EU AI Act Part 6 – The Window Is Open: How to Act Before These Guidelines Become Final

This series started with a problem: your documentation may have already classified you as high risk without any deliberate choice. It walked through the classification framework, the filter mechanism, the sector-specific applications, and the records you need to build. This final post closes the loop by addressing the fact that the guidelines driving all of that analysis are still in draft.

The European Commission published these guidelines on May 19, 2026, for stakeholder consultation. They are not final. The Commission is seeking feedback before adopting a finalized version, and the AI Act Service Desk on the Single Information Platform is the channel for that input. This creates a short, real window where practitioners can influence the text that market surveillance authorities across 27 Member States will ultimately use as their reference.

That window is worth using. Here is how.

Not every aspect of the guidelines is settled or clear. There are specific places where the draft’s choices create interpretive problems that well-constructed stakeholder feedback can improve.

The broadly scoped system problem needs more examples. The Commission’s doctrine on broadly described AI systems, which treats systems presented as “broadly applicable” without consistent limitations as having high-risk intended purposes, is sound in principle. But the line between “consistently limiting” intended purpose and a TOS carve-out that does not work is not illustrated with enough concrete examples for practitioners to use. More worked examples at the boundary, particularly for multi context AI platforms and API based AI services, would give providers something to calibrate against.

The agentic AI threshold needs a clearer standard. The anti-fragmentation rule, which says complex systems are assessed as a whole when combined outputs materially influence an individual decision, is well-reasoned but requires a threshold determination that the guidelines currently leave vague: what does “materially influence” mean in quantitative or functional terms? A component that affects 5% of the information that informs a decision is different from one that produces the decisive scoring output. The guidelines would benefit from a clearer standard for when a contribution to a pipeline triggers combined system classification versus when genuine separability preserves independent assessment.

The filter conditions need worked examples at the boundary. The draft provides useful examples of what conditions (a) and (d) clearly cover, but the harder cases, systems that sit at the edge of “narrow procedural” or are arguably “preparatory,” are not illustrated. For practitioners building filter self-assessments, the absence of boundary examples makes it difficult to know where the narrow interpretation requirement draws the line in practice. This is particularly acute for condition (b): the line between “improving a previously completed human activity” and “replacing it with a materially different result” is where most real systems will sit.

The GPAI / broadly scoped system doctrine needs to address the layered deployment problem. The guidelines address systems that present themselves as broadly applicable, but do not clearly address the situation where a narrowly documented base model is deployed by a downstream operator with a broader intended purpose. The Article 25(1) framework covers the downstream operator becoming a provider, but the analysis of how the base model provider’s documentation interacts with the downstream deployment could be clearer.

Regulatory consultation submissions work best when they are specific, technically grounded, and solutions-oriented. Vague expressions of concern, such as “the guidelines create uncertainty,” are noted but rarely move the text. What moves text is a concrete example of where the current draft produces an ambiguous or disproportionate outcome, paired with a specific alternative formulation or additional example that would resolve it.

Structure effective feedback around three things: the specific paragraph or concept at issue, a concrete example of the interpretive problem it creates, and what a more workable version would look like. Practitioners who submit feedback grounded in real operational scenarios, including the actual documentation structures, deployment configurations, and business relationships they deal with, give the Commission material it can work with.

The Commission has indicated that these guidelines will be consulted with the AI Board before adoption and may be updated over time as practical use cases are collected through the AI Act Service Desk. Ongoing engagement through that channel, not just one-time consultation feedback, is the longer-term approach.

A brief note on where these guidelines sit in the larger picture. The high risk obligations they interpret are subject to revised application dates under the AI Omnibus, the Digital Omnibus legislative package that has a provisional political agreement as of May 2026 but is pending formal adoption:

• Annex III (Article 6(2)) obligations: slated to apply from 2 December 2027
• Annex I (Article 6(1)) obligations: slated to apply from 2 August 2028

These revised dates create more runway than the original August 2026 and August 2027 deadlines. But the compliance program—the documentation audit, the classification self-assessment, the failure mode analysis, the pipeline map, the governance processes described in Post 5—cannot be built in the weeks before a deadline. Organizations that use the extended timeline to start now will be in a fundamentally different position than those that use it to wait.

The consultation window and the compliance runway are both real. Neither lasts indefinitely.

This series began with the observation that your paper trail determines your classification. We close with a parallel observation: the guidelines that define what a sufficient paper trail looks like are themselves a document being written right now. The practitioners who read them carefully, identify where they fall short, and submit concrete feedback during the consultation period are contributing to the standard that will ultimately govern their own compliance work.

That is a form of participation worth taking seriously.

• Post 1: You Might Already Be Classified as High-Risk and Not Know It
• Post 2: The Classification Audit: A Decision Framework for Article 6
• Post 3: The Article 6(3) Filter: Your Escape Valve Has a Catch
• Post 4: What This Looks Like in Your Sector
• Post 5: Building the Paper Trail: What Your Records Actually Need to Contain
• Post 6: The Window Is Open: How to Act Before These Guidelines Become Final

The Paper Trail series is based on the European Commission’s draft guidelines on the classification of high-risk AI systems under Article 6 of Regulation (EU) 2024/1689, published May 19, 2026, for stakeholder consultation. The guidelines are not yet final. Nothing in this series constitutes legal advice.