The EU Commission’s long-awaited guidelines on high-risk AI systems were published on 19 May 2026. This is the promised explainer on what is – and is not – a high-risk AI system under the EU AI Act.
The guidelines
The Commission has published three sets of draft guidelines:
- general principles;
- Annex III high-risk AI systems (standalone AI systems); and
- Annex I high-risk AI systems (AI systems embedded in a product.
Interested stakeholders can submit their input on the consultation until 23 June 2026.
This post looks at the guidelines for Annex III high-risk AI systems. These guidelines:
- discuss the application of the derogation under Article 6(3)
- provide discussion and examples of what is high-risk, what is not high-risk, and what is high-risk but falls under Article 6(3) for each high-risk purpose under Annex III.
This post provides commentary on the Commission’s view on the application of the derogation Article 6(3). It also discusses some of the commission’s views on employment high-risk purposes under Annex III(4), since these have broad cross-sectoral relevance.
Recap – what are the consequences of an AI system being high-risk?
These guidelines are designed to help organisations falling within the geographic scope of the AI Act to confirm whether their AI systems are high-risk. If the AI system is high-risk, consequent obligations depend on the organisation’s role.
Providers: generally, the organisation developing the technology or having it developed.
Providers are subject to significant risk management and governance obligations for the specific high-risk AI system. These obligations are not about the organisation’s general risk management processes (although a strong organisational AI governance programme provides a helpful foundation). Rather, they relate to assessing and mitigating risks for the specific product and creating detailed technical documentation for the product. Before placing the product on the market or putting it into service, the provider must assess (or have a third-party notified body assess) and declare conformity, affix the CE mark, and register the AI system in the EU database. The rules envisage that compliance is carried out throughout the development life cycle, rather than retrospectively after development. Retrofitting and compiling technical documentation once development is complete will be more challenging.
European standardisation bodies CEN and CENELEC are currently developing standards to set out how providers could comply, addressing a standardisation request from the Commission. When published in the EU’s Official Journal, these will become harmonised standards and following them will provide a presumption of conformity with the relevant requirements. At the time of writing, three of these standards (prEN 18288 (AI Risk Management), prEN 18282 (Cybersecurity), and FprEN 18286 (Quality management system)) have been made available in draft form for public enquiry, while the majority are still under preparation.
Becoming a provider: it is possible for organisation which does not carry out the initial development (or any development at all) to become subject to these very significant obligations by:
- use of general-purpose tools (internal or off-the shelf generative AI solutions) for a high-risk purpose (Article 25(1)(c));
- creation of an agent for a high-risk purpose, e.g. sifting CVs or performance management;
- adding the organisation’s branding (name and trade mark) on another provider’s high-risk AI system (Article 25(1)(a)); or
- substantial modification Article 25(1)(b) – though this is not generally an option for off-the-shelf tools with a specific function.
Deployers: generally, the organisation using the technology.
Deployer obligations relate to managing risks around how the AI system is used in practice, for example by informing decision subjects about AI use and assigning competent human oversight.
What’s in and out
There is NO human-in-the-loop exemption
The Commission confirms that human involvement “has no effect on the classification of the system as high-risk”.[1] This is because human involvement cannot change the purpose for which an AI system is intended to be used.
If one of the four conditions of Article 6(3) are met, the provider might be able to exempt the system classification of high-risk. The type of human involvement during deployment may be relevant to demonstrate that the AI system is intended to perform a narrow procedural or preparatory task or improve an already completed human task.
However, “The provider cannot exempt and categorise an AI system as ‘low risk’ simply by adding to it a requirement for human involvement”.
The four derogations listed in Article 6(3) should be interpreted narrowly
Article 6(3) provides a derogation for AI systems falling under an Annex III purpose that do not “pose a significant risk of harm to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision making” where they meet any of the following conditions:
“ (a) the AI system is intended to perform a narrow procedural task;
(b) the AI system is intended to improve the result of a previously completed human activity;
(c) the AI system is intended to detect decision-making patterns or deviations from prior decision-making patterns and is not meant to replace or influence the previously completed human assessment, without proper human review; or
(d) the AI system is intended to perform a preparatory task to an assessment relevant for the purposes of the use cases listed in Annex III.”
