Most of the regulatory weight, and most of the compliance burden, falls on high-risk AI systems.<\/p>\n\n\n\n
What counts as high-risk<\/h3>\n\n\n\n
An AI system is classified as high-risk if it falls under Annex III of the Act [5], which covers:<\/p>\n\n\n\n
- \n
- Employment<\/strong>: recruitment screening, CV parsing, promotion decisions, worker monitoring<\/li>\n\n\n\n
- Education<\/strong>: admissions decisions, exam scoring, monitoring student behaviour during tests<\/li>\n\n\n\n
- Essential services<\/strong>: creditworthiness assessment, insurance eligibility, emergency services
dispatch<\/li>\n\n\n\n- Biometrics<\/strong>: facial recognition, emotion recognition, biometric categorisation<\/li>\n\n\n\n
- Critical infrastructure<\/strong>: AI managing energy, water, transport, or digital systems<\/li>\n\n\n\n
- Law enforcement<\/strong>: risk assessment of individuals, crime analytics, evidence evaluation<\/li>\n\n\n\n
- Migration and border control<\/strong>: automated visa processing, asylum application assessment<\/li>\n\n\n\n
- Justice and democratic processes<\/strong>: AI used to assist court rulings<\/li>\n<\/ul>\n\n\n\n
A separate high-risk category under Annex I covers AI systems embedded as safety components in
regulated products, such as medical devices, machinery, vehicles, and aviation equipment. This category
has its own compliance timeline [1].<\/p>\n\n\n\nThe classification problem<\/h3>\n\n\n\n
In theory, the categories above should make it straightforward to determine whether an AI system is
high-risk. In practice, it is not.<\/p>\n\n\n\nA study by appliedAI examining 106 real enterprise AI systems found that only 18% could be clearly
classified as high-risk and 42% as low-risk, while 40% could not be clearly classified at all. The unclear
cases were concentrated in critical infrastructure, employment, law enforcement, and product safety
[28]. This means the actual proportion of high-risk systems could range from 18% to 58% depending on
interpretation. The European Commission originally estimated 5-15% of AI systems would be high-risk
[28]; the reality appears to be significantly more complex.<\/p>\n\n\n\n![\"\"](\"https:\/\/braynex.ai\/wp-content\/uploads\/2026\/03\/appliedAI-study-results-1024x565.png\")
<\/figure>\n\n\n\nThe classification uncertainty comes from multiple sources. Annex III lists use cases in broad categories,
but the boundaries are vague. Article 6(3) added exemptions for systems performing “narrow procedural
tasks” or “preparatory” functions, but deciding whether an AI system is merely preparatory versus
actually influencing a decision is often a judgement call with no clear benchmark.<\/p>\n\n\n\nThis is exactly what the Article 6(5) guidelines, the ones the Commission missed its deadline to publish,
were designed to resolve. Those guidelines were supposed to include “a comprehensive list of practical
examples of use cases of AI systems that are high-risk and not high-risk” [6]. Without them, organisations
in grey-area use cases are forced to either classify conservatively (treating borderline systems as high-risk
at significant compliance cost) or accept the legal risk of under-classifying.<\/p>\n\n\n\nAcademic research confirms this is a real operational problem. A 2026 case study interviewing
companies attempting to comply found recurring uncertainties, with interviewees voicing frustration
about unclear details that are “supposed to be clarified in the upcoming harmonised standards” [29].<\/p>\n\n\n\nThe appliedAI study and risk classification database are available at: AI Act: Risk Classification of AI Systems from a Practical Perspective<\/a><\/a><\/p>\n\n\n\n
What high-risk obligations actually require<\/h3>\n\n\n\n
The key date is August 2, 2026, when the full obligations for Annex III high-risk systems become
applicable. From that day, non-compliant systems are technically in violation. There is no grace period
[1].<\/p>\n\n\n\nProviders of high-risk systems must implement: risk management across the full AI lifecycle, data
governance, technical documentation, automatic event logging, human oversight mechanisms,
conformity assessments, CE marking, and registration in the EU database.<\/p>\n\n\n\nDeployers must ensure: proper system use, human oversight, fundamental rights impact assessments,
and incident reporting [1].<\/p>\n\n\n\n2. Who Must Comply<\/h2>\n\n\n\n
The AI Act applies extraterritorially, the same model as GDPR. It does not matter where an organisation
is headquartered. Three categories of organisations are covered [1][18]:<\/p>\n\n\n\n- \n
