EU AI Act High-Risk Guidelines Published: What You Need to Know

Key Developments

On May 19, 2026, the European Commission published its long-awaited draft guidelines on classifying high-risk artificial intelligence systems under the EU AI Act. The guidelines come in three documents covering general principles, high-risk classification for regulated products (Annex I), and high-risk use cases (Annex III).

These guidelines are now open for public consultation until June 23, 2026, with feedback to be incorporated before final Commission adoption. This marks a critical step in implementing one of the world’s first comprehensive horizontal AI regulations.

Why This Matters

These guidelines address a central question of the EU AI Act: when does an AI system fall within the high-risk regime? This distinction is crucial because high-risk systems face stringent compliance obligations including conformity assessments, technical documentation, human oversight, and EU database registration.

The timing is significant. Guidance on high-risk classification had originally been due by February 2, 2026, but delays in both guidelines and standards development created implementation uncertainty. This delay became a central issue in recent AI Act amendment discussions, ultimately contributing to the Digital Omnibus agreement that postponed high-risk compliance deadlines.

The Commission’s guidelines now provide the interpretative framework companies need to assess their AI systems before these extended deadlines: December 2, 2027 for standalone high-risk systems and August 2, 2028 for high-risk systems embedded in regulated products.

Practical Implications for Builders and Users

For European AI developers and deployers, these guidelines offer crucial clarity on system classification. Several practical interpretations stand out:

  • Multiple AI Component Systems: Where multiple AI components interact and their combined outputs materially influence a high-risk decision, the system must be treated as a single AI system for compliance purposes.

  • Insurance Risk Assessment: AI systems used for risk assessment or pricing in life and health insurance remain high-risk even when they include fraud detection capabilities. A fraud detection feature only escapes high-risk categorization if it functions as a truly standalone system.

For Irish and European organisations building or deploying AI in critical areas—recruitment, education, credit assessment, law enforcement, and essential services—these guidelines determine your compliance obligations. Misclassification could expose companies to fines up to €35 million or 7% of annual worldwide turnover.

Enterprise customers and procurement teams are already asking tougher questions about AI system classification and compliance documentation. The guidelines give you the framework to answer those questions credibly.

Open Questions

While the guidelines provide valuable direction, some questions remain:

  • How will enforcement authorities interpret edge cases not explicitly covered in the three documents?
  • Will the final version (expected after June 23) significantly revise the draft guidance?
  • How will practical application differ across member states as they activate their own enforcement mechanisms?

Companies should monitor the consultation feedback and final guidelines carefully, as these will shape enforcement practice across the EU for years to come.


Source: European Commission