EU Commission draft guidelines on classification of "high-risk" AI systems: Key points

The European Commission recently published its long-awaited draft guidelines on the classification of “high-risk” artificial intelligence (AI) systems (Draft Guidelines) under Article 6 of the EU AI Act (AI Act).

The Draft Guidelines, released on May 19, 2026, were originally due on February 2, 2026; however, publication was delayed to allow the Commission to incorporate stakeholder input received during earlier engagement.

For organizations grappling with how to classify their AI systems, the Draft Guidelines are the clearest indication to date of how the Commission and national market surveillance authorities may approach the “high-risk” classification framework. Alongside the Commission’s interpretation of the relevant provisions, the Draft Guidelines include practical examples of AI systems that should or should not be classified as “high-risk.”

The Draft Guidelines are non-binding and interpretive in nature. Any authoritative interpretation of the AI Act may ultimately only be given by the Court of Justice of the European Union (EU). The Commission is carrying out a targeted stakeholder consultation on the Draft Guidelines, closing on July 23, 2026.

Below, we address four key questions about the Draft Guidelines and provide practical insight into how the Commission’s guidance may affect real-world classification decisions, particularly in areas where the position has been uncertain or contested.

Are multi-purpose AI systems automatically high-risk by virtue of the fact that the user can opt to use them for any purpose they wish?

Organizations regularly ask whether multi-purpose AI systems (tools such as Microsoft Copilot, ChatGPT, Harvey, or similar platforms built on highly capable large language models) are automatically classified as “high-risk” under the AI Act, given their potential application to Annex III use cases.

Because the specific use of such an AI system is determined by the user, it is the user – not the general-purpose AI provider – who defines the "intended purpose" in the regulatory sense. As a result, where that use qualifies as "high-risk," the user may assume provider obligations under Article 25 (“Responsibilities Along the AI Value Chain”).

The Draft Guidelines provide clarity on this point. Paragraph (12) of the “General principles” section states that where a provider's instructions for use, contractual arrangements, terms of service, usage policy, promotional and sales materials, or technical documentation present the AI system as "broadly applicable across a generality of contexts and functions" and do "not consistently limit its application or exclude high-risk uses," the system's intended purpose "will be deemed to also encompass high-risk use cases and therefore qualify as high-risk."

This applies, in particular, "where such uses are feasible and reasonably foreseeable given the system's functionalities and capabilities." Notably, the Draft Guidelines go further and state that "merely asserting (for example in the terms of service) that high-risk uses are excluded is insufficient to avoid the system from being considered high-risk, where the provider's overall presentation, examples, or product positioning effectively provides for or promotes such uses." Any limitations of use must be "clearly, concretely, and coherently described across all materials."

The Draft Guidelines largely confirm that where a multi-purpose AI system is deployed for a specific high-risk purpose, it is the entity determining and directing that use that bears the regulatory burden. However, the Draft Guidelines introduce an important nuance that may complicate matters for general-purpose AI providers: The position set out in paragraph (12) effectively creates a presumption that broadly marketed multi-purpose AI systems do have high-risk intended purposes, unless the provider has taken clear and coherent steps to exclude those uses across all relevant documentation. This may set a high bar.

Many general-purpose AI providers market their products with wide-ranging use cases, including explicitly referencing deployment in areas such as human resources (HR), recruitment, legal research, and public sector decision making – all of which touch Annex III categories. Under the Draft Guidelines, such providers may not be able to disclaim “high-risk” classification simply by inserting a carve-out into their terms of service.

In the financial services sector, when is an AI system used to evaluate the creditworthiness of an individual or establish a credit score, and how far does the exception for fraud detection go?

The financial services sector has made use of machine learning techniques for many years. Customer due diligence (Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) checks), the calculation of risk exposure under the internal ratings-based (IRB) approach, fraud monitoring, and ongoing monitoring of credit exposure are all powered by sophisticated algorithms.

A key challenge for this sector remains overlaying the requirements of the AI Act against an existing legislative framework, which already places stringent rules on the use of such models. This is particularly the case where an AI system qualifies as “high-risk” under the AI Act. Therefore, the classification of an AI system under point 5(b) of Annex III (“AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score”) has been a significant focus point for this sector.

The Draft Guidelines provide some clarifications, including the following:

• Clarification that assessing “creditworthiness” and establishing a “credit score” are intended to be distinct use cases, with a definition provided for each: “Creditworthiness” refers to the assessment of a person's ability and willingness to pay for services provided or credit obligations, whereas establishing a “credit score” is the activity of building a quantified representation of that creditworthiness. A high-risk AI system can be intended to achieve either or both.
  
  
• A broader explanation of when financial services are considered “essential private services”: The Commission confirms that providing a bank account, payment services, a mortgage, or the offering of loans and credit (including the offering of extension of credit) are considered essential private services. However, non-essential services include the acquisition of stocks and securities, premium credit cards, and special loans (such as for leisure).
  
  
• Further clarity on the exception for fraud detection: The Commission confirms that this exception is to be interpreted narrowly. Fraud detection must be the main intended purpose of the AI system. Importantly, the Commission clarifies that the exception does not extend to AI systems used for AML/CFT checks. However, such systems are often out of scope of point 5(b) of Annex III in any event, since they are not typically intended to assess creditworthiness.
  
  
• Acknowledgement of the interplay with other legislation: The Commission considers the impact that other financial legislation (notably the Capital Requirements Regulation (EU) No 575/2013 and Solvency II Directive 2009/138/EC) has on classification assessments. For example, AI systems used to calculate the risk-weighted exposure of loan portfolios to natural persons under the IRB approach are typically out of scope, provided the same system is not intended to be used for credit scoring or assessing creditworthiness of those persons.

