EU AI Act High-Risk Classification Guidelines May 2026: Draft Analysis for Developers

Post #1 in the sota.io EU AI Act High-Risk Classification Guidelines 2026 Series

On 19 May 2026, the European Commission published a long-awaited draft of its guidelines on how to determine whether an AI system qualifies as "high-risk" under Article 6 and Annex III of the EU AI Act. The public consultation closes on 23 June 2026 — meaning you have 27 days to shape the final text.

For developers and product teams, this document is arguably more operationally important than the original Regulation text: it provides the first official interpretive guidance on dozens of classification questions that have remained ambiguous since the Act entered into force.

This post breaks down the draft's key provisions, explains what changed relative to the original Regulation, and gives you a concrete action plan for the remaining 67 days before the 2 August 2026 enforcement date for GPAI and Art.50 obligations — plus the now-extended December 2027 date for most Annex III high-risk systems.

Context: Why These Guidelines Matter Now

The EU AI Act established a two-track high-risk classification system:

• Art.6(1): An AI system is automatically high-risk if it is a safety component of a product covered by Annex I legislation (medical devices, machinery, vehicles, civil aviation, etc.) and that product requires a third-party conformity assessment.
• Art.6(2): An AI system is high-risk if it falls within one of the eight use-case categories listed in Annex III (biometric ID, critical infrastructure, education, employment, essential services, law enforcement, migration, administration of justice).

But Art.6(2) came with an important caveat: the Commission could publish guidelines clarifying when an Annex III AI system is not high-risk because it poses no significant risk to health, safety, or fundamental rights. Until now, that safe-harbor clause had no official implementation guidance.

The May 2026 draft fills that gap. It also incorporates the May 2026 Digital Omnibus changes — including the extended enforcement timelines and the new SME threshold raised to 750 employees / €150 million turnover.

The Three-Step Classification Test Under the Draft Guidelines

The draft codifies a three-step sequential analysis that replaces ad-hoc self-assessment:

Step 1 — Annex I Safety Component Check

Does your AI system function as a safety component of a product covered by one of the Annex I sector regulations?

Covered Annex I regulations include:

• Regulation (EU) 2017/745 (Medical Devices — MDR)
• Regulation (EU) 2017/746 (In Vitro Diagnostic Devices — IVDR)
• Directive 2006/42/EC (Machinery)
• Regulation (EU) 2018/858 (Motor Vehicles)
• Regulation (EU) 2018/1139 (Civil Aviation)
• And 13 other sector-specific instruments listed in Annex I

Draft clarification: "Safety component" is defined to include AI systems whose malfunction or failure could reasonably lead to physical harm or property damage — not just systems designed exclusively for safety purposes. This is broader than many vendors assumed.

Key new guidance from the draft:

• A recommendation engine embedded in a CE-marked medical device is likely a safety component under MDR even if not labeled as a diagnostic tool.
• An AI-based maintenance prediction module in industrial machinery is a safety component if machinery failure could injure operators.
• A fraud-detection model in a banking app is not an Annex I safety component (banking is not in Annex I — only specific regulated financial infrastructure is).

If Step 1 = YES → high-risk, proceed to conformity assessment. No further steps needed.

If Step 1 = NO → proceed to Step 2.

Step 2 — Annex III Use Case Scope

Does your AI system fall within one of the eight Annex III use-case categories?

The draft provides the most detailed definitional guidance to date for each category. Key new clarifications:

Annex III Point 1 — Biometric: The draft confirms that biometric categorisation (inferring race, political opinion, religion, health status, sexual orientation, or trade union membership from biometric data) is high-risk regardless of whether the inference is the primary or auxiliary purpose of the system. A marketing tool that uses facial analysis to infer likely demographic segments falls in scope.

Annex III Point 2 — Critical Infrastructure: The draft introduces a criticality threshold: an AI system is in scope if a failure or significant degradation of its outputs would likely cause disruption to services affecting more than 100,000 people, or cause material harm to a critical infrastructure operator as defined in the CER Directive (Directive 2022/2557). Cloud availability management tools for large-scale EU infrastructure operators may now be explicitly in scope.

