惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
Scott Helme
Scott Helme
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Stack Overflow Blog
Stack Overflow Blog
Forbes - Security
Forbes - Security
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
S
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
N
News | PayPal Newsroom
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Project Zero
Project Zero
Cyberwarzone
Cyberwarzone
Vercel News
Vercel News
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Google Online Security Blog
Google Online Security Blog
Simon Willison's Weblog
Simon Willison's Weblog
MongoDB | Blog
MongoDB | Blog
Martin Fowler
Martin Fowler
T
Tenable Blog
I
InfoQ
W
WeLiveSecurity
Google DeepMind News
Google DeepMind News
G
Google Developers Blog
D
DataBreaches.Net
博客园 - Franky
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
S
Security @ Cisco Blogs
Hacker News: Ask HN
Hacker News: Ask HN
J
Java Code Geeks
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Full Disclosure
C
Cisco Blogs
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Cloudflare Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
I
Intezer
The GitHub Blog
The GitHub Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
F
Fortinet All Blogs
Jina AI
Jina AI
V
Visual Studio Blog
L
LINUX DO - 热门话题
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏

Privacy & Cybersecurity Law Blog

New Hampshire Amends the NHDPA to Prohibit the Sale of Children’s Personal Data Canada’s Proposed Social Media Ban for Children and Chatbot Regulation: Bill C-34’s Impact on Platforms European Commission Unveils Cybersecurity and AI Action Plan European Commission Refers Four Member States to CJEU Over NIS2 Transposition Delays EDPB Opens Public Consultation on New Personal Data Breach Notification Template European Commission Advances New Proposal to Expand Cloud Capacity and AI Infrastructure U.S. Supreme Court FTC Ruling Prompts Fresh Scrutiny of EU-U.S. Data Privacy Framework China Issues New Measures for Network Data Security Risk Assessment China Issues Regulations on Internet Content Multi-Channel Network Distribution Services China’s First Regulatory Framework for Virtual Companions Soon to Take Effect UK Data Protection Complaints Obligations Take Effect Vermont Enacts Significant Amendments to Data Broker Legislation Vermont Becomes 23rd State with Comprehensive Consumer Privacy Law Louisiana Enacts Comprehensive Consumer Privacy Law Connecticut Signs Comprehensive AI Bill into Law China CAC Issues Guidance on Conducting Audits Technology Companies Should Prepare for FTC Enforcement of Take It Down Act HHS Reorganizes Office for Civil Rights Oregon Prohibition on Public Body Disclosures to Data Brokers for Federal Immigration Purposes Now In Effect Connecticut Privacy Law Updates: Data Broker Rules, Geolocation Sale Ban, Surveillance Pricing Restrictions, and Genetic Data Regulations NYDFS Warns of Cybersecurity Risks from Frontier AI Models UK and Australia Announce Memorandum of Understanding on AI Security FTC Announces Settlements With Three Marketing Firms Over Allegations of Deceptive Statements About Active Listening AI-Powered Services Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems Colorado AI Act Amended and Effective Date Delayed Texas AG Announces Lawsuit Against Netflix for Alleged Misrepresentations Regarding User Data UK ICO Recommends Targeted Changes to PECR Rules for Online Advertising California AG Announces Record $12.75M Settlement with GM over CCPA Data Minimization and Purpose Limitation Violations Illinois Department of Human Rights Issues Regulations Governing the Use of AI in Employment Decisions Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response Maryland Enacts First-of-its-Kind Ban on Surveillance Pricing for Grocery Sales UK ICO Publishes Guidance on Storage and Access Technologies CIPL Report Discusses Significant Alignment between GDPR and Global CBPR CalPrivacy Announces the Agenda for its April 30–May 1 Board Meeting CalPrivacy Requests Preliminary Comments on Notices & Disclosures, Employee Data COPPA Rule Amendment Compliance Deadline Approaches House Republicans Introduce Comprehensive Federal Privacy Bill: “SECURE Data Act” Kentucky Classifies Smart TV Data as Sensitive Alabama Becomes 21st State With Comprehensive Consumer Privacy Law CalPrivacy Director Expects CCPA Compliance Audits in 2026 Virginia Bans Sale of Geolocation Data HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data Washington State Enacts Law Regulating AI Companion Chatbots with Private Right of Action Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act
2026-05-20 · via Privacy & Cybersecurity Law Blog

European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act

On May 19, 2026, the European Commission published draft guidelines on the classification of high-risk artificial intelligence (“AI”) systems under the EU Artificial Intelligence Act (the “EU AI Act”) and launched a public consultation open until June 23, 2026. The draft guidelines, which have been issued under Article 6(5) of the EU AI Act, are intended to assist providers, deployers and market surveillance authorities in determining whether an AI system falls within a high-risk category under Article 6 of the EU AI Act.

The EU AI Act, which entered into force on August 1, 2024, adopts a risk-based framework for AI systems used in the EU. Within that framework, high-risk AI systems are subject to a detailed set of requirements and obligations designed to address risks to health, safety and fundamental rights. The European Commission’s draft guidelines are aimed at supporting a more consistent interpretation of the high-risk classification rules and facilitating the application and enforcement of Article 6.

The draft guidelines are structured in three parts:

  • Section 1: This section sets out the general principles for determining whether an AI system should be classified as high-risk and introduces the two categories of high-risk AI systems under Article 6 of the EU AI Act.
  • Section 2: This section addresses classification under Article 6(1) and Annex I of the EU AI Act, covering AI systems that are safety components of products, or are themselves products, subject to specified EU product safety legislation.
  • Section 3: This section addresses classification under Article 6(2) and Annex III of the EU AI Act, covering certain stand-alone AI systems used in areas identified by the AI Act as presenting significant risk, including biometrics, education, employment, essential services and law enforcement.

The draft guidelines provide non-exhaustive examples of AI systems that may or may not be classified as high-risk, while making clear that inclusion of a use case does not by itself establish its lawfulness under applicable law.

The publication follows a delay from the European Commission’s original timetable. Guidance on high-risk classification had initially been expected by February 2, 2026, ahead of the EU AI Act’s original compliance milestones for high-risk systems. The absence of final guidance, together with delays in the development of standards and other implementation tools, became a central issue in broader discussions on the operational readiness of the EU AI Act. Those concerns contributed to the recent Digital Omnibus on AI, which revised the implementation schedule for certain high-risk AI obligations. Under the updated timetable, requirements for stand-alone high-risk AI systems are now due to apply from December 2, 2027, while obligations for high-risk AI systems embedded in products will apply from August 2, 2028. The revised deadlines were intended to provide additional time for the development of guidance, specifications and standards, and to give organizations greater legal certainty as they prepare for compliance.

The current draft guidelines will be subject to further consultation before the European Commission adopts a final version. The European Commission also emphasizes that the guidelines are not legally binding and that authoritative interpretation of the EU AI Act ultimately rests with the Court of Justice of the European Union.

Read the draft guidelines here.