The Classification Trigger Most Compliance Teams Missed
The EU Commission published draft guidelines on Article 6 high-risk classification on May 19, 2026. The consultation window closes June 23, 2026. Most compliance briefings in the days that followed treated this as confirmation of a framework already understood: technical criteria, Annex III categories, the two-track deadline structure. One thing didn’t get the attention it warranted.
According to legal analysis from Wilson Sonsini, LEXR, and Alston & Bird, the draft guidelines signal that a provider’s intended purpose – the legal anchor for high-risk classification under Article 6(1), is established not only by technical function but by how the provider describes and markets that function. Sales materials, technical data sheets, and pre-sales documentation are part of the classification record. They’re not peripheral. They’re evidence.
That changes the compliance picture in a way that purely engineering-focused programs aren’t built to handle.
What the Draft Guidelines Actually Establish
Article 6 of the EU AI Act divides high-risk AI into two tracks. Annex I covers AI embedded in regulated products, medical devices, machinery, toys, vehicles. Annex III covers standalone AI in high-sensitivity sectors: biometric identification, education and vocational training, employment and worker management, access to essential services (credit, insurance), law enforcement, migration and border control, and administration of justice.
For Annex III systems, classification turns on intended purpose. That’s always been the case. What the draft guidelines clarify, per LEXR’s analysis, is that intended purpose isn’t determined solely by what the system does under the hood. It’s also determined by what the provider says it does, in product documentation, marketing materials, go-to-market positioning, and pre-sales qualification.
The practical implication: a system that could technically serve multiple purposes gets classified based on how it’s presented. A recruitment screening tool described in sales materials as assessing candidate suitability is establishing its classification record every time that language is used. A vendor that’s careful in engineering and careless in marketing is building a high-risk classification case against itself.
These guidelines are in draft form until June 23, 2026. But legal analysts note they’re likely to carry significant weight with national regulators and courts before finalization, Commission guidance of this type has historically been treated as persuasive authority in EU administrative proceedings. Don’t treat “draft” as meaning “not yet relevant.”
Who Now Owns Compliance Obligations
This is the organizational question the draft guidelines force. The answer runs across at least four functions that haven’t historically been compliance stakeholders for AI regulation.
Product Marketing
Product marketers writing capability descriptions, sector-specific use case content, and feature positioning are defining intended purpose under Article 6(1). A description of an AI tool as helping HR teams “evaluate candidate fit” in a job category covered by Annex III is not just marketing copy. It’s a classification input. Marketing teams need a review process, not a general legal sign-off, but a specific EU AI Act classification lens applied to every piece of sector-facing content before publication.
Pre-Sales and Solutions Engineering
Pre-sales teams routinely produce written qualification materials: RFP responses, proof-of-concept proposals, capability matrices, use case documentation. When those documents describe AI capabilities in Annex III sectors, they contribute to the classification record. Organizations that maintain extensive pre-sales documentation libraries are, in many cases, sitting on a large and unreviewed body of classification-relevant material.
Who This Affects
Technical Documentation
Technical data sheets and API documentation often describe intended use cases in precise terms that are more specific than marketing copy. These documents, per Alston & Bird’s analysis, are squarely within the category of provider documentation that shapes classification determinations. They may be maintained by engineering or product teams with no compliance oversight.
Legal and Compliance
The function that already owns EU AI Act compliance programs needs to expand its audit scope. A risk register built around system architecture, training data, and technical safeguards is incomplete if it hasn’t mapped the organization’s external-facing product descriptions against the Annex III categories. The audit that’s overdue in most organizations isn’t technical. It’s documentary.
The Two Deadline Tracks and Which Applies
Two hard dates anchor the compliance calendar. Neither is moved by the current consultation.
Annex III standalone systems, the employment, credit, biometric, education, and law enforcement applications most directly affected by the marketing documentation dynamic, must meet full compliance obligations by December 2, 2027. That’s confirmed through the Digital Omnibus provisional agreement of May 7, 2026, consistent with prior pipeline coverage of the three-pathway deadline framework.
Annex I embedded systems, AI in medical devices, machinery, and other regulated product categories, face compliance obligations effective August 2, 2028. The classification principles in Article 6 apply here too, though the product documentation context is different: for embedded systems, the regulated product’s labeling and instructions for use are the primary documentation vector.
Eighteen months to December 2027 looks workable on a calendar. Count the actual steps, classification audit, documentation review, conformity assessment preparation, technical file assembly, and in some cases notified body engagement, and the timeline compresses fast. Organizations that treat this as a late-2027 problem are building on a false premise.
The Consultation Window: Whether to Submit
The June 23, 2026 deadline is the formal opportunity to engage the classification process before the guidelines are finalized. For organizations with products that sit near Annex III category boundaries, systems that could plausibly be classified as high-risk or not, depending on how intended purpose is read, the consultation is worth taking seriously.
Submissions don’t require legal complexity. They require specificity. The Commission is looking for concrete input on how the classification criteria apply to real products. An organization that describes a genuinely ambiguous use case and explains why the current draft guidelines create classification uncertainty is contributing something useful, and creating a documented record of its engagement with the regulatory process.
Pre-Finalization Action Checklist, Article 6 Classification
- Audit existing marketing materials, sales decks, and pre-sales documentation against Annex III categories
- Establish forward-looking review process for new external content referencing Annex III sectors
- Brief product marketing, pre-sales, and technical documentation teams on classification-relevant language
- Assess whether consultation submission is warranted for products near Annex III category boundaries, deadline June 23, 2026
- Confirm applicable deadline track: Annex III (Dec 2, 2027) or Annex I (Aug 2, 2028)
Warning
Verification note: The marketing documentation claims in this brief reflect T1 law firm analysis of the EU Commission's draft Article 6 guidelines published May 19, 2026. The primary guidelines document was not directly accessed in this production cycle. Claims should be treated as informed legal interpretation, not established regulatory fact, until the guidelines are finalized following the June 23, 2026 consultation.
Organizations that submit during the consultation aren’t lobbying against compliance. They’re shaping what compliance means for their product category. That’s a legitimate use of the process, and it’s one that well-represented organizations will pursue.
What to Do Before the Guidelines Are Finalized
The draft status of these guidelines doesn’t create a pause. It creates a window.
Three actions matter now. First, pull the classification-relevant documentation: product marketing materials, sales decks, pre-sales qualification documents, technical data sheets, API documentation. Map each piece against the Annex III categories. Identify where sector-specific language has been used and whether that language establishes intended purpose in a regulated category.
Second, establish a documentation review process for new external content. Any future-facing description of an AI system’s capabilities in sectors covered by Annex III needs a classification lens before it goes out. This isn’t a blanket legal review requirement. It’s a targeted check: does this content, in combination with the product’s technical function, establish intended purpose in a high-risk category?
Third, brief the functions that have inherited new obligations. Product marketing, pre-sales, and technical documentation teams aren’t naturally oriented toward regulatory compliance. They need a specific, practical briefing, not a general EU AI Act overview, but a concrete explanation of how their outputs contribute to classification and what to watch for. The organizations that do this before December 2027 won’t be scrambling to reconcile a three-year documentation backlog against a compliance deadline.
The draft guidelines close a gap that many compliance programs left open. The assumption that classification is a technical question with a technical answer was always incomplete under the EU AI Act’s intended purpose framework. The May 2026 guidelines make that explicit. The organizations that respond to this as an organizational challenge, not just an engineering one, are the ones that will be positioned when enforcement begins.