A Look at the Annex 1 and 3 EU AI Act Guidelines on High-Risk Systems

On 19 May 2026, the Commission published draft guidelines on the classification of high-risk AI systems. In our previous blog we provided an overview of what the guidelines encompass. In this blog, we examine the key takeaways from the draft Annex 1 and Annex 3 guidelines, which are designed to give providers and deployers clarification and practical examples on the types of AI systems which will be classified as high-risk.

Annex 1 High-Risk Systems

Annex 1 high-risk systems are AI systems which are intended to be used as a “safety component” of a product, or for an AI system which are themselves products, covered by specified EU product safety legislation. This legislation spans a range of sectors including toys, lifts, medical devices and vehicles. Acknowledging the diverse range of AI systems covered, the guidelines set out the main elements of an Annex 1 assessment rather than an exhaustive list of all AI systems that may be classified under it. The guidance also specifies that we may see more detailed sector specific guidance in the future which could provide further clarification involving sector-specific use cases.

Though this section is largely repetitive of the relevant provisions of the EU AI Act (the ‘Act’), it does provide additional guidance on some points, including:

-       Further guidance on what constitutes a “safety component”: The AI Omnibus changes are set to narrow down what qualifies as a “safety component” (see our blog) and so it is helpful to see the guidelines providing significant detail around this. They confirm that an AI system qualifies as a safety component either because: (i) it fulfils a "safety function" (i.e., this focuses on an AI system’s intended purpose which must be to prevent or mitigate safety risks) – such as an AI system in a train that is intended to monitor speed limits and prevent collisions and derailments; or (ii) its failure or malfunctioning would endanger people or property (this is focused on the consequences of an AI system) – such as an AI system for lane assistance in cars, even if the purpose is enhancement of the user experience.  Functions related to performance optimisation, convenience, or quality control of non-safety-related aspects do not constitute safety functions. However, an AI system designed purely for efficiency or other purposes may still qualify if its failure could create a safety hazard. For example, an AI system optimising combustion efficiency in gas appliances could be a safety component if malfunction could cause carbon monoxide formation or fire.

-       Two cumulative conditions: As readers will know, an AI system will only be classified as high-risk under Annex 1 if, in addition to meeting the safety component, or product itself, requirement described above, the product is also required by the relevant legislation to undergo a third party conformity assessment. The guidelines provide certain clarifications on that requirement (particularly where the relevant product safety legislation only mandates internal controls) but also affirms the reason for this requirement within the Act, namely that the requirement for such assessment is used by the Act as a proxy for identifying risky use cases – put another way, the conformity assessment indicates that the product’s potential impact on public interests is sufficiently significant that it requires enhanced regulatory scrutiny before it is put on the market.

-       Most smart home devices will not be high-risk: In what may be a welcome clarification for consumer technology providers, the guidelines confirm that most, but not all, AI systems in consumer "smart" home appliances, such as AI systems in refrigerators and televisions, will fall outside the definition of a safety component. Their intended purpose is to ensure comfort, convenience, or optimisation, and a failure or malfunction is unlikely to endanger health and safety.

Annex 3 High-Risk Systems

Annex 3 high-risk systems are broken down into eight areas: (1) biometrics; (2) critical infrastructure; (3) education; (4) employment; (5) essential public and private services; (6) law enforcement; (7) migration; and (8) administration of justice. The guidelines provide specific guidance and practical examples for each of the areas, as well as discussing some broader points which apply across the piece.

General points which apply across Annex 3:

The draft guidance goes into granular detail on each type of high-risk system with practical examples of what is, and is not, in scope.  Most of this guidance is highly use case-specific and will not be relevant to many private businesses and organisations. For example, almost half of the guidance relates to biometrics, critical infrastructure (i.e. AI systems intended to be used as safety components in the management and operation of critical digital infrastructure, road traffic and the supply of water, gas, heating and electricity), law enforcement and migration.

