong> where the AI system performs \u003Cstrong>profiling\u003C/strong> (automated processing of personal data to evaluate personal aspects of natural persons as defined in Art. 4(4) GDPR). Profiling systems in Annex III areas are \u003Cstrong>always\u003C/strong> high-risk.\u003C/p>\n\u003Cp>Meaning that any system that performs \u003Cstrong>profiling of natural persons\u003C/strong> can never benefit from this filter and will always be classified as high-risk.\u003C/p>\n\u003C/blockquote>\n\u003Ch2 id=\"the-eight-annex-iii-high-risk-areas\">8. The eight Annex III high-risk areas\u003C/h2>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Area\u003C/th>\n\u003Cth>Why high risk\u003C/th>\n\u003Cth>Who it applies to\u003C/th>\n\u003Cth>Example\u003C/th>\n\u003C/tr>\n\u003C/thead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>1. Biometrics\u003C/strong>\u003C/td>\n\u003Ctd>Processes sensitive biometric data; risks discrimination, unlawful surveillance, or misidentification with serious consequences for individual rights and freedoms.\u003C/td>\n\u003Ctd>Providers of remote biometric identification systems, and AI used for biometric categorisation or emotion recognition in workplaces or educational settings.\u003C/td>\n\u003Ctd>A facial recognition system used by an employer to control building access must be registered and undergo conformity assessment.\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>2. Critical infrastructure\u003C/strong>\u003C/td>\n\u003Ctd>Failures can disrupt essential services (energy, water, transport, finance) at scale, posing systemic risk to entire populations.\u003C/td>\n\u003Ctd>Providers and operators deploying AI as a safety component in critical digital infrastructure or managing road traffic, water, gas, heating, or electricity supply.\u003C/td>\n\u003Ctd>An AI system managing load balancing for a national electricity grid (a malfunction could cause widespread outages affecting millions).\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>3. Education &amp; vocational training\u003C/strong>\u003C/td>\n\u003Ctd>Shapes access to education and life trajectories; biased or erroneous outputs can unlawfully restrict learning opportunities and career paths.\u003C/td>\n\u003Ctd>Providers of AI used to determine access to educational institutions, assess learning outcomes, or monitor students during exams.\u003C/td>\n\u003Ctd>An automated scoring system ranking university applicants based on admissions essays (errors could unjustly exclude qualified candidates).\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>4. Employment &amp; worker management\u003C/strong>\u003C/td>\n\u003Ctd>Directly affects livelihoods; algorithmic hiring and monitoring tools can embed discrimination and remove meaningful human oversight over consequential decisions.\u003C/td>\n\u003Ctd>Providers of AI used for recruitment, CV filtering, performance evaluation, task allocation, or monitoring employee behaviour.\u003C/td>\n\u003Ctd>An HR tool shortlisting CVs for job interviews: if trained on historically biased data, it may systematically exclude protected groups.\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>5. Essential services &amp; public benefits\u003C/strong>\u003C/td>\n\u003Ctd>Decisions on credit, insurance, and social benefits have fundamental welfare impact; errors can deny access to vital resources.\u003C/td>\n\u003Ctd>Providers of AI evaluating eligibility for credit, insurance, public social benefits, emergency dispatch prioritisation, or life/health insurance risk assessment.\u003C/td>\n\u003Ctd>A bank's AI credit scoring model automatically approving or rejecting personal loan applications (a flawed model could deny credit on the basis of proxy variables).\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>6. Law enforcement\u003C/strong>\u003C/td>\n\u003Ctd>State coercive power backed by AI poses acute risks to liberty, presumption of innocence, and non-discrimination, particularly where outputs inform arrests or investigations.\u003C/td>\n\u003Ctd>Providers of AI used by law enforcement to assess recidivism risk, predict crime, detect emotions during questioning, or evaluate the reliability of evidence.\u003C/td>\n\u003Ctd>A predictive policing tool assigning risk scores to individuals to recommend patrol deployment (errors risk discriminatory targeting of communities).\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>7. Migration, asylum &amp; border control\u003C/strong>\u003C/td>\n\u003Ctd>Decisions affect fundamental rights (asylum, non-refoulement, family unity) for vulnerable people with limited recourse; errors can cause irreversible harm.\u003C/td>\n\u003Ctd>Providers of AI used by migration or border authorities to assess irregular migration risk, verify documents, process visa or asylum applications, or monitor borders.\u003C/td>\n\u003Ctd>An AI tool assessing the credibility of an asylum seeker's account to recommend approval or rejection (a false negative could result in return to persecution).\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>8.Administration of justice &amp; democracy\u003C/strong>\u003C/td>\n\u003Ctd>AI influence over judicial decisions or democratic processes threatens the rule of law, fair trial rights, and free elections.