The Commission refers to the derogation in Article 6(3) as a ‘filter mechanism’. This can only be applied when an AI system meets one of the conditions set out at Article 6(3)(a)-(d).[2]
The Commission appears to suggest that there is no generalderogation availablefor AI systems that do not pose a significant risk of harmto health, safety or fundamental rights – the conditions listed are exhaustive.[3]
Each of the Article 6(3)(a)-(d) grounds must be interpreted narrowly. However, where a provider has assessed and concluded that their AI system does fall under one of the exemptions, it is not necessary to conduct an additional assessment to determine whether the AI system poses a significant or any risk of harm besides those conditions.[4]
The profiling exemption – which means the AI system is high-risk even if one of the Article 6(3) conditions would apply – is also discussed. Profiling is carried out where an individual’s decisions and personal characteristics are assessed. For example, an AI system to evaluate recruiter’s decisions and deviations from previous patterns, in light of their personal characteristics, would be considered profiling. It would therefore be high-risk even though it could fall under Article 6(3)(c).[5] Examples are then provided to assist with general interpretation of each condition,[6] followed by examples for each high-risk purpose later in the guidance.
Providers wishing to rely on one of these conditions must document an assessment setting out why the system would be high-risk, which condition it believes applies and why, and a description of why the system does not perform profiling.[7]
Providers must also register their AI system in the EU database where they assess and conclude that Article 6(3) applies to their AI system. The changes to the AI Act made by the AI Omnibus will simplify registration requirements.
Employment examples
The Commission provides valuable colour on which use cases fall into this category.
Recruitment, selection, placing targeted job ads, analysing and filtering job applications, and evaluating candidates
This encompasses the range of activities around identification and attraction of potential applicants.[8]
The line on whether a purpose falls under Article 6(3) can be a fine one. Generation of job descriptions falls within this category where the AI system plays a role in the recruitment process. The specific AI system may fall within Article 6(3)(a) derogation (narrow procedural task) if the AI system is generating the description based on a list of tasks to be carried out and list of necessary qualifications and skills previously defined by a human recruiter. However, it will fall outside the ‘narrow procedural task’ derogation where it generates the necessary qualifications and skills based on high-level description.[9]
Practical examples of high-risk use cases, unsurprisingly, include AI systems intended to be used as automated job matching and ranking tools, AI systems used for scoring applicant answers in a recruitment process, and placing targeted social media ads based on navigation patters and a wide range of user characteristics. [10]
Examples of use cases that would not be high-risk include AI systems used to non-inclusive and discriminatory wording in job descriptions. AI systems that would fall under Article 6(3) (and so require registration) interestingly include CV parsers and AI systems for scheduling interviews.
AI systems intended to manage work-related relationships
This high-risk purpose is included to address potential discrimination in relation to opportunities that could impact workers’ livelihoods and career prospects.
It encompasses promotion and termination, and also allocation of tasks based on personal traits and characteristics. AI systems allocating tasks based on neutral, objective, and external factors, such as availability or location, would not be caught.[11] In contrast, AI systems that use criteria such as responsiveness to customer requests or reliability metrics, such as AI systems that allocate delivery slots or rank external lawyers, will be considered high-risk.[12]
Other examples considered high-risk include an AI system that dynamically sets driver compensation based on real-time demand, driver acceptance rates, and passenger ratings. Examples of AI systems that would fall under Article 6(3) include AI systems compiling performance records into structured reports to send to managers at a fixed date, and an AI system to refine human-drafted promotion evaluations and flag potentially biased wording.[13]
Our take: what to do now (providers and deployers)
The obligations for high-risk AI systems are now set to apply from 2 December 2027 (rather than 2 August 2026). At the time of writing, political agreement has been reached on pushing this date back, though the AI Omnibus still needs to be published in the EU’s Official Journal before 10 July to make the change effective.
Providers: should use these guidelines to confirm which of their products are high-risk and begin the work of embedding compliance processes as soon as possible. As discussed above, provider obligations require risk management and governance to be embedded and documented during the product life cycle and cannot simple be addressed on the AI Act’s application date.
Where providers assess and believe that an AI system falls under Article 6(3), they should also ensure that their assessment is documented (registration will also be required when the EU database is available).
Providers should also familiarise themselves with AI Act standards as they become available, including the three already made available in draft form.
Deployers: should ensure that they have policy and, ideally, technical controls in place to prevent accidental accession to the provider role. As discussed above, this can happen inadvertently through high-risk application of general-purpose tools.
Deployers should also ensure that they are able to identify which of their AI systems are high-risk and begin to:
- ensure they have appropriate contractual protections in place for contracts that may run past December 2027; and
- augment existing compliance processes to comply with deployer obligations.
[1] Para 70.
[2] Para 86.
[3] Para 88.
[4] Para 88.
[5] Para 112 and example following.
[6] Paras 97-108.
[7] Para 115.
[8] Para 246.
[9] Example on p.64.
[10] Examples for Annex III(4)(a) from p.66.
[11] Para 271.
[12] Para 270.
[13] Examples for Annex III(4)(b) from p.76.