- Providers<\/strong>: organisations that develop AI systems (or have them developed) and place them on
the EU market under their own name or trademark.<\/li>\n\n\n\n- Deployers<\/strong>: organisations that use AI systems in a professional capacity within the EU.<\/li>\n\n\n\n
- Any organisation whose AI outputs affect people in the EU<\/strong>, even if the AI runs on servers
outside Europe.<\/li>\n<\/ul>\n\n\n\nA technology company in the United States using AI for loan approvals that serves European customers is
in scope. A recruitment firm in Asia using AI-powered CV screening for EU-based roles is in scope. A
startup anywhere in the world deploying a chatbot that interacts with EU residents is in scope.<\/p>\n\n\n\nMany organisations that do not consider themselves “AI companies” will discover they have obligations,
particularly those using third-party AI tools for hiring, credit assessment, customer service, or content
generation. Using someone else’s AI system does not exempt an organisation; deployers carry their own
distinct set of legal responsibilities under the Act [1].<\/p>\n\n\n\nFines<\/h3>\n\n\n\n
The penalties are structured in three tiers [19]:<\/p>\n\n\n\n
Violation<\/strong><\/td> Maximum fine<\/strong><\/td><\/tr> Prohibited practices<\/td> \u20ac35 million or 7% of global turnover (whichever is higher)<\/td><\/tr> High-risk violations<\/td> \u20ac15 million or 3% of global turnover (whichever is higher)<\/td><\/tr> Information failures<\/td> \u20ac7.5 million or 1% of global turnover (whichever is higher)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n For SMEs and startups, the Act provides that the lower of the fixed amount or percentage applies
instead, offering meaningful protection for smaller organisations [19].<\/p>\n\n\n\nBeyond fines, authorities can order organisations to stop using non-compliant AI systems entirely.<\/p>\n\n\n\n
3. Where Things Stand: Missed Deadlines, the Guidance Gap, and the Digital Omnibus<\/h2>\n\n\n\n
As of March 2026, the AI Act’s implementation is in a state of tension. The compliance deadline is
approaching, but the official infrastructure organisations need to comply is not ready.<\/p>\n\n\n\nWhat has already taken effect<\/h3>\n\n\n\n
February 2, 2025<\/strong>: Prohibited AI practices became applicable [3][4]. Penalties became enforceable from
August 2, 2025 [1]. No public enforcement actions have been announced as of March 2026, though
investigations are reportedly underway.<\/p>\n\n\n\nAugust 2, 2025<\/strong>: Obligations for general-purpose AI model providers took effect. The penalty framework
under Article 99 also became active on this date, and member states were required to have designated
their national enforcement authorities [1].<\/p>\n\n\n\nJanuary 1, 2026<\/strong>: Finland became the first member state with operational national enforcement powers
[22]. Spain’s dedicated AI Supervisory Agency (AESIA) has been operational since mid-2024 [23]. Italy
adopted the EU’s first national AI law (Law 132\/2025) in October 2025, introducing criminal penalties of
1-5 years imprisonment for harmful deepfake dissemination [24].<\/p>\n\n\n\nWhat has been missed<\/h3>\n\n\n\n
The Commission missed its own deadline<\/strong>. Article 6(5) required the Commission to publish guidelines on
high-risk classification, including practical examples, by February 2, 2026. This deadline was missed. The
Commission indicated it was still integrating months of stakeholder feedback and planned to release a
draft for further consultation [6][7].<\/p>\n\n\n\nHarmonised standards are delayed<\/strong>. CEN and CENELEC, the European standardisation bodies tasked with
developing the technical benchmarks for demonstrating compliance, missed their late-2025 delivery
target. Standards are now expected by end of 2026 at the earliest [7][8][25]. Under Article 40,
organisations that follow harmonised standards receive a “presumption of conformity,” effectively a legal
safe harbour. Without published standards, that safe harbour does not exist.<\/p>\n\n\n\nThe Commission has not used its backup mechanism<\/strong>. Article 41 allows the Commission to establish
“common specifications” as interim guidance when standards are delayed. As of March 2026, the
Commission has not publicly indicated any intention to do so [25].<\/p>\n\n\n\nAdditional guidelines are still pending<\/strong>. The Commission has announced it will publish guidance on high\u0002risk classification, transparency requirements, incident reporting, provider and deployer obligations,
fundamental rights impact assessments, and post-market monitoring templates throughout 2026 [9].
