TempusLex
← All posts
2026-04-29 · 6 min read

Article 6 explained: what makes an AI system high-risk

Two paths to high-risk classification, one escape route, and the parts of Article 6 that consistently get misread.

Article 6 is the centre of gravity in the AI Act. It says, in essence: *here is when an AI system is high-risk, and here is the one escape route*. Almost every other obligation in the Regulation — Article 9 risk management, Article 10 data governance, Annex IV technical documentation, Article 43 conformity assessment, Article 49 EU database registration — only attaches if you land inside Article 6.

Article 6 has three operative paragraphs. It pays to read them carefully.

Article 6(1): high-risk by product law

Paragraph 1 says an AI system is high-risk when:

  • It is a safety component of a product covered by the EU harmonisation legislation listed in Annex I, or the AI system is itself such a product, and
  • The product is required to undergo a third-party conformity assessment under that same legislation.

The list in Annex I is long: Machinery Regulation, Toy Safety Directive, Recreational Craft Directive, Lifts Directive, ATEX, Radio Equipment Directive, Pressure Equipment Directive, Cableways Regulation, Personal Protective Equipment Regulation, Gas Appliances Regulation, Medical Devices Regulation, In-Vitro Diagnostic Medical Devices Regulation, plus a section B covering automotive, aviation, marine equipment, agricultural and forestry vehicles, and rail.

Practical consequence: if you ship into one of these regulated industries, the AI Act stacks on top of the existing product-safety regime. You don't replace the underlying conformity assessment — you align it with the AI Act's requirements.

Common 6(1) misreads

  • "We're software, not hardware." Software *embedded in* a regulated product is in scope. An AI module inside a CE-marked piece of machinery is a safety component.
  • "Our customer will handle compliance." If you place the AI system on the market under your own name, you are the provider under the AI Act regardless of who installs it.
  • "It's only a recommendation, not a decision." Recital 51 explicitly says systems that *materially influence* product safety can be safety components. The fact that a human approves the output doesn't take you out of 6(1).

Article 6(2): high-risk by sector

Paragraph 2 catches systems that aren't safety components but operate in one of the eight Annex III sectors:

  1. Biometrics (identification, categorisation, emotion recognition)
  2. Critical infrastructure
  3. Education and vocational training
  4. Employment, worker management, access to self-employment
  5. Access to essential private and public services
  6. Law enforcement
  7. Migration, asylum, border control management
  8. Administration of justice and democratic processes

If your system's intended use falls into one of these — whether the technology is an LLM, a classical ML model, or a rules engine — you are in 6(2).

What "intended use" means

Annex III talks about the system's intended purpose as declared by the provider. This is not "what could it theoretically do" — it is "what does the documentation, marketing, and configuration say it's for".

A general-purpose LLM is not, on its own, a 6(2) system. An LLM-based product *positioned as* a CV-screening assistant is — because the provider has declared its intended use to be employment-related (Annex III(4)).

This is why marketing copy matters legally. If your sales deck pitches a use case in Annex III, you have effectively declared the intended purpose.

What about deployers?

Deployers (the people *using* a third-party AI system) inherit a lighter set of obligations under Article 26 — but they can become *providers* under Article 25 if they:

  • Put the system on the market under their own name or trademark, or
  • Make a substantial modification to a high-risk system, or
  • Use a non-high-risk system for a high-risk purpose.

The third one is subtle. If you take a general LLM (not high-risk on its own) and deploy it specifically for credit scoring (Annex III(5)), you become a provider for that deployment.

Article 6(3): the derogation

Paragraph 3 is the only escape from a 6(2) classification. An Annex III system is not considered high-risk if it does not pose a *significant risk of harm* to health, safety, or fundamental rights, including by not materially influencing the outcome of decision-making — and falls into one of these categories:

  • The system performs a narrow procedural task.
  • The system is intended to improve the result of a previously completed human activity.
  • The system detects decision-making patterns without replacing or influencing the previously completed human assessment, with proper human review.
  • The system performs a preparatory task for an assessment relevant to the listed use cases.

Recital 53 gives examples: an AI converting free text to structured data; an AI translating documents; an AI flagging anomalous transactions for human review.

What 6(3) is *not*

A common misread: "we apply 6(3) so we have no obligations". That is not what the paragraph says.

If you rely on the derogation, you must:

  • Document the analysis. The provider has to demonstrate, in writing, why each of the conditions is met for this specific system and intended use.
  • Register the system in the EU database before placing it on the market (Article 49(2)). The same database used for high-risk systems, just with the derogation declared.
  • Keep monitoring. If the system's deployment context changes (e.g. it starts influencing decisions instead of merely flagging), the derogation lapses and the system becomes high-risk.

So 6(3) is "high-risk-light" rather than "out of scope". Treat it as a documentation obligation, not a free pass.

When 6(3) is *automatically unavailable*

The very last sentence of 6(3) says: an AI system that performs profiling of natural persons is *always* considered high-risk under Annex III. No derogation, no exception.

Profiling under Article 4(4) of GDPR is the automated processing of personal data to evaluate certain personal aspects (work performance, economic situation, health, preferences, behaviour, location, movements, …). If your Annex III system profiles natural persons, you are high-risk. Period.

Putting it together

A useful way to walk through Article 6 in your head:

  1. Is the AI a safety component of (or itself) an Annex I/II product requiring third-party CE conformity assessment? → High-risk via 6(1).
  2. Is the intended use in one of the eight Annex III sectors? → tentatively high-risk via 6(2). Continue.
  3. Does the system perform profiling of natural persons? → High-risk, no derogation possible.
  4. Does the system fit one of the four Article 6(3) carve-outs *and* not pose a significant risk? → derogation available; document the analysis and register the system. Otherwise → High-risk via 6(2).

If you want to apply this to your specific system, the [free risk classifier](/quiz) walks you through the tree in about three minutes. The full €299 assessment generates a draft Article 6 analysis in writing, suitable as the starting point for the technical documentation pack.

*Documentation tool, not legal advice.*

Procedural-deadline updates in your inbox

Reforms, landmark rulings, extraordinary stays. No spam, unsubscribe anytime.