\u003C/td>\n\u003Ctd>Providers of AI assisting courts, arbitration bodies, or electoral authorities — including tools that research case law, recommend sentences, or support electoral administration.\u003C/td>\n\u003Ctd>A legal research tool used by judges to summarise case law and suggest sentencing principles (biased outputs risk systematically skewing judicial outcomes).\u003C/td>\n\u003C/tr>\n\u003C/tbody>\n\u003C/table>\n\u003Ch2 id=\"focus-on-employment-worker-management\">9. Focus on employment &amp; worker management\u003C/h2>\n\u003Ch4 id=\"broad-interpretation-of-recruitment-and-selection\">\u003Cstrong>Broad interpretation of recruitment and selection\u003C/strong>\u003C/h4>\n\u003Cp>The section on Area 4 of Annex III (Employment) establishes a \u003Cstrong>broad interpretation of recruitment\u003C/strong>, covering the entire process of preparing a new work-related relationship.\u003C/p>\n\u003Cul>\n\u003Cli>\u003Cstrong>In-scope systems:\u003C/strong> this includes AI used for \u003Cstrong>targeted job advertisements\u003C/strong>, candidate sourcing across platforms, CV screening, ranking and scoring, background checks, and determining access to self-employment.\u003C/li>\n\u003Cli>\u003Cstrong>Platform workers:\u003C/strong> Systems that rank freelancers or platform workers fall into the high-risk category because they shape access to future assignments and livelihoods.\u003C/li>\n\u003Cli>\u003Cstrong>Candidate-side exclusions:\u003C/strong> Conversely, tools intended to be \u003Cstrong>initiated and controlled by the candidate\u003C/strong> (e.g., AI that helps an individual improve their own CV or identify suitable vacancies) are generally outside the high-risk recruitment use case.\u003C/li>\n\u003C/ul>\n\u003Ch4 id=\"functional-reading-of-workplace-management\">\u003Cstrong>Functional reading of workplace management\u003C/strong>\u003C/h4>\n\u003Cp>For management of existing work relationships (Annex III, 4(b)), the guidelines follow a \u003Cstrong>functional reading\u003C/strong> focused on the impact on the worker.\u003C/p>\n\u003Cul>\n\u003Cli>\u003Cstrong>High-risk decisions:\u003C/strong> AI systems are captured if they are used to make decisions affecting \u003Cstrong>terms of work, promotion, termination, task allocation, or performance evaluation\u003C/strong>. This applies even when a human manager formally takes the final decision but \u003Cstrong>significantly relies on the AI output\u003C/strong>.\u003C/li>\n\u003Cli>\u003Cstrong>Operational threshold:\u003C/strong> Not every day-to-day managerial adjustment is captured. Minor organisational arrangements that \u003Cstrong>do not materially affect workers’ rights\u003C/strong>, obligations, or career prospects (such as allocating a specific desk or a lunch break time within an assigned shift) are not automatically treated as high-risk.\u003C/li>\n\u003C/ul>\n\u003Chr />\n\u003Ch2 id=\"consequences-of-high-risk-classification\">10. Consequences of high-risk classification\u003C/h2>\n\u003Ch3 id=\"for-providers\">For providers\u003C/h3>\n\u003Cp>If an AI system is classified as high-risk, \u003Cstrong>providers\u003C/strong> must comply with all of the following (Chapter III, Section 2 AI Act):\u003C/p>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Obligation\u003C/th>\n\u003Cth>Summary\u003C/th>\n\u003C/tr>\n\u003C/thead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Risk management system (Art. 9)\u003C/strong>\u003C/td>\n\u003Ctd>Continuous, iterative risk identification and mitigation throughout the lifecycle\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Data governance (Art. 10)\u003C/strong>\u003C/td>\n\u003Ctd>Training/validation/testing datasets must meet quality criteria; bias identification and mitigation\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Technical documentation (Art. 11)\u003C/strong>\u003C/td>\n\u003Ctd>Comprehensive documentation before market placement; kept up to date\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Record-keeping / logging (Art. 12)\u003C/strong>\u003C/td>\n\u003Ctd>Automatic logging to enable post-hoc auditability\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Transparency to deployers (Art. 13)\u003C/strong>\u003C/td>\n\u003Ctd>Instructions for use covering capabilities, limitations, human oversight requirements\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Human oversight (Art. 14)\u003C/strong>\u003C/td>\n\u003Ctd>System designed to allow meaningful human intervention, monitoring, override, and shutdown\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Accuracy, robustness, cybersecurity (Art. 15)\u003C/strong>\u003C/td>\n\u003Ctd>Stated performance levels; resilience to errors, faults, inconsistencies, adversarial attack\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Conformity assessment (Art. 43)\u003C/strong>\u003C/td>\n\u003Ctd>Either internal (provider self-assessment) or third-party, depending on type; before market placement\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>EU database registration (Art. 71)\u003C/strong>\u003C/td>\n\u003Ctd>Registration