Annex III Point 4 — Employment and Workers Management: The draft confirms that recruitment screening AI (CV shortlisting, interview scoring, psychometric testing) and worker monitoring AI (productivity scoring, performance management, gig platform dispatch algorithms) are high-risk. The question of whether an internal HR chatbot is in scope is resolved: it is not high-risk if it serves informational purposes only and does not participate in hiring or performance decisions.

Annex III Point 5 — Essential Private Services: Credit scoring, insurance underwriting, and benefits eligibility decisions remain high-risk. The draft adds explicit guidance that AI-assisted customer segmentation for marketing purposes is not in scope — even if the segmentation model uses creditworthiness-adjacent signals — provided no credit, insurance, or benefits access decision is made based on the output.

Annex III Point 6 — Law Enforcement: The draft clarifies that real-time facial recognition by private security firms in publicly accessible spaces is in scope, not just law enforcement agencies. This has significant implications for retail analytics and stadium surveillance vendors.

Step 3 — The Significant-Risk Exception Safe Harbor

This is the most commercially significant new provision in the draft. Under Art.6(2) of the Regulation, an Annex III AI system can be classified as not high-risk if it poses no significant risk to health, safety, or fundamental rights of natural persons, considering:

(a) The degree of human oversight over the AI output
(b) The reversibility and severity of potential harm
(c) The population affected and their vulnerability
(d) The extent to which the AI output is determinative vs. merely advisory

The May 2026 draft introduces a four-factor scoring matrix to operationalize this exception:

Safe harbor confirmed (draft examples):

• An AI tool that surfaces candidate profiles for recruiter review, where the recruiter makes all shortlisting decisions, scoring ≥3 on the low-risk indicators → may qualify for the exception.
• An automated video interview emotion-scoring tool where scores directly feed into an applicant ranking → does not qualify (but note: emotion scoring in employment contexts is now also separately prohibited under new Art.5(1)(j) from the Omnibus).

Safe harbor denied by default (draft examples):

• Any AI system whose output triggers automatic loan rejection without human review.
• Any system that scores job applicants on a scale that the employer then uses as a gate for proceeding to the next stage.

Omnibus Timeline Integration

The draft guidelines incorporate the EU AI Act Digital Omnibus deal from 7 May 2026. The impact on high-risk AI classification and compliance:

Revised enforcement timeline (as of May 2026 Omnibus deal):

Critical developer implication: If your AI system is high-risk under Annex III Points 4 or 5 (employment, education, credit scoring, essential services), you now have until December 2027 to achieve full conformity assessment, QMS implementation, and technical documentation. This does not mean you can ignore compliance — it means you have more runway to do it properly.

New SME threshold: Companies with fewer than 750 employees AND annual turnover below €150 million now qualify for the SME-tier simplified obligations (previously: 250 employees / €50 million). This affects an estimated 12,000 additional European software companies.

What to Do Before 23 June 2026 (Consultation Deadline)

The 23 June consultation deadline matters for developers in two ways:

1. Shape the final guidelines: The Commission will review feedback and publish final guidelines later in 2026. If the draft's definitions create compliance uncertainty for your product category, submitting a consultation response is the most direct way to influence the text. The AI Office provides a standardized form at [ai-act-consultation@ec.europa.eu] for written submissions.

2. Use the draft as an interim safe harbor: The draft explicitly states that providers who have documented their classification analysis in accordance with the draft guidelines will be considered to have acted in good faith for enforcement purposes — even if the final guidelines diverge from the draft.

Recommended actions:

1. Complete a documented Step 1–3 analysis for every AI system in your product portfolio.
2. Record the analysis in a signed classification decision document (the draft recommends a one-page format, mirroring ISO/IEC 42001 Annex B.6).
3. Identify all systems provisionally qualifying for the Step 3 safe harbor — these need documented four-factor scoring.
4. Map your Annex III footprint to the revised enforcement timeline, prioritizing August 2026 for GPAI/Art.50 and December 2027 for Annex III high-risk.

