When is AI “High-Risk” under the EU AI Act? Key Takeaways from the Commission’s Draft Guidelines


People Capabilities In this section you can find Services Banking and Finance Banking and Finance overview Asset & Lease Finance Capital Markets Corporate Debt Leveraged Finance Project, Energy and Infrastructure Finance Real Estate Finance Restructuring and Insolvency Securitization and Structured Finance Trade and Export Finance Competition, Trade and Foreign Investment Competition, Trade and Foreign Investment overview Antitrust and Competition Investigations Antitrust and Competition Litigation Dawn Raids Foreign Investment and National Security Law International Sanctions and Export Controls International Trade Law Merger Control Procurement and State Aid Construction and Engineering Construction and Engineering overview Construction Disputes Contracts and Procurement EPC Project Advisory Corporate and M&A Corporate and M&A overview Capital Markets Corporate Governance International Corporate Reorganizations Joint Ventures Mergers and Acquisitions Private Equity Venture Capital Corporate Crime Corporate Crime overview Anti-Bribery and Corruption Anti-Money Laundering International Sanctions and Export Controls Regulatory Investigations and Enforcement Data Privacy, Security and Technology Data Privacy, Security and Technology overview Cybersecurity Data Privacy Electronic and Mobile Commerce Information Law Technology Transactions and Sourcing Telecom Services Employment, Labor and Pensions Employment, Labor and Pensions overview Corporate Transactions Cross-Border Employment and Pensions Diversity, Pay and Discrimination Employee Benefits and Executive Compensation Employment Employment Litigation Global Mobility and Immigration Labor and Industrial Relations Financial Services Regulation Financial Services Regulation overview Asset Management Crypto Assets Derivatives Financial Services Disputes and Investigations Funds Insurance Insurance overview Insurance and Reinsurance Disputes Insurance and Retirement Products, Insurance Distribution Insurance Financing and Capital Markets Insurance M&A, Reinsurance and Restructuring Insurance Regulation and Compliance Insurance Regulatory Investigations and Enforcement Insurance Taxation Insurtech Intellectual Property Intellectual Property overview IP Audits and Assessments IP Litigation IP Transactional Patents Trademarks, Trade Dress and Copyrights Trade Secrets Litigation and Dispute Resolution Litigation and Dispute Resolution overview Class Actions Commercial Litigation Antitrust and Competition Litigation Construction Disputes Energy Disputes Environmental, Health and Safety Financial Services Disputes and Investigations Fraud Insurance and Reinsurance Disputes International Arbitration Procurement Disputes Real Estate Disputes Regulatory Investigations and Enforcement Tax Controversy and Litigation Public and Administrative Law Public and Administrative Law overview Public Procurement and PPP Real Estate and Planning Real Estate and Planning overview Commercial Development and Leasing Corporate Real Estate Planning and Environmental Real Estate Disputes Real Estate Finance Living Strategic Contracts Strategic Contracts overview Contract Modernization Outsourcing Strategic Partnerships Tax Tax overview Acquisitions and Restructuring Business Taxation Employee Benefits and Executive Compensation Real Estate Tax Taxation of Financial Transactions and Institutions Tax Controversy and Litigation VAT/Indirect Taxes Industries Consumer Consumer overview Food and Beverage Luxury Retail and Wholesale Energy Energy overview Clean Energy Energy Regulatory Hydrogen Oil and Gas Power Financial Services Financial Services overview Corporate and Investment Banking Private Capital Retail Banking and Consumer Finance Governments and Infrastructure Governments and Infrastructure overview Governments and Strategic Projects Infrastructure Transportation Industrials Industrials overview Automotive Chemicals Manufacturing and Industrial Engineering Life Sciences and Healthcare Life Sciences and Healthcare overview Agriculture and Medicinal Cannabis and CBD Healthcare Industrial Biotechnology Medical Devices Pharmaceuticals and Biotechnology Research and Development Real Estate Real Estate overview Alternative Assets Multi and Single Family Residential Office and Industrial Real Estate Investment Retail and Mixed Use Transport Related Real Estate Technology & Digital Technology & Digital overview Digital Content Digital Infrastructure Technology Resources Insights Client tools Events and training Business topics About About us Firm leadership Purpose and values Responsible business Community Diversity and inclusion Environmental sustainability Pro bono Reports Alumni News Careers Global careers Applications Why us? Lawyers and partners Business professionals Students and recent graduates Offices Latvia Visit global site Select a local version of the site Angola Asia Austria Belgium Bulgaria Czech Republic Estonia Finland France Germany Hungary Iraq Ireland Italy Jordan Latvia Lithuania Luxembourg Mauritius Mozambique Netherlands Poland Portugal Qatar Romania Saudi Arabia Slovakia South Africa Spain Sweden Switzerland Tunisia United Arab Emirates United Kingdom United States Rest of the world en Select language English When is AI “High-Risk” under the EU AI Act? Key Takeaways from the Commission’s Draft Guidelines Home Resources Insights Home Resources Insights When is AI “High-Risk” under the EU AI Act? Key Takeaways from the Commission’s Draft Guidelines When is AI “High-Risk” under the EU AI Act? Key Takeaways from the Commission’s Draft Guidelines June 03, 2026 Introduction The EU Artificial Intelligence Act introduces a risk-based framework for regulating AI systems. A central concept in that framework is the category of “high-risk AI systems”, which triggers enhanced regulatory obligations. To support stakeholders in interpreting this concept, the European Commission has published draft guidelines on the classification of high-risk AI systems under Article 6 AI Act. These guidelines aim to facilitate consistent application of the rules and include practical examples to support interpretation and enforcement.