EU Guidance Defines High-Risk AI Systems

The European Commission released draft guidance clarifying when AI systems qualify as “high-risk” under the EU AI Act (credit: AI-generated image).

EU Draft Guidance Defines What Counts As High-Risk AI

Clayton Rifkind May 21, 2026

The European Commission’s draft guidance gives businesses a clearer view of which AI systems will face stricter EU compliance rules and which likely will not.

Key Takeaways

Companies are not classified as high-risk. Specific AI systems and use cases are.
AI systems are most likely to become high-risk if they affect safety, critical decisions, or people’s rights.
Using AI in hiring, healthcare, transportation, education, law enforcement, or critical infrastructure can trigger high-risk classification.
Most general business AI tools, chatbots, productivity systems, and consumer convenience products likely will not qualify as high-risk.

The European Commission released draft guidance explaining how regulators and businesses should determine whether an AI system qualifies as high-risk under the EU AI Act. The guidance is intended to help companies understand when stricter compliance obligations apply.

The guidance points out that the AI Act does not label entire companies as high-risk. Instead, it classifies specific AI systems, products, and use cases within a business. A company could operate dozens of AI systems internally while only one or two fall into the high-risk category.

If it affects human safety, it’s high-risk

Under the draft guidance, AI systems are likely to be high-risk when they can significantly affect people’s health, safety, legal rights, or access to important services.

AI systems connected to products currently regulated under EU safety laws would be considered high-risk – for example, medical devices, industrial machinery, automobiles, and aviation systems.

If the AI system performs a safety-related role within those products, it may be classified as high-risk.

Some examples include:

Detect humans near industrial robots
Monitor gas leaks
Prevent train collisions
Trigger emergency shutdowns

The Commission said these systems qualify because a malfunction could physically harm people or property.

And if it affects important decisions that affect people’s lives, it’s high-risk

The EU’s core concern is whether the AI system can significantly affect a person’s economic opportunities, safety, or legal rights.

In practice, this means AI systems are more likely to be classified as high-risk if they influence decisions related to employment, financial decisions, healthcare, education, law enforcement, or access to services.

However, most low-impact business AI tools, such as chatbots, meeting summaries, drafting tools, and marketing automation systems, likely would not qualify as high-risk unless they are directly tied to high-impact decision-making.

Your marketing materials and product positioning could matter

The Commission also made clear that classification depends heavily on how a company describes and promotes its AI systems. According to the draft guidance, regulators may review product and marketing information, including forward-facing sales and marketing materials, technical documentation, product instructions, and public statements to determine the status.

The Commission warned that actual functionality and real-world positioning matter more than broad disclaimers attempting to distance the company from high-risk use cases.

Office productivity and consumer AI tools are less likely to be classified high-risk

Most consumer and work productivity systems likely fall outside the category unless they create safety or material risks. Home appliances, virtual assistants, and smart thermostats are just a few examples.

The Commission said these systems can cause inconvenience, financial loss, or user frustration when they fail, but are limited in what physical and material harms they can cause.

Products that require third-party certification may attach additional AI obligations

The guidance also ties high-risk classification to existing non-AI EU product safety statutes.

If a product already requires third-party safety certification under EU law, the embedded AI system may automatically incur additional obligations under the AI Act.

For those already adhering to product safety laws, e.g., manufacturers, healthcare companies, transportation firms, and infrastructure providers, this could significantly increase compliance requirements, including documentation, monitoring, and regulatory reporting.

The draft guidance is still in draft

The Commission stressed that the document is still in draft form and is open to stakeholder consultation before final adoption. The Commission also said additional sector-specific guidance and examples are expected as implementation continues.

The guidance comes on the heels of the Commission’s recent revisions to the AI Act’s digital Omnibus package, which delayed enforcement of the AI Act.

The guidance is not legally binding. Final interpretation of the AI Act ultimately rests with the Court of Justice of the European Union.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.