However, the following points of wider application are worth noting:

-       Impact of human involvement: The guidance emphasises that the classification of an AI system as high-risk under Annex 3 depends solely on its intended purpose. Human involvement cannot change the purpose, and therefore has no effect on the high-risk classification. Rather, human oversight is a requirement that applies to high-risk systems, after classification.

-       Multiple AI systems forming part of a more complex AI system: In the scenario where several AI systems form part of a more complex AI system, the guidance explains that the combined AI system is treated as a single AI system for the purpose of high-risk classification and application of exceptions. This is to prevent any circumvention of the high-risk rules by strategic system design and captures interconnected setups, like agentic AI systems, provided that any linked actions of such a system serve, in conjunction, an intended high-risk purpose.

-       The Article 6(3) filter exception: The Act (Article 6(3)) allows providers to exempt systems from the high-risk classification under Annex 3 if they do not pose a significant risk of harm because the system is only intended to: (a) perform a narrow procedural task; (b) improve the result of a previously completed human activity; (c) detect decision-making patterns without replacing human assessment; or (d) perform a preparatory task. The guidelines provide detailed guidance and examples on this ‘filter’ exception. For example, they explain that for an AI system to be considering “improving” a previously completed human activity, it must be limited to refining or enhancing the outcome of a human completed activity (rather than suggesting a substantially different outcome). The guidelines also act as a reminder that the Act does not allow these exemptions to apply if the Annex 3 AI system profiles people.

The use of AI in employment

One important area of “High Risk” AI is employment, because many organisations are already using AI both in their recruitment processes or in workplace management (such as AI systems used to make decisions about employees’ pay or responsibilities).  Here the guidance provides practical examples of the types of systems which are, and are not, high-risk:

-       Examples of systems that are high-risk include: (i) AI systems for candidate sourcing across online platforms that identify and shortlist candidates; (ii) AI systems placing targeted job advertisements to specific users based on analysed characteristics e.g. on social media; (iii) AI systems performing background checks that produce composite risk scores for job applicants; and (iv) AI systems used by platforms to dynamically set pay determination (such as in a ride-hailing context).

-       Examples of systems that are not high-risk include: (i) AI systems used exclusively to identify non-inclusive or discriminatory wording in job ad descriptions; (ii) AI systems used for assisting candidates in finding the best available position; (iii) AI systems that assist candidates in tailoring their own CVs, since these are initiated by the candidate outside the employer's control; and (iv) AI systems used to optimise desk allocation, since they do not allocate tasks, determine promotions or affect employment rights.

Organisations using AI systems for procedural tasks in recruitment will be aware from the Act that AI systems which have a limited function and which are intended to perform narrow procedural tasks can benefit from the filtering exception mentioned above. This is emphasised in the guidance and examples include AI systems for recognising and organising information in received CVs into searchable databases and AI systems used solely for scheduling interviews.

Looking Ahead

While these guidelines are brought to life with a wide range of helpful practical examples and use cases for organisations in certain sectors, others may be disappointed by a lack of clarity and lack of examples covering their specific AI use case. Additionally, the lengthy explanations provided by the guidance in some instances, such as on the application of the Article 6(3) filter exemption, are still lacking clarity on how principles such as that filter exemption will be applied in practice. There is, however, still an opportunity to provide feedback as the consultation is open until 23 June 2026.

Timing wise, there is no formal timeline for the adoption of the guidelines. However, the plan is for them to be agreed before the respective high-risk rules take effect –  which look set to be pushed out by the omnibus to 2 December 2027 for Annex 3 high-risk and 2 August for 2028 for Annex 1, subject to grand-fathering for certain systems already on the market (see our blog). In the meantime, providers and deployers may want to start assessing their AI systems against the classification criteria and examples detailed in the guidance, noting it may still change. Finally, organisations should bear in mind that the guidance solely deals with classification of AI systems and does not help with the difficult questions of compliance with the Act.