¹ The draft guidance provides useful insight into how the Commission expects the high-risk threshold to be applied in practice. This article outlines the key takeaways and highlights the aspects most likely to be relevant for organisations assessing whether their AI systems fall within scope. The starting point: when is an AI system “high-risk”? The starting point is that the AI Act does not define high-risk AI in abstract terms. Instead, classification follows two clearly defined pathways. The first route is linked to product safety regulation. An AI system will qualify as high-risk where it forms part of a regulated product — either as a product in its own right or as a safety component — and that product is subject to third-party conformity assessment under EU harmonisation legislation.² The rationale is straightforward: where EU law already imposes enhanced safety scrutiny on certain products, AI components affecting that safety should be subject to a comparable level of regulatory oversight.³ The second route focuses on the context of use. AI systems are also classified as high-risk where they are intended for specific use cases listed in Annex III AI Act, such as employment decision-making, education, law enforcement or access to essential services.⁴ The guidelines indicate that the scope of high-risk AI is intended to remain limited and proportionate, focusing on systems that are considered to present significant risks to health, safety or fundamental rights.⁵ The decisive factor: intended purpose A central theme running through the guidelines is the importance of intended purpose. Classification does not depend solely on technical capabilities, but also on how the system is described, marketed and documented. The intended purpose encompasses, among other things, instructions for use, contractual arrangements, promotional materials and technical documentation.⁶ Where an AI system is presented as broadly applicable across multiple contexts, without clearly excluding certain sensitive applications, those applications may be taken into account when determining its regulatory classification.⁷ This has tangible consequences in practice, particularly for organisations developing or marketing AI systems across multiple use cases. The guidelines make clear that generic disclaimers are insufficient to narrow the intended purpose where the system’s functionality or positioning suggests broader use.⁸ In other words, organisations cannot rely on formal wording alone if the practical reality points the other way. For organisations deploying AI, an important practical implication is that limiting the use of a system at the deployment stage does not, in itself, alter its classification. Where a system is intended by the provider to be used in a high-risk context, that classification will generally continue to apply regardless of whether a particular deployer makes more limited use of the system in practice. This approach differs from a GDPR-style notion of purpose limitation: as a general rule, the classification of an AI system is not determined by how it is used in a particular deployment scenario, but by the broader intended purpose defined by the provider. This is reinforced by the allocation of responsibilities under the AI Act. The assessment of the intended purpose — and therefore of whether a system is high-risk — is primarily carried out by the provider, subject to oversight by competent authorities. At the same time, other actors in the value chain should be mindful that they may assume provider obligations, or even trigger high-risk classification, where they modify a system or its intended purpose.⁹ Annex I: AI as part of regulated products The Commission’s guidance on AI embedded in regulated products (the Annex I route) provides helpful clarification on the notion of a “safety component”, which is central to the classification exercise. Not every AI system integrated into a regulated product will qualify. Rather, the assessment hinges on whether the system either performs a safety function — for example by preventing or mitigating risks — or whether its failure or malfunction could endanger the health and safety of persons or property.¹⁰ Many AI systems used for optimisation, performance improvement or efficiency will fall outside the definition, as their intended purpose is not safety-related.¹¹ At the same time, those same systems may still be caught where a failure could create a safety risk, depending on the product design and operating context.¹² This also means that organisations will need to look not only at what an AI system is intended to do, but also at how it interacts with the broader product and what risks may arise if it fails. The final element of the assessment is whether the relevant product is subject to third-party conformity assessment under EU law. This reflects the legislator’s intention to limit high-risk classification under this route to cases where sectoral legislation already involves heightened regulatory scrutiny.¹³ Annex III: high-risk use cases The Annex III pathway adopts a different logic, focusing on specific use cases rather than product categories. While this list includes areas that are frequently discussed in public debate, the guidelines underline that its scope remains precise and limited. Only those applications explicitly listed in Annex III are relevant for classification, and the framework does not extend beyond them.¹⁴ That said, the practical reach of these provisions should not be underestimated. Many commonly deployed AI tools — particularly in HR, education or customer-facing contexts — may fall within scope where they materially influence decisions affecting individuals. In practice, this requires organisations to assess not only the functionality of their AI systems, but also the specific decision-making contexts in which they are deployed. Not every system in scope is “high-risk” An important counterbalance is the so-called “filter mechanism” under Article 6(3) AI Act. This allows certain systems to fall outside the high-risk category even where they are connected to Annex III use cases. In particular, systems that perform purely preparatory, procedural or supportive functions, and do not materially influence decision-making, may be excluded from classification.