Brussels Orders Algorithms: EU Commission Specifies High-Risk AI

Contents

The practical implementation of the AI regulation is continuing to take shape. The EU Commission has presented the long-awaited draft of its guidelines for the classification of high-risk AI systems, including comprehensive annexes, as part of a public consultation. The initiative aims to shed more light on the AI Act and ensure uniform application and effective enforcement of Article 6. This forms the foundation for risk classification.

The guidelines are intended as a guide for national market surveillance authorities, which in Germany primarily include the Federal Network Agency. At the same time, they provide developers, providers, and operators of AI technologies with a tool to determine with legal certainty whether their applications fall into the sensitive high-risk category.

The Commission emphasizes: It is about the fundamental yes-or-no question of whether a system is to be classified as high-risk. It does not consider the practical examples listed as an exhaustive list, but rather as a dynamic document.

Flexibility and Focus on Fundamental Rights

The EU Commission reserves the right to continuously update the examples to adapt them to technological development. Further guidelines that regulate the concrete compliance with the requirements and specific obligations for providers and operators, for example regarding the labeling of chatbots and deepfakes, are already in the making. The Commission explains that it has deliberately limited and designed the scope of the high-risk term proportionally. It strictly focuses on systems that pose a significant risk to health and safety or have noticeable negative impacts on citizens' fundamental rights.

The systematic classification is based on two pillars. Article 6 Paragraph 1 covers AI systems that are themselves subject to European harmonization regulations according to Annex I as a product, or are used as a safety component in such a product. The prerequisite for this is that the final product must undergo a mandatory conformity assessment by third parties.

The guidelines provide important regulatory elements and an evaluation methodology for this area. The focus is not on the individual product, but on its occurrence in the existing list of harmonization regulations, which can also be modified in the future.

Smartwatches in the Regulators' Crosshairs

The second pillar concerns Article 6 Paragraph 2. This refers to standalone systems that are designated as risky in Annex III of the AI Act. For illustration, the Commission divides this area into eight overarching categories, including critical infrastructures, education, and biometrics.

An example from the field of emotion recognition is likely to cause discussion in the wearable industry. The draft stipulates that AI systems in smartwatches used to detect feelings, while tracking biometric data such as heart rate, are to be classified as high-risk applications.

To facilitate the transition to the new standards for European industry, the EU is granting companies more time. In the course of the AI Omnibus, the original deadlines were pushed back: the strict obligations for AI systems under Article 6 Paragraph 2 will apply from December 2, 2027, while the grace period for products under Paragraph 1 extends even to August 2, 2028.

Binding Core Requirements

Regarding harmonization, the Commission clarifies that “the classification of an AI system as a high-risk system pursuant to Article 6 Paragraph 2 shall have a uniform effect in all Member States.” The aim is compliance with clear minimum standards, not a ban. The Brussels jurists emphasize that these systems “shall be subject to appropriate requirements to ensure that they function accurately and as intended and that risks to health, safety, and fundamental rights are duly assessed and mitigated.”

The draft also closes loopholes for developers. According to the draft, a provider cannot “simply exempt an AI system from regulation and classify it as 'low-risk'” by “adding a requirement for human intervention.” The exceptions to the filter mechanism enshrined in the law are also not a free pass: “The conditions must be interpreted narrowly.”

(vbr)