None of these are finalised.<\/p>\n\n\n\nThe Digital Omnibus<\/h3>\n\n\n\n
On November 19, 2025, the Commission proposed the Digital Omnibus package, a set of amendments
that would push back the high-risk compliance deadlines [10][11].<\/p>\n\n\n\nThe core mechanism: high-risk obligations would not take effect until the Commission confirms that
adequate compliance support tools (harmonised standards, common specifications, guidelines) are
available. Once confirmed, obligations apply after 6 months for Annex III systems and 12 months for
Annex I systems.<\/p>\n\n\n\nRegardless of when standards arrive, backstop deadlines would cap the maximum delay [12][13]:<\/p>\n\n\n\n
System Type<\/strong><\/td> Backstop deadline<\/strong><\/td><\/tr> Annex III (stand-alone high-risk systems)<\/td> December 2, 2027<\/td><\/tr> Annex I (AI embedded in regulated products)<\/td> August 2, 2028<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Where the Digital Omnibus stands now (March 2026):<\/h3>\n\n\n\n
The process is moving faster than most observers anticipated. Two major developments occurred in
the past week:<\/p>\n\n\n\nMarch 11<\/strong>: MEPs reached a preliminary political agreement on the AI Omnibus amendments during a
shadow meeting. The deal will be put to a formal committee vote (LIBE and IMCO committees)
on March 18, 2026, two days from the date of this article. Rapporteur Michael McNamara confirmed
that “some technical negotiations are still ongoing” ahead of the vote [30].<\/p>\n\n\n\nMarch 13<\/strong>: The Council agreed its negotiating mandate (known as a “general approach”). The Cyprus
Presidency stated: “We worked on this proposal with urgency, reaching a swift agreement to facilitate
the timely application of the AI act” [31]. Following this approval, the presidency indicated it will start
negotiations with the European Parliament.<\/p>\n\n\n\nBoth the Parliament and Council positions align on the key points: fixed deadlines of December 2,
2027 for Annex III systems and August 2, 2028 for Annex I systems. Both also include a new prohibition
on AI systems generating non-consensual sexual and intimate deepfakes [30][31].<\/p>\n\n\n\nWith both institutions now holding agreed positions, trilogue negotiations can begin as soon as the
Parliament committee vote passes and plenary endorses it. This is significantly ahead of the “spring or
summer 2026″ timeline that was widely expected just weeks ago.<\/p>\n\n\n\nWhat this means in practice: the postponement of high-risk deadlines is now very likely, but it is not
yet law. The trilogue must produce a compromise text, both institutions must formally adopt it, and it
must be published in the Official Journal before it takes legal effect. Whether all of this can be
completed before August 2, 2026 remains uncertain, though the political alignment makes it
considerably more plausible than it was a month ago [26][27].<\/p>\n\n\n\nThe Commission itself has acknowledged the problem directly: harmonised standards are “decisive for
legal certainty” and their delayed availability “puts at jeopardy the successful entry into application of
the high-risk rules on 2 August 2026″ [8].<\/p>\n\n\n\n4. What Organisations Should Prepare, With or Without Official Guidance<\/h2>\n\n\n\n
Regardless of whether the August 2026 deadline holds or shifts, the underlying obligations are not going away. The requirements are written directly into the regulation (Articles 9-15) and do not depend on guidelines or standards being published first. Organisations that begin preparation now will be in a stronger position under either timeline scenario.<\/p>\n\n\n\n
1 –<\/strong> Conduct an AI inventory and risk classification<\/strong>. Identify every AI system developed or deployed
within the organisation. Determine which fall under Annex III high-risk categories or Annex I product
safety rules. Given that 40% of enterprise AI systems fall into an unclear classification zone [28],
organisations should document their reasoning for each classification decision, including borderline
cases. For systems that cannot be clearly classified, the prudent approach is to either treat them as high\u0002risk or seek guidance from a national supervisory authority. [5][6][28]<\/p>\n\n\n\n2 – Withdraw or redesign any prohibited AI systems<\/strong>. The ban on prohibited practices has been applicable
since February 2, 2025. Organisations still operating manipulative AI, social scoring, workplace or school
emotion recognition (without medical or safety justification), untargeted facial scraping, or individual
criminal risk prediction based solely on profiling must discontinue these immediately. [3][4]<\/p>\n\n\n\n3 – Assemble documentation for high-risk systems<\/strong>. The Act requires [1]:<\/p>\n\n\n\n
- \n
- A risk management process covering the full AI lifecycle (Article 9)<\/li>\n\n\n\n
- Data governance procedures for training and testing data (Article 10)<\/li>\n\n\n\n
- Technical documentation per Annex IV (Article 11)<\/li>\n\n\n\n
- Automatic event logging (Article 12)<\/li>\n\n\n\n
- Human oversight mechanisms enabling meaningful human intervention (Article 14)<\/li>\n<\/ul>\n\n\n\n
4 – Determine the conformity assessment route<\/strong>. For most stand-alone high-risk systems, organisations
conduct an internal self-assessment under Annex VI. Systems performing biometric identification require
a third-party assessment from a notified body under Annex VII. These bodies are already experiencing
booking delays as of March 2026; organisations requiring third-party assessments should engage
assessors without delay. [1][17]<\/p>\n\n\n\n5 – Establish governance infrastructure<\/strong>. Designate a person or team responsible for AI compliance.
Develop company-wide AI policies. Implement staff training programmes. Create incident reporting
procedures. This is a permanent operational requirement, not a one-time exercise. [1]<\/p>\n\n\n\n6 – Prepare for transparency obligations<\/strong>. Chatbots must inform users they are interacting with AI.
Deepfakes and synthetic content must be labelled. Emotion recognition and biometric categorisation
systems require user notification. These obligations take effect August 2, 2026 regardless of the Digital
Omnibus. [1]<\/p>\n\n\n\nThe best practical resource available now<\/h3>\n\n\n\n
In the absence of EU-level guidance, Spain’s AI Supervisory Agency (AESIA) published 16 detailed,
practical compliance guides in December 2025. Developed through a real regulatory sandbox with actual
companies, the guides are structured as a progressive roadmap [14][15][16]:<\/p>\n\n\n\n
- Deployers<\/strong>: organisations that use AI systems in a professional capacity within the EU.<\/li>\n\n\n\n
- Education<\/strong>: admissions decisions, exam scoring, monitoring student behaviour during tests<\/li>\n\n\n\n