- Contact The DPO Centre
- +44 (0)203 797 1289
- hello@dpocentre.com
EU AI Act delay: New high-risk AI deadlines provisionally agreed
May 7, 2026
On 19 May 2026, the European CommissionOne of the core institutions of the European Union, responsible for lawmaking, policymaking and monitoring compliance with EU law. published draft guidelines on the classification of high-risk AI systems under Article 6 of the EU AI Act, and opened a targeted stakeholderAn individual with an interest or concern in something (i.e. a Social Worker, Healthcare Professional, Headteacher etc. in respect of the welfare of a child). consultation.
The guidelines do not change the high-risk classification rules. Instead, they explain how Article 6 should be applied in practice and include examples to help organisations assess whether an AI system falls within the Act’s high-risk category.
The guidance comes as EU institutions consider proposed timeline delays to some high-risk AI obligations under the Digital Omnibus on AI. Under the current AI ActThe EU Artificial Intelligence Act was approved by the EU Council on 21 March 2024. A world-first comprehensive AI law, intended to harmonise rules for the development, deployment, and use of artificial intelligence systems across the EU. timetable, many high-risk AI rules are due to apply from 2 August 2026. The proposed changes would move that deadline to:
- 2 December 2027 for stand-alone high-risk AI systems
- 2 August 2028 for high-risk systems built into regulated products, such as medical devices, machinery, toys, and lifts
Formal confirmation of the proposed delay is expected before the current 2 August 2026 deadline.
What does Article 6 of the EU AI Act cover?
Article 6 sets out two main ways an AI system can be classified as high risk:
- If the system is used as part of a regulated product or is a regulated product itself. This applies where the product is covered by EU product safety rules and must go through a third-party conformity assessment. This may be relevant for products such as medical devices, machinery, toys, lifts or other regulated equipment.
- If the system falls into one of the use cases listed under the areas in Annex III AI Act. This includes areas where AI could have a significant impact on people’s rights, safety or access to important opportunities and services, including AI used in recruitment, education, access to essential services, law enforcement, migration and certain biometric systems.
What this means for organisations
Organisations using or developing AI should refer to the draft guidance to review systems and check whether any may be classified as high-risk under the AI Act.
This is particularly important for organisations using AI in regulated products, employment, education, financial services, healthcare, public services, or any areas where AI decisions may affect individuals’ rights or access to services.
David Smith, DPO and AI Sector lead at The DPO Centre, said:
‘High-risk classification under the EU AI Act is a complex area of law, and organisations should not assume the answer will always be obvious. The draft guidelines provide a helpful framework with practical examples, but each AI system still needs to be assessed carefully in context.
‘Even if the proposed compliance timeline is delayed, organisations should use this time to map where AI is being used and identify systems that may fall within Article 6, documenting their reasoning behind their classification decisions. Businesses that wait for final deadlines before acting risk leaving themselves without the evidence, governance, and oversight they will need.’
For more details on the EU AI Act’s high-risk categories, read our blog, What is ‘high-risk’ activity?
For fortnightly updates on the latest data protection and AI governance news, subscribe to our DPIA newsletter.