European Commission Releases Draft High-Risk AI Guidelines After Delays
The European Commission has finally released draft guidelines for identifying high-risk AI systems under the EU AI Act, following significant delays. These guidelines aim to provide clarity for providers and deployers on classifying AI systems and include examples across various use cases. A public consultation period is now open for feedback on the draft.
Navigating High-Risk AI Classification
The European Commission has published long-awaited draft guidelines to assist organizations in determining whether an AI system falls into the 'high-risk' category under the EU AI Act. This guidance is crucial for internal audit and assurance professionals, as it directly impacts compliance requirements and risk assessments for AI deployments. The three-phased guide outlines general principles for classification and details the approach for the two main high-risk categories: AI systems related to product safety (Article 6(1) and Annex I) and those deployed in specific sensitive areas such as biometrics, education, employment, and law enforcement (Article 6(2) and Annex III).
Implications for Assurance Professionals
For internal auditors, these guidelines provide a foundational framework for evaluating AI systems within their organizations. Understanding the classification criteria is paramount for:
- Risk Assessment: Identifying AI systems that pose significant risks and require more stringent controls and oversight.
- Compliance Audits: Ensuring that AI systems are correctly classified and that the corresponding high-risk requirements of the EU AI Act are being met.
- Governance Frameworks: Developing robust AI governance structures that incorporate the principles and requirements for high-risk AI.
- Stakeholder Communication: Advising management and boards on the regulatory landscape and potential liabilities associated with AI deployment.
The Road Ahead: Delays and Future Clarity
The release of these draft guidelines comes after considerable delays, highlighting the complexity and stakeholder input involved in shaping AI regulation. The initial deadline for these guidelines was February 2026, with high-risk provisions of the AI Act originally set to take effect in August 2026. However, due to the lack of guidance, compliance deadlines for high-risk rules have been pushed back to December 2027 for stand-alone systems and August 2028 for embedded systems. This extended timeline offers organizations a critical window to thoroughly review the draft guidelines, provide feedback during the public consultation period (open until June 23), and prepare for the eventual implementation of these stringent regulations. Assurance professionals should actively engage with these developments to ensure their organizations are well-prepared for the evolving AI regulatory environment.
Read more