Python Implementation: High-Risk Classification Checker

from enum import Enum
from dataclasses import dataclass
from typing import Optional


class AnnexIIIPoint(Enum):
    BIOMETRIC = 1
    CRITICAL_INFRASTRUCTURE = 2
    EDUCATION = 3
    EMPLOYMENT = 4
    ESSENTIAL_SERVICES = 5
    LAW_ENFORCEMENT = 6
    MIGRATION = 7
    ADMINISTRATION_OF_JUSTICE = 8


class ClassificationResult(Enum):
    HIGH_RISK_ANNEX_I = "high_risk_annex_i"
    HIGH_RISK_ANNEX_III = "high_risk_annex_iii"
    NOT_HIGH_RISK_SAFE_HARBOR = "not_high_risk_safe_harbor"
    NOT_IN_SCOPE = "not_in_scope"
    NEEDS_FURTHER_ANALYSIS = "needs_further_analysis"


@dataclass
class SignificantRiskFactors:
    """Four-factor matrix from May 2026 draft guidelines."""
    human_oversight_before_consequence: bool  # True = human reviews before binding decision
    harm_reversible_within_30_days: bool
    affects_fewer_than_50_individuals: bool
    output_is_advisory_not_determinative: bool

    @property
    def low_risk_score(self) -> int:
        return sum([
            self.human_oversight_before_consequence,
            self.harm_reversible_within_30_days,
            self.affects_fewer_than_50_individuals,
            self.output_is_advisory_not_determinative,
        ])

    @property
    def qualifies_for_safe_harbor(self) -> bool:
        """Threshold per May 2026 draft: at least 3 of 4 low-risk factors."""
        return self.low_risk_score >= 3


@dataclass
class AISystemClassification:
    system_name: str
    is_annex_i_safety_component: bool
    annex_iii_use_cases: list[AnnexIIIPoint]
    significant_risk_factors: Optional[SignificantRiskFactors]
    classification: ClassificationResult
    enforcement_deadline: str
    notes: str


def classify_ai_system(
    system_name: str,
    is_annex_i_safety_component: bool,
    annex_iii_use_cases: list[AnnexIIIPoint],
    significant_risk_factors: Optional[SignificantRiskFactors] = None,
) -> AISystemClassification:
    """
    Three-step classification per EU AI Act High-Risk Guidelines Draft (May 2026).
    """
    # Step 1: Annex I safety component
    if is_annex_i_safety_component:
        return AISystemClassification(
            system_name=system_name,
            is_annex_i_safety_component=True,
            annex_iii_use_cases=annex_iii_use_cases,
            significant_risk_factors=None,
            classification=ClassificationResult.HIGH_RISK_ANNEX_I,
            enforcement_deadline="2028-08-02",  # Annex I track extended deadline
            notes="Art.6(1) — Annex I safety component. Full conformity assessment required."
        )

    # Step 2: Annex III use cases
    if not annex_iii_use_cases:
        return AISystemClassification(
            system_name=system_name,
            is_annex_i_safety_component=False,
            annex_iii_use_cases=[],
            significant_risk_factors=None,
            classification=ClassificationResult.NOT_IN_SCOPE,
            enforcement_deadline="N/A",
            notes="No Annex I or Annex III scope identified. Limited-risk or minimal-risk regime may apply."
        )

