Whether the AI scanning you at a border or assessing your mortgage will face the EU’s toughest rules now depends on draft guidelines the European Commission published this week, after two delays. The 170-page document sets out how to classify AI systems as high risk, with practical examples across sectors from biometrics to law enforcement. Stakeholders have until 23 June to respond, but experts warn the timeline is already too tight.
The Commission drew up the long-awaited draft guidelines with input from a public consultation and advice from member states through the AI Board. Though not legally binding, the guidelines will guide enforcement.
Anyone with an interest in AI development, deployment, supervision or use can contribute. This includes providers and developers, public authorities, researchers, and civil society organisations. The consultation runs until 23 June in English only, via the AI Act Single Information Platform. The Commission wants respondents to flag sections needing clarification and to say whether existing examples should stay, go, or be added to. Experts told EU Perspectives the deadline is far too tight and that stakeholders need more time to give meaningful feedback.
Under the AI Act, a limited number of AI systems qualify as high-risk when they endanger health, safety, or fundamental rights.
You might be interested
What counts as high risk
The guidelines cover the purpose and legal context of the rules and the general principles of AI classification. Under Article 6 of the AI Act, there are two statutory routes to high-risk classification. The first covers AI systems used as products or safety components in regulated sectors. These include machinery, toys, radio equipment, medical devices, and automotive and aviation regimes. The second applies to stand-alone systems. These cover areas such as biometrics, critical infrastructure, education, employment, law enforcement, migration, and the administration of justice.
The consultation also addresses human involvement, the intended purpose of a system, and its interaction with national and EU law. The Commission acknowledges that the examples do not cover every possible case and may be updated over time.
Delayed timeline to application
The delay in publishing the guidelines stems from the Commission’s digital omnibus, a package aimed at simplifying tech rules. Parliament and Council reached a provisional agreement on the AI omnibus on 7 May, after difficult negotiations.
The provisional agreement would delay the bulk of the high-risk rules to December 2027 for stand-alone AI systems, and to August 2028 for those used as safety components of a product. The Commission says the extra time will help ensure that technical standards and other support tools are in place before the rules apply.
What matters now is clarity, simplification and a framework that truly enables innovation and business in Europe.
— Cecilia Bonefeld-Dahl, Director General, DIGITALEUROPE
“This is a key moment to deliver on what was agreed in the AI omnibus trilogues: clarifying risk classification so that companies know when their AI is high risk and when extra compliance is needed,” said Cecilia Bonefeld-Dahl, Director General of DIGITALEUROPE. Industry welcomed the guidelines as an important step, she said, but flagged discrepancies with the omnibus agreement, particularly around the definition of safety components and changes to risk categorisation under Article 6(1). The agreed, revised AI Act should serve as the reference, Ms Bonefeld-Dahl said. “What matters now is clarity, simplification and a framework that truly enables innovation and business in Europe,” she added.