These are welcome updates for the financial sector, but they are unlikely to resolve many of the challenges the sector continues to navigate. The scope of key financial services is perhaps broader than expected, and some may argue that the inclusion of mortgages or general consumer lending casts the net too wide.

The commentary on the meaning of “creditworthiness” and the interplay with other financial services legislation provides some clarity and may make it easier to determine whether an AI system used as part of a financial service offering is being deployed for a high-risk purpose. That said, in practice, the challenge often lies in the step before this point.

The definition of "AI system" – even after the Commission's guidance early last year – continues to be a challenge to apply in the financial services sector, particularly in the tasks of mapping underlying systems, determining whether those systems currently in use qualify as AI systems, and identifying the technical boundaries of such systems. Clarity is needed, particularly in the case of future substantial modifications that could bring previously out-of-scope systems into scope with substantive obligations under high-risk AI Act requirements.

When does HR support tooling actually become high-risk AI?

Another frequent question in legal and privacy departments is whether AI tools used in recruitment or HR workflows (often positioned as “assistive” or “efficiency-enhancing”) fall within the high-risk scope. In practice, many organizations have trouble determining whether certain tools simply support HR decision making or may prompt regulatory obligations, especially given the relatively high-level wording of point 4 of Annex III in this regard.

The Draft Guidelines provide a more practical clarification of when HR AI falls within the high-risk regime. The key test is whether the system “materially influences” a decision affecting individuals (e.g., hiring or promotion).

This goes beyond formal decision-making roles and focuses on the actual role of the system in practice: Tools that analyze, filter, score, or rank candidates – or generate individual evaluations that are relied upon – will typically be considered high-risk.

The Draft Guidelines introduce additional indicators to assess this influence. In particular, systems are more likely to be high-risk where they produce per-individual outputs, contribute to substantive decisions – as opposed to purely technical or procedural steps, such as data structuring, document classification, or workflow management, which do not influence the substance or outcome of the decision – and operate within the same decision context (e.g., recruitment or performance management).

The Draft Guidelines also clarify that classification cannot be avoided by splitting functions: Where several tools are combined, the assessment must consider whether the overall system shapes the outcome, even if each component appears limited in isolation. By contrast, the Draft Guidelines confirm that certain tools may fall outside scope where they are limited to purely procedural, preparatory, or ancillary tasks (e.g., structuring CV data, categorizing documents, detecting duplicates, or planning interview meetings) provided they do not affect the substance of decisions.

Taken together, the Draft Guidelines outline a more operational test grounded in the impact on individuals within the specific deployment environment, rather than the system’s stated purpose or positioning.

This clarification is helpful, but may still leave room for interpretation in borderline cases. In particular, the notion of “material influence” may need to be assessed in light of actual deployment practices. In complex workflows, even tools marketed as “support functions” may drive outcomes in practice, especially when used at scale or in early-stage filtering.

Interpretation of the Draft Guidelines may create residual uncertainty for organizations seeking to ring-fence, low-risk use cases and will likely require case-by-case analysis and internal documentation of legal analyses undertaken.

Our organization deploys an AI system that falls within one of the use cases listed in Annex III of the AI Act. Does that automatically mean it will be classified as “high-risk”?

Not necessarily. The AI Act classifies certain AI systems as "high-risk" based on their intended purpose and the domains in which they operate, imposing significant compliance obligations on providers and deployers.

However, Article 6(3) provides a “filter” mechanism that recognizes that not every AI system falling within a listed Annex III use case poses the kind of risk that warrants full “high-risk” categorization. For organizations, this mechanism can meaningfully reduce the regulatory compliance burden.

Under Article 6(3), an AI system may avoid “high-risk” classification if it satisfies any one of four alternative (rather than cumulative) conditions, meaning that satisfying a single condition is sufficient:

• Performs a narrow procedural task
• Improves the result of a previously completed human activity
• Detects decision-making patterns without replacing or influencing human assessment
• Performs a preparatory task to an assessment that remains subject to meaningful human review

The AI system should also not materially influence the outcome of decision making in a way that could adversely affect individuals, regardless of the condition it meets.

Notably, this filter mechanism does not apply to Annex III systems that perform profiling of natural persons, and these technologies are always classified as “high-risk” and cannot benefit from any Article 6(3) exception.

Even where a system successfully falls outside “high-risk” classification under the Article 6(3) filter, providers are not entirely free of obligations. They must document their assessment before placing the system on the market and demonstrate the AI system is exempt. This must then be registered in the EU database with the goal of ensuring traceability of exempt AI systems. Providers must be prepared to supply this assessment to market surveillance authorities on request.

Organizations are encouraged to continue to approach the filter mechanism with caution. While the Draft Guidelines provide definitional guidance and practical examples of what constitutes a “narrow procedural task,” some interpretive uncertainty may remain in borderline cases, and the assessment will ultimately require case-by-case analysis.

The Commission retains authority to amend or add conditions to Article 6(3) by delegated act, and the scope of available exceptions may shift as enforcement of the AI Act matures.

For more information

DLA Piper’s AI and Data Analytics team helps organizations navigate the complex workings of their AI systems and comply with current and developing regulatory requirements. The firm continuously monitors updates and developments arising in the AI space and their impact on industry across the world.

For more information on AI and the emerging legal and regulatory standards, please visit DLA Piper’s focus page on AI and “Algorithm to Advantage” portal.

Gain insights and perspectives that will help shape your AI strategy through DLA Piper’s AI ChatRoom series.

If you have questions on the EU AI Act, the Draft Guidelines, high-risk AI, or any other AI-related matters, please contact the authors or your regular DLA Piper attorneys.