It was one of the most anticipated clarifications on the EU AI Act. On 19 May 2026, the European Commission published its draft guidelines on the classification of high-risk AI systems under Article 6. 148 pages that answer a question thousands of companies have been grappling with since the regulation entered into force: when exactly does my AI system qualify as high-risk, and what happens if it formally falls under Annex III but poses no significant risk in practice?

The guidelines are open for public consultation until 23 June 2026. They are not yet final and not legally binding. But they reflect, for the first time, the Commission's official interpretation, which national market surveillance authorities will follow. For anyone working on AI governance, they are the most important interpretive document since the AI Act itself.

This article explains what's in the guidelines, how the central filter mechanism under Article 6(3) works, and which pitfalls the Commission explicitly addresses.

Two routes to high-risk classification

The guidelines follow the structure of Article 6 and distinguish two fundamentally different routes by which an AI system qualifies as high-risk.

Route 1: Article 6(1) and Annex I

The AI system is a product or safety component of a product covered by the EU harmonization legislation in Annex I (machinery, medical devices, toys, lifts, radio equipment) and subject to third-party conformity assessment. Here, compliance runs in parallel through the AI Act and the existing sectoral safety regimes.

Route 2: Article 6(2) and Annex III

The AI system falls under one of the eight application areas in Annex III: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and justice. For most companies using AI, this is the relevant route.

The crucial point: a system under Annex III is not automatically high-risk. Article 6(3) contains an exemption mechanism the Commission calls the "filter". And the guidelines devote over twenty pages of interpretation and examples to this filter. That's not a coincidence, because this is where most practical disputes will arise.

The filter mechanism under Article 6(3)

Even if an AI system falls within an Annex III use case, the provider can argue that it is not high-risk, provided at least one of four conditions is met. The provider self-assesses and documents the assessment before placing the system on the market. No authority needs to approve it first.

Condition	What falls under it
(i) Narrow procedural task	The system categorizes, reformats, or structures data without evaluating whether a person qualifies for something. Example: an AI sorting school applications by grade level into predefined categories.
(ii) Improving a completed human activity	The system improves the result of an already completed human activity without replacing the human assessment. Example: an AI identifying errors in finalized human work.
(iii) Detecting decision patterns	The system detects decision-making patterns or deviations after the fact, without replacing or influencing the previously completed human assessment without proper human review.
(iv) Preparatory task	The system provides background information to support a human decision without evaluating the individual case. Example: surfacing relevant legal provisions for an administrator.

The Commission's central message: The four conditions are exhaustive and must be interpreted narrowly. The filter is an exception to a regime that, among other things, protects fundamental rights. The practical consequence: when in doubt, the system qualifies as high-risk.

The three pitfalls the Commission explicitly addresses

The guidelines name three constellations where companies might try to use the filter, and where it doesn't apply.

Profiling kills the filter, always

A system that processes personal data to evaluate characteristics or predict behavior (economic situation, health, reliability, likely actions) cannot use the filter. Regardless of which of the four conditions it otherwise meets. Profiling within the meaning of Art. 4(4) GDPR removes the exemption in every case.

Modular and agentic systems are assessed as one unit

When several AI systems are part of a more complex system, the combined configuration is treated as a single AI system for high-risk classification. Even modules that would individually fall under the filter lose the exemption if the overall configuration influences key aspects of the decision. This closes a design workaround some companies had been building through split architectures.

Human oversight is not an escape from classification

If the intended purpose falls under an Annex III use case, a human reviewer does not, on its own, bring the system outside the high-risk regime. Human oversight is a separate obligation under Art. 14, not a classification loophole. The decisive question is whether the human remains the substantive decision-maker or, in practice, rubber-stamps the AI's output.

What the guidelines mean in practice

Several concrete consequences follow from the guidelines for providers and deployers of AI systems.

The filter is not a free pass. Anyone wanting to filter a system out of high-risk must document the assessment carefully and register in the EU database. Self-assessment shifts responsibility to the provider, it doesn't remove it. If an authority later finds the filter was wrongly used, that's a misclassification with all its consequences.

Recruiting almost always stays high-risk. The guidelines confirm that a recruiting AI can be high-risk even when it merely supports a human recruiter's decision. The filter applies here only in narrow exceptions, such as when the AI exclusively structures CV information to facilitate searches, without evaluating candidates.

Agentic systems come into focus. With the explicit rule that modular and agentic systems are assessed as a unit, the Commission responds to a technical development many companies are only just beginning. Anyone combining multiple AI components into one system should assess the overall configuration, not the individual parts.

The connection to the Digital Omnibus

The guidelines confirm what the Digital Omnibus package had signaled but many organizations hadn't yet absorbed: the application dates for Article 6 have been postponed.

Provision	Originally	After Omnibus
Art. 6(2), Annex III	2 August 2026	2 December 2027
Art. 6(1), Annex I	2 August 2027	2 August 2028
Existing systems	-	Obligations only upon significant design change after 2 August 2026

Important context: The postponed dates only apply once the Digital Omnibus is formally adopted. Until then, the original deadlines remain legally binding. The guidelines themselves are a draft under consultation. Companies should use both as a planning basis, but shouldn't rely on everything becoming final in its current form.

What companies should do now

Even though the guidelines are a draft and the deadlines are shifting, the substantive criteria for high-risk classification are unlikely to change fundamentally in the final version. Companies can therefore already use the guidelines to review their own classification.

1. Review your existing classifications against the four filter conditions. Have you filtered a system out of high-risk? Then compare your reasoning with the guidelines. In particular: does the system process personal data to evaluate characteristics? Then the filter doesn't apply.

2. Assess composite systems as a unit. If you combine multiple AI components, assess the overall configuration, not the modules individually.

3. Document the filter decision cleanly. Using the filter without traceable documentation is vulnerable in an audit. Record which condition you apply, why, and who reviewed the assessment.

4. Participate in the consultation. Until 23 June 2026, stakeholders can provide feedback. Anyone affected by a particular interpretation can have influence here.

Summary

The Commission's draft guidelines of 19 May 2026 are the most important interpretive document on the AI Act since it entered into force. They clarify the two routes to high-risk classification, define the filter mechanism under Article 6(3) with its four narrowly interpreted conditions, and close three loopholes: profiling, modular architectures, and the claim that human oversight alone avoids classification.

For companies, the message is clear: the filter exists, but it's narrow. When in doubt, a system qualifies as high-risk. Anyone using the filter bears the burden of proof and must document carefully. The postponed deadlines from the Digital Omnibus give more time but change nothing about the substantive criteria.

Structured, traceable classification thus becomes more important than ever. It is the core of what authorities will examine when it matters.

Document high-risk classification traceably

SimpleAct guides you through rule-based risk assessment under the EU AI Act, documents every classification in a tamper-proof way, and makes the filter mechanism auditable. All in one place.

Get started for free →

This article is for general information purposes only and does not constitute legal advice. The Commission's guidelines are a draft under public consultation (until 23 June 2026) and not yet final. The deadline postponements planned through the Digital Omnibus have not yet been formally adopted. Last updated: 29 May 2026.

About SimpleAct: SimpleAct is a German compliance platform that helps companies structurally document their AI systems in accordance with the EU AI Act. From registration to risk assessment to exportable audit reports. All in one place.

Learn more →

Commission Clarifies High-Risk Classification: The Filter Mechanism and Its Limits