¹⁵ This reflects an effort to ensure that the regime remains proportionate and does not capture AI systems with only a limited or indirect role in decision-making. At the same time, the boundary between “supporting” and “influencing” decisions is not always straightforward. This is likely to become a key area of interpretation as the regime is applied in practice. However, determining whether a system merely supports or materially influences decisions will often require a case-by-case assessment. Human involvement does not affect classification Another important point is that the presence of human oversight does not, in itself, prevent a system from being classified as high-risk. Whether a human reviews or validates outputs is relevant for compliance with the AI Act’s requirements, but it does not affect the classification analysis itself, which remains grounded in intended purpose and use case. This is particularly relevant for organisations relying on “human-in-the-loop” models as part of their governance approach. A shifting landscape: roles and future updates Beyond the initial classification exercise, the guidelines also highlight that responsibilities may shift along the AI value chain. Parties other than the original provider may, in certain circumstances, assume provider obligations where they modify the system, place it on the market under their own name, or change its intended purpose in a way that leads to high-risk use.¹⁶ Finally, the framework is designed to evolve. The Commission is expected to review and update the list of high-risk use cases over time, including through delegated acts, ensuring that the regime can respond to emerging risks and technological developments.¹⁷ Practical takeaway Taken together, the draft guidelines confirm that high-risk classification under the AI Act is neither as broad nor as open-ended as sometimes assumed. At the same time, it is highly fact-specific and dependent on how AI systems are designed, positioned and used. For organisations, this means that classification should not be treated as a purely legal exercise, but as part of a broader assessment involving technical design, product positioning and actual use. It requires close alignment between technical design, product positioning and documentation, as well as a clear understanding of how systems are expected to be used and may reasonably be used. 1. Draft Guidelines (General Principles), p. 2, paras. (3)–(4). 2. Draft Guidelines (General Principles), p. 3, para. (7); Draft Guidelines (Annex I), p. 4–5, para. (27). 3. Draft Guidelines (Annex I), p. 2-3, paras. (18-22). 4. Draft Guidelines (General Principles), p. 3, para. (7). 5. Draft Guidelines (General Principles), p. 2, para. (2). 6. Draft Guidelines (General Principles), p. 4, para. (10). 7. Draft Guidelines (General Principles), p. 4, para. (12). 8. Draft Guidelines (General Principles), p. 4, para. (12). 9. Draft Guidelines (General Principles), p. 5, paras. (13)–(14). 10. Article 3(14) AI Act; Draft Guidelines (Annex I), p. 5–6, paras. (32)–(34). 11. Draft Guidelines (Annex I), p. 6–7, paras. (35)–(37). 12. Draft Guidelines (Annex I), p. 7–8, paras. (42)–(43). 13. Draft Guidelines (Annex I), p. 9–10, para. (50); p. 11–12, paras. (57)–(58). 14. Draft Guidelines (General Principles), p. 3, para. (7). 15. Draft Guidelines (General Principles), p. 2–3 (structure of Article 6 framework; targeted scope). 16. Draft Guidelines (General Principles), p. 5, para. (14). 17. Draft Guidelines (General Principles), p. 6, para. (451). The materials on the Eversheds Sutherland website are for general information purposes only and do not constitute legal advice. While reasonable care is taken to ensure accuracy, the materials may not reflect the most current legal developments. Eversheds Sutherland disclaims liability for actions taken based on the materials. Always consult a qualified lawyer for specific legal matters. To view the full disclaimer, see our Terms and Conditions or Disclaimer section in the footer. Key contacts Robbert Santifort Partner Rotterdam, Netherlands Ilham Ezzamouri Associate Rotterdam, Netherlands Emile Leffring Associate Rotterdam, Netherlands Latest Insights legal updates Commercially Connected shorts - 3 June 2026 legal updates Global Life Sciences & Healthcare Bulletin legal updates Consumer Lens - Session 1 \| The Rise of European Class Actions podcasts and webcasts Tax NOLs in Cross-Border Structures Webinar Latest News client news A blueprint for growth: Eversheds Sutherland supports Leonard Design Group restructuring and MBO client news Next stop, public ownership: Eversheds Sutherland advises DfT on GTR transition firm news Eversheds Sutherland strengthens restructuring offering with senior partner appointment firm news Eversheds Sutherland strengthens Commercial Advisory practice with technology partner hire Latest Events virtual \| June 09, 2026 UK employment law training virtual \| June 16, 2026 Nordic (Denmark, Finland, Norway and Sweden) employment law training virtual \| June 23, 2026 Introduction to Swiss employment law virtual \| September 10, 2026 UAE - Employment law in the Dubai International Financial Centre Tabs Label legal updates June 03, 2026 Commercially Connected shorts - 3 June 2026 legal updates June 03, 2026 Global Life Sciences & Healthcare Bulletin legal updates May 29, 2026 Consumer Lens - Session 1 \| The Rise of European Class Actions podcasts and webcasts May 29, 2026 Tax NOLs in Cross-Border Structures Webinar Legal notices Terms & conditions Privacy notice Cookies LinkedIn Connect Contact us Client login Staff login Subscribe About us About Eversheds Sutherland Purpose and values Responsible business Alumni Insights Client tools Events and training Business topics Careers Offices © Eversheds Sutherland 2026. All rights reserved. Eversheds Sutherland is a provider of legal and other services operating through various separate and distinct legal entities. For further information about these entities and Eversheds Sutherlands' structure please see the Legal Notice page of this website. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client. For further information about these Eversheds Sutherland Entities and Eversheds Sutherlands’ structure please see the Legal Notices page of this website.

