On 19 May 2026, the European Commission published draft guidelines (the “Guidelines”) which clarify the risk thresholds for high-risk AI systems under the EU Artificial Intelligence Act (the “AI Act”). The AI Act, which entered into force on 1 August 2024, lays down harmonised rules for the placing on the market, putting into service, and use of AI.

The long-awaited Guidelines aim to support providers and deployers of AI systems, as well as market surveillance authorities, in assessing whether an AI system should be classified as high-risk.

The Guidelines set out the Commission’s interpretation and contain practical real-world examples of AI systems that should or should not be classified as high-risk. The examples listed in the Guidelines are not exhaustive but are very helpful for organisations trying to classify if their AI system should or should not be classified as high-risk. The Guidelines are divided into sections, following the structure of Article 6 of AI Act, which provides that an AI system shall be considered high-risk:

1. if the system is intended to be used as a safety component of a product, or the AI system itself is a product, covered by the EU harmonisation legislation listed in Annex I, and the product whose safety component is the AI system or the AI system itself is required to undergo a third-party conformity assessment, the system will be classified as high-risk pursuant to Article 6(1) AI Act. Examples include robotics, medical devices, aviation and industrial machinery
2. if the stand-alone AI system falls into one of the use cases listed under the areas in Annex III AI Act, as it poses significant risk to the health, safety or fundamental human rights, including biometrics, critical infrastructure, education, employment, migration, asylum and border control.

No “Human in the Loop” Loophole

The Guidelines confirm that human involvement cannot override an AI system of its high-risk status. If an AI tool ranks job applications for a HR department, a HR manager signing off on the final hire does not downgrade the risk level. Instead, human oversight is defined in article 14 of the AI Act as a mandatory compliance prerequisite that must be actively engineered into the high-risk workflow and become part of the process.

Material Influence

The Guidelines clarify that systems are high-risk if they materially influence a decision which affects individuals (e.g., access to employment, evaluating creditworthiness or establishing credit scores). This goes beyond formal decision-making roles and focuses on the actual role of the AI system – does the AI system analyse, filter or rank candidates or generate evaluations of candidates that are relied upon? If so, such AI systems will be considered high-risk.

Overall Assessment

The Guidelines clarify that complex AI systems cannot bypass high-risk classification by breaking it into smaller individual modules that appear less risky.  Where several tools are combined, the assessment must consider whether the overall system shapes the outcome.

Public Consultation

The Guidelines were open to public consultation until 23 June 2026. Feedback received will be incorporated into the final version of the Guidelines before adoption by the Commission. Although the final Guidelines will not be legally binding, they reflect the Commission’s interpretation and will guide enforcement of the AI Act.

Timeline

On 7 May 2026, the European Parliament and Council’s agreed to extend the implementation timeline for high-risk AI systems under the EU AI Act Omnibus. This extension gives providers and deployers time to prepare for and ultimately comply with the AI Act. Standalone systems in Annex III face enforcement by 2 December 2027 while those embedded in physical products under Annex I must comply with the AI Act by 2 August 2028.

If you would like to discuss the content of this article or require assistance with any of your organisation’s AI requirements, please contact Cian Clinch or Denise O’Shaughnessy.