    # Step 3: Significant-risk safe harbor
    if significant_risk_factors is None:
        return AISystemClassification(
            system_name=system_name,
            is_annex_i_safety_component=False,
            annex_iii_use_cases=annex_iii_use_cases,
            significant_risk_factors=None,
            classification=ClassificationResult.NEEDS_FURTHER_ANALYSIS,
            enforcement_deadline="2027-12-01",  # Annex III Omnibus extended
            notes="Annex III use case identified. Complete four-factor risk assessment to determine safe-harbor eligibility."
        )

    if significant_risk_factors.qualifies_for_safe_harbor:
        return AISystemClassification(
            system_name=system_name,
            is_annex_i_safety_component=False,
            annex_iii_use_cases=annex_iii_use_cases,
            significant_risk_factors=significant_risk_factors,
            classification=ClassificationResult.NOT_HIGH_RISK_SAFE_HARBOR,
            enforcement_deadline="N/A",
            notes=(
                f"Safe harbor applies under Art.6(2) exception. "
                f"Low-risk score: {significant_risk_factors.low_risk_score}/4. "
                "Document this analysis for good-faith enforcement defense."
            )
        )

    # Annex III, no safe harbor
    annex_iii_points = [p.value for p in annex_iii_use_cases]
    high_risk_annex_iii_pts = [4, 5, 3]  # Employment, Essential Services, Education — Dec 2027
    is_dec_2027_track = any(p in high_risk_annex_iii_pts for p in annex_iii_points)

    return AISystemClassification(
        system_name=system_name,
        is_annex_i_safety_component=False,
        annex_iii_use_cases=annex_iii_use_cases,
        significant_risk_factors=significant_risk_factors,
        classification=ClassificationResult.HIGH_RISK_ANNEX_III,
        enforcement_deadline="2027-12-01" if is_dec_2027_track else "2026-08-02",
        notes=(
            f"High-risk under Annex III point(s) {annex_iii_points}. "
            f"Enforcement: {'December 2027 (Omnibus extension)' if is_dec_2027_track else '2 August 2026'}. "
            "QMS, technical documentation, conformity assessment required."
        )
    )


# --- Example usage ---

if __name__ == "__main__":
    # CV screening tool used by HR teams
    cv_screener = classify_ai_system(
        system_name="CV Shortlisting AI",
        is_annex_i_safety_component=False,
        annex_iii_use_cases=[AnnexIIIPoint.EMPLOYMENT],
        significant_risk_factors=SignificantRiskFactors(
            human_oversight_before_consequence=False,  # AI generates ranked list fed to hiring manager
            harm_reversible_within_30_days=True,
            affects_fewer_than_50_individuals=False,  # Large recruitment volumes
            output_is_advisory_not_determinative=True,
        )
    )
    print(f"{cv_screener.system_name}: {cv_screener.classification.value}")
    print(f"Deadline: {cv_screener.enforcement_deadline}")
    print(f"Notes: {cv_screener.notes}")
    # → HIGH_RISK_ANNEX_III, December 2027, QMS + technical docs required

    # Internal HR information chatbot
    hr_chatbot = classify_ai_system(
        system_name="HR Policy Chatbot",
        is_annex_i_safety_component=False,
        annex_iii_use_cases=[AnnexIIIPoint.EMPLOYMENT],
        significant_risk_factors=SignificantRiskFactors(
            human_oversight_before_consequence=True,
            harm_reversible_within_30_days=True,
            affects_fewer_than_50_individuals=True,
            output_is_advisory_not_determinative=True,
        )
    )
    print(f"\n{hr_chatbot.system_name}: {hr_chatbot.classification.value}")
    print(f"Notes: {hr_chatbot.notes}")
    # → NOT_HIGH_RISK_SAFE_HARBOR

25-Item EU AI Act High-Risk Classification Checklist (May 2026 Draft)

Use this checklist to document your classification analysis in a format consistent with the Commission's May 2026 draft.