Introduction

The EU Artificial Intelligence Act introduces a risk-based framework for regulating AI systems. A central concept in that framework is the category of “high-risk AI systems”, which triggers enhanced regulatory obligations. To support stakeholders in interpreting this concept, the European Commission has published draft guidelines on the classification of high-risk AI systems under Article 6 AI Act. These guidelines aim to facilitate consistent application of the rules and include practical examples to support interpretation and enforcement.¹

The draft guidance provides useful insight into how the Commission expects the high-risk threshold to be applied in practice. This article outlines the key takeaways and highlights the aspects most likely to be relevant for organisations assessing whether their AI systems fall within scope.

The starting point: when is an AI system “high-risk”?

The starting point is that the AI Act does not define high-risk AI in abstract terms. Instead, classification follows two clearly defined pathways.

The first route is linked to product safety regulation. An AI system will qualify as high-risk where it forms part of a regulated product — either as a product in its own right or as a safety component — and that product is subject to third-party conformity assessment under EU harmonisation legislation.² The rationale is straightforward: where EU law already imposes enhanced safety scrutiny on certain products, AI components affecting that safety should be subject to a comparable level of regulatory oversight.³

The second route focuses on the context of use. AI systems are also classified as high-risk where they are intended for specific use cases listed in Annex III AI Act, such as employment decision-making, education, law enforcement or access to essential services.⁴ The guidelines indicate that the scope of high-risk AI is intended to remain limited and proportionate, focusing on systems that are considered to present significant risks to health, safety or fundamental rights.⁵

The decisive factor: intended purpose

A central theme running through the guidelines is the importance of intended purpose. Classification does not depend solely on technical capabilities, but also on how the system is described, marketed and documented.

The intended purpose encompasses, among other things, instructions for use, contractual arrangements, promotional materials and technical documentation.⁶ Where an AI system is presented as broadly applicable across multiple contexts, without clearly excluding certain sensitive applications, those applications may be taken into account when determining its regulatory classification.⁷

This has tangible consequences in practice, particularly for organisations developing or marketing AI systems across multiple use cases. The guidelines make clear that generic disclaimers are insufficient to narrow the intended purpose where the system’s functionality or positioning suggests broader use.⁸ In other words, organisations cannot rely on formal wording alone if the practical reality points the other way.

For organisations deploying AI, an important practical implication is that limiting the use of a system at the deployment stage does not, in itself, alter its classification. Where a system is intended by the provider to be used in a high-risk context, that classification will generally continue to apply regardless of whether a particular deployer makes more limited use of the system in practice. This approach differs from a GDPR-style notion of purpose limitation: as a general rule, the classification of an AI system is not determined by how it is used in a particular deployment scenario, but by the broader intended purpose defined by the provider.

