All insights
3 min read

Is Your AI System High-Risk? The Answer Is Rarely Obvious

Two years after the EU AI Act passed, companies still struggle with the most critical question: which systems are actually high-risk? The official guidelines reveal why the exemptions are narrower than most assume.

The European Commission has a draft set of guidelines out for how to decide whether an AI system counts as high-risk, with the consultation open until late June. Sit with that for a second. Two years after the Act passed, the single question that needed the most official clarification is not what high-risk systems have to do. It is which systems are high-risk in the first place. That is where the real difficulty lives, and most companies underestimate it badly.

The structure looks simple. The Act names eight areas where AI is treated as high-risk: hiring and worker management, credit and access to essential services, biometrics, critical infrastructure, education, law enforcement, migration, and the administration of justice. If your system operates in one of those areas, the starting assumption is that it is high-risk and carries the full weight of obligations, from risk management and data governance to documentation and human oversight.

Then there is the escape hatch, and it is where companies get into trouble. Article 6(3) says a system in one of those areas is not high-risk if it does not pose a significant risk, as long as it only does something narrow: a procedural task, an improvement to work a human already finished, a preparatory step, or pattern detection that does not replace a person's judgment. Read fast, that sounds like a wide door. It is not.

The moment a system materially influences a decision about a person, the exemption is gone. And there is a line that overrides everything else: if the system profiles people, it is high-risk, no matter how procedural it looks. The draft guidelines spell this out with a sharp example, that a tool which ranks or scores inputs as more or less useful has already stepped out of "procedural" and into scope. The systems companies most want to exempt tend to be exactly these, the ones that shape a decision while a human nominally signs off at the end.

The part that surprises people most is the timing. You cannot claim the exemption after the fact. If you decide a system qualifies, the Act requires you to document that reasoning before the system goes to market, and to register it. You cannot reverse into the justification once a regulator asks. The classification call is not paperwork you can defer to the build phase. It is a decision you make, and defend in writing, at the start.

It gets harder with the way systems are actually built now. Teams assemble AI from modular parts and chain them into agents, and the instinct is that if you split a system into small enough pieces, each piece might slip under the bar on its own. The guidelines shut that down. Combined systems are judged as a whole. If the assembled thing influences a decision the Act covers, it is high-risk, and the clever architecture does not save you.

One more catches people regularly. There is no internal-use exemption. A recruitment or performance-evaluation tool you built in-house for your own staff is classified the same as one you bought or one you sell. If it lands in the employment category, it is high-risk whether or not it ever leaves your building.

None of this is cause to panic, and it is not a reason to assume the worst about every system you run. It is a reason to treat classification as a judgment call rather than a checkbox. The companies that handle it well look at each system honestly, decide whether it shapes a decision about a person, write down why, and keep that reasoning current as the system changes. Get that right and the rest of the Act becomes a manageable build. Get it wrong, in either direction, and you have either signed up for obligations you never needed or skipped ones you were always going to owe. The judgment is the work.

All insights

For consulting inquiries

Get in touch