Part A — Annex I Scoping (Steps 1–3)

• 1. Listed every AI system in your product portfolio by name and version
• 2. Identified all sector regulations applicable to each product (MDR, Machinery, etc.)
• 3. Determined whether each AI component functions as a safety component under those regulations
• 4. Applied the draft's "reasonable safety contribution" test — not just explicit safety labeling
• 5. Documented Annex I analysis outcome for each system (in scope / out of scope)

Part B — Annex III Scoping

• 6. Mapped each AI system to the eight Annex III use-case categories
• 7. Applied the draft's expanded "biometric categorisation" test (includes demographic inference)
• 8. Applied the draft's criticality threshold for Annex III Point 2 (100,000 affected persons)
• 9. Assessed Annex III Point 4 employment scope — CV shortlisting, worker monitoring, dispatch
• 10. Assessed Annex III Point 5 essential services scope — credit, insurance, benefits
• 11. Confirmed Annex III Point 6 law enforcement scope — includes private security in public spaces
• 12. Documented Annex III analysis outcome for each system

Part C — Significant-Risk Safe Harbor Assessment

• 13. For each Annex III-scoped system, conducted four-factor scoring from the draft matrix
• 14. Documented human oversight process (who reviews, at what stage, before which decisions)
• 15. Documented harm reversibility — corrective timeframe and required intervention type
• 16. Estimated maximum simultaneous affected individual count
• 17. Documented whether AI output is determinative or advisory
• 18. Recorded the four-factor score (0–4) and safe-harbor determination
• 19. Filed a signed, dated classification decision document for each AI system

Part D — Compliance Roadmap

• 20. Confirmed GPAI + Art.50 scope (separate from Annex III) — deadline 2 August 2026
• 21. For Annex III high-risk systems: started QMS implementation under Art.17
• 22. For Annex III high-risk systems: initiated technical documentation under Art.11 + Annex IV
• 23. For Annex III high-risk systems: planned conformity assessment path (self-assessment or notified body)
• 24. Confirmed SME tier eligibility (< 750 employees AND < €150M revenue per Omnibus 2026)
• 25. Scheduled submission to the public consultation by 23 June 2026 if you have classification boundary questions

How EU-Native Infrastructure Reduces Classification Risk

One underappreciated dynamic in the draft guidelines: CLOUD Act exposure creates a documentation jurisdiction problem for high-risk AI systems.

Under Art.17 (QMS) and Art.18 (documentation retention), high-risk AI providers must retain technical documentation and QMS records for 10 years post-market. If those records are stored on US-origin cloud infrastructure (AWS, Azure, GCP), the CLOUD Act allows US law enforcement to compel disclosure of those records without EU legal process — even under a German or French customer contract.

For AI systems used in healthcare, law enforcement, or employment contexts (where the data is frequently sensitive personal data), this creates a dual exposure:

1. GDPR Art.44 — transfers of personal data outside the EU without adequate safeguards
2. EU AI Act Art.18 — documentation records subject to compelled extra-jurisdictional access

EU-native PaaS infrastructure — running on providers like Hetzner, Scaleway, OVHcloud, or IONOS — eliminates both exposures. None of these providers are subject to CLOUD Act jurisdiction. Technical documentation stored on EU-sovereign infrastructure is accessible only via EU legal process.

For high-risk AI providers designing their compliance architecture, the infrastructure decision is not an afterthought — it is part of the conformity assessment evidence package.

What's Next in This Series

This post is the first in our five-part EU AI Act High-Risk Classification Guidelines 2026 series:

• Post 1 (this post): Draft overview — three-step test, safe harbor, Omnibus timeline
• Post 2: The Art.6(2) significant-risk exception — safe harbor in practice for SaaS products
• Post 3: Employment & HR AI — classification boundary analysis under the new guidelines
• Post 4: Healthcare & critical infrastructure — new bright lines from the May 2026 draft
• Post 5: How to respond to the consultation — and what the final guidelines will likely say

The consultation closes 23 June 2026. Use the Python classifier above to document your analysis before then.

This series is based on the Commission's draft guidelines published 19 May 2026 and the EU AI Act Digital Omnibus deal from 7 May 2026. Final guidelines may differ from the draft. sota.io is a fully EU-sovereign managed PaaS — no CLOUD Act exposure for your compliance documentation.