The European Commission has opened its draft guidelines on classifying high-risk AI systems for stakeholder feedback until 23 June 2026. Running to more than 150 pages of worked examples, they are the most detailed steer yet on a question that has caused real uncertainty for organisations building or deploying AI: when does a system actually count as high-risk?
Introduction
Released on 19 May 2026, the draft guidelines are not legally binding, and any definitive interpretation of the AI Act ultimately rests with the Court of Justice of the EU. They do, though, set out the Commission’s thinking in detail, with concrete examples of systems that should, and should not, be treated as high-risk across every sector the Act touches. For any provider or deployer trying to work out where they stand, this is the clearest map yet.
Context
The AI Act takes a risk-based approach, and high-risk classification is the threshold that triggers the bulk of the Act’s obligations, covering risk management, data governance, technical documentation, human oversight, transparency and post-market monitoring. Getting the classification right is therefore the first and most consequential compliance decision an organisation makes.
Timing matters here too. Under the AI Omnibus, the related obligations have been pushed back: the rules for Annex III use cases now apply from 2 December 2027, and those for Annex I products from 2 August 2028. That gives organisations a real window to prepare, which is exactly why a clear view of the classification line is so useful now.
Analysis of the draft guidelines
The guidelines follow the structure of Article 6, which sets out two routes to high-risk:
- Annex I (product safety): the AI is a safety component of a regulated product, or is the product itself, and that product already has to undergo third-party (notified body) conformity assessment. This route covers sectors such as machinery, vehicles, lifts, toys, medical devices and in vitro diagnostics.
- Annex III (listed use cases): the system is used in one of eight listed areas, namely biometrics, critical infrastructure, education, employment, access to essential public and private services (including healthcare), law enforcement, migration and border control, and the administration of justice and democratic processes.
Several points stand out on a close read:
- A two-part “safety component” test. Under the Annex I route, a system is caught either where the provider intends it to perform a safety function, or, separately, where its failure or malfunctioning could endanger health or safety. The second limb is the surprising one: a system marketed purely for efficiency or performance can still be high-risk if a malfunction would create a safety hazard.
- An autonomous definition. The Act’s notion of “safety component” stands on its own and does not borrow from sectoral law, so a manufacturer cannot assume its existing product classification settles the question.
- The “filter” only applies to one route. Annex III systems can escape high-risk status via the Article 6(3) filter, for narrow procedural or purely preparatory tasks. That filter does not apply to Annex I products, and any system that performs profiling of individuals is always high-risk regardless.
- You cannot disclaim your way out. Simply stating in your terms of service that high-risk uses are excluded is not enough if your overall marketing and positioning present the system as broadly applicable.
- Roles can shift. Distributors, importers and deployers can inherit full provider obligations if they rebrand a system, substantially modify it, or change its intended purpose so that it becomes high-risk.
How this will affect providers
For Annex III providers, the first task is to check whether your intended use is actually on the listed-use-case list, then to assess filter eligibility and the profiling caveat. If you rely on the filter, you will need to document that assessment and register the system in the EU database.
For Annex I providers, including most medtech, the logic is more mechanical: if your product needs a notified body and the AI is a safety component or the product itself, expect high-risk, with no filter to fall back on. Because medical devices and IVDs sit in Section A of Annex I, the full set of high-risk requirements applies.
Medical devices and IVDs are the clearest illustration. Most AI-enabled devices above the lowest risk classes already require a notified body under the MDR and IVDR, so they would also meet the conformity-assessment condition and be classified as high-risk under the AI Act. The practical effect is AI Act duties sitting on top of existing MDR and IVDR obligations. The reassuring part, also confirmed in the guidelines, is that the Act lets operators fold AI-specific risk and quality management into their existing ISO 13485 and ISO 14971 systems, so this can be a single compliance framework rather than a parallel one. It is also worth noting that healthcare shows up on the Annex III side as well, through emergency patient triage, eligibility for public healthcare benefits, and risk assessment and pricing for health and life insurance, and that a triage tool which is itself a medical device can be caught under both routes.
How Blue Arrow can help
Blue Arrow tracks the EU AI Act and AI legislation worldwide, and helps medtech and AI providers turn it into practical steps. That includes classification assessments (which route applies, which limb of the safety-component test is in play, and whether the filter is available), gap analysis against the high-risk requirements, and folding AI Act obligations into existing quality and risk-management systems rather than building something separate. With the consultation open until 23 June 2026, we can also help you review your portfolio against the draft and prepare a feedback submission while the classification line is still being shaped.
Key takeaways
- The draft guidelines are open for feedback until 23 June 2026 and are non-binding.
- There are two routes to high-risk: Annex I (product safety) and Annex III (listed use cases).
- Most AI-enabled medical devices and IVDs that need a notified body will be high-risk, with no filter exemption.
- AI Act duties can be integrated into existing ISO 13485 and ISO 14971 systems.
- Obligations now apply from December 2027 (Annex III) and August 2028 (Annex I) under the AI Omnibus.
Sources and further reading
The draft guidelines and section-by-section downloads are available on the European Commission’s website, with full details of the consultation set out in the accompanying press release.