required before placement on market (for most systems)\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>CE marking (Art. 48)\u003C/strong>\u003C/td>\n\u003Ctd>Required for systems covered by Annex I\u003C/td>\n\u003C/tr>\n\u003Ctr>\n\u003Ctd>\u003Cstrong>Post-market monitoring (Art. 72)\u003C/strong>\u003C/td>\n\u003Ctd>Continuous monitoring after deployment\u003C/td>\n\u003C/tr>\n\u003C/tbody>\n\u003C/table>\n\u003Ch3 id=\"for-deployers\">For deployers\u003C/h3>\n\u003Cp>\u003Cstrong>Deployers\u003C/strong> must:\u003C/p>\n\u003Cul>\n\u003Cli>Use the system only within its intended purpose and instructions\u003C/li>\n\u003Cli>Implement human oversight measures as specified by the provider\u003C/li>\n\u003Cli>Ensure relevant staff are trained\u003C/li>\n\u003Cli>Monitor performance and report serious incidents\u003C/li>\n\u003Cli>Not process biometric data beyond what the provider permits\u003C/li>\n\u003C/ul>\n\u003Chr />\n\u003Cp>\u003Cem>We will \u003Cstrong>update\u003C/strong> this piece with a fuller analysis, including any material changes from the draft and their practical implications for providers and deployers.\u003C/em>\u003C/p>\n","Reacting to the Draft EU AI Act High-Risk AI Guidelines ","Our first read of the Commission's draft guidelines on high-risk AI classification under Article 6. Key takeaways, open questions, and what to watch before the ",2526,14,"The AI Act High-Risk AI Draft Guidelines: First Reactions & Key Takeaways",0,null,"en","the-ai-act-high-risk-ai-draft-guidelines-first-reactions-key-takeaways","Our first read of the Commission's draft guidelines on high-risk AI classification under Article 6. Key takeaways, open questions, and what to watch before the final text drops.","Published",{"id":19,"displayName":20,"avatarUrl":21,"bio":13,"blogUrl":13,"color":13,"userId":19,"creationDate":22},20352,"Leïla Sayssa","https://static.dastra.eu/tenant-3/avatar/20352/TDYeY3C8Rz1lLE/dpo-avatar-h01-150.png","2025-03-03T11:08:22","2026-05-19T13:50:00","2026-05-19T13:50:53.026458","2026-05-19T16:00:26.8216282",{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":32},2,"Blog","A list of curated articles provided by the community","blog","#28449a",[33,36,39],{"lang":34,"name":28,"description":35},"fr","Une liste d'articles rédigés par la communauté",{"lang":37,"name":28,"description":38},"es","Una lista de artículos escritos por la comunidad",{"lang":40,"name":28,"description":41},"de","Eine Liste von Artikeln, die von der Community verfasst wurden",[43],{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":44},[45,46,47],{"lang":34,"name":28,"description":35},{"lang":37,"name":28,"description":38},{"lang":40,"name":28,"description":41},[],"https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-original.jpg",[51,52,53,54,55,56,57],"https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-1000.webp","https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6.webp","https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-1500.webp","https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-800.webp","https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-600.webp","https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-300.webp","https://static.dastra.eu/content/96d23dc9-12ba-409e-a4a8-41ed4b1bb735/visuel-article-6-100.webp",60047,{"items":60,"total":100,"size":101,"page":101},[61],{"title":62,"nbDownloads":63,"excerpt":13,"lang":14,"url":64,"intro":65,"featured":4,"state":17,"author":66,"authorId":19,"datePublication":67,"dateCreation":68,"dateUpdate":69,"mainCategory":70,"categories":77,"metaDatas":85,"imageUrl":90,"imageThumbUrls":91,"id":99},"Your Checklist to Multi-State Privacy Impact Assessments ",7,"your-checklist-to-multi-state-privacy-impact-assessment-compliance","Master multi-state Privacy Impact Assessments by downloading this checklist.",{"id":19,"displayName":20,"avatarUrl":21,"bio":13,"blogUrl":13,"color":13,"userId":19,"creationDate":22},"2026-02-23T10:07:00","2026-02-23T10:07:01.6114712","2026-02-24T15:38:38.0037058",{"id":71,"name":72,"description":13,"url":73,"color":74,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":75,"translations":76},70,"Livre blanc","white-papers","#1795d3",3,[],[78,83],{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":79},[80,81,82],{"lang":34,"name":28,"description":35},{"lang":37,"name":28,"description":38},{"lang":40,"name":28,"description":41},{"id":71,"name":72,"description":13,"url":73,"color":74,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":75,"translations":84},[],[86],{"typeMetaDataId":87,"value":88,"id":89},4,"https://static.dastra.eu/backofficefilescontainer/6c9c6770-09f5-44d2-ac35-466a87c40426/US PIA Cross State Checklist Best Practices.pdf",117305,"https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-original.jpg",[92,93,94,95,96,97,98],"https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-1000.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-1500.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-800.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-600.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-300.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-100.webp",59886,12,1]