This is reinforced by the allocation of responsibilities under the AI Act. The assessment of the intended purpose — and therefore of whether a system is high-risk — is primarily carried out by the provider, subject to oversight by competent authorities. At the same time, other actors in the value chain should be mindful that they may assume provider obligations, or even trigger high-risk classification, where they modify a system or its intended purpose.⁹

Annex I: AI as part of regulated products

The Commission’s guidance on AI embedded in regulated products (the Annex I route) provides helpful clarification on the notion of a “safety component”, which is central to the classification exercise.

Not every AI system integrated into a regulated product will qualify. Rather, the assessment hinges on whether the system either performs a safety function — for example by preventing or mitigating risks — or whether its failure or malfunction could endanger the health and safety of persons or property.¹⁰ Many AI systems used for optimisation, performance improvement or efficiency will fall outside the definition, as their intended purpose is not safety-related.¹¹ At the same time, those same systems may still be caught where a failure could create a safety risk, depending on the product design and operating context.¹² This also means that organisations will need to look not only at what an AI system is intended to do, but also at how it interacts with the broader product and what risks may arise if it fails.

The final element of the assessment is whether the relevant product is subject to third-party conformity assessment under EU law. This reflects the legislator’s intention to limit high-risk classification under this route to cases where sectoral legislation already involves heightened regulatory scrutiny.¹³

Annex III: high-risk use cases

The Annex III pathway adopts a different logic, focusing on specific use cases rather than product categories. While this list includes areas that are frequently discussed in public debate, the guidelines underline that its scope remains precise and limited.

Only those applications explicitly listed in Annex III are relevant for classification, and the framework does not extend beyond them.¹⁴ That said, the practical reach of these provisions should not be underestimated. Many commonly deployed AI tools — particularly in HR, education or customer-facing contexts — may fall within scope where they materially influence decisions affecting individuals. In practice, this requires organisations to assess not only the functionality of their AI systems, but also the specific decision-making contexts in which they are deployed.

Not every system in scope is “high-risk”

An important counterbalance is the so-called “filter mechanism” under Article 6(3) AI Act. This allows certain systems to fall outside the high-risk category even where they are connected to Annex III use cases.

In particular, systems that perform purely preparatory, procedural or supportive functions, and do not materially influence decision-making, may be excluded from classification.¹⁵ This reflects an effort to ensure that the regime remains proportionate and does not capture AI systems with only a limited or indirect role in decision-making.

At the same time, the boundary between “supporting” and “influencing” decisions is not always straightforward. This is likely to become a key area of interpretation as the regime is applied in practice. However, determining whether a system merely supports or materially influences decisions will often require a case-by-case assessment.

Human involvement does not affect classification

Another important point is that the presence of human oversight does not, in itself, prevent a system from being classified as high-risk. Whether a human reviews or validates outputs is relevant for compliance with the AI Act’s requirements, but it does not affect the classification analysis itself, which remains grounded in intended purpose and use case. This is particularly relevant for organisations relying on “human-in-the-loop” models as part of their governance approach.

A shifting landscape: roles and future updates

Beyond the initial classification exercise, the guidelines also highlight that responsibilities may shift along the AI value chain. Parties other than the original provider may, in certain circumstances, assume provider obligations where they modify the system, place it on the market under their own name, or change its intended purpose in a way that leads to high-risk use.¹⁶

Finally, the framework is designed to evolve. The Commission is expected to review and update the list of high-risk use cases over time, including through delegated acts, ensuring that the regime can respond to emerging risks and technological developments.¹⁷

Practical takeaway

Taken together, the draft guidelines confirm that high-risk classification under the AI Act is neither as broad nor as open-ended as sometimes assumed. At the same time, it is highly fact-specific and dependent on how AI systems are designed, positioned and used.

For organisations, this means that classification should not be treated as a purely legal exercise, but as part of a broader assessment involving technical design, product positioning and actual use. It requires close alignment between technical design, product positioning and documentation, as well as a clear understanding of how systems are expected to be used and may reasonably be used.

The materials on the Eversheds Sutherland website are for general information purposes only and do not constitute legal advice. While reasonable care is taken to ensure accuracy, the materials may not reflect the most current legal developments. Eversheds Sutherland disclaims liability for actions taken based on the materials. Always consult a qualified lawyer for specific legal matters. To view the full disclaimer, see our Terms and Conditions or Disclaimer section in the footer.