The Commission Just Clarified Article 6(3). For Most Financial Deployers, the Filter Just Got Narrower.

A short read on the draft guidelines published 19 May 2026 — what they say, what they don't, and what they change for Nordic banks, lenders, and insurers.

The headlines this morning say the same thing: "Commission publishes high-risk AI guidelines." The substance is more specific. The Commission has set out, in 148 pages, how it reads the single most consequential classification question under the AI Act — when does a system fall inside the high-risk regime, and when does it stay outside? For Nordic financial deployers, almost all of the practical news sits in one place: Article 6(3) and the escape hatch it creates. The interpretation is tighter than most compliance teams had hoped.

What was actually published

On 19 May 2026 the European Commission published its draft Guidelines on the classification of high-risk AI systems under Article 6 of Regulation (EU) 2024/1689. The package is in three documents — general principles, the Annex I (product safety) route, and the Annex III (use case) route — and runs to roughly 148 pages.

The draft is open for public consultation until 23 June 2026. The Commission has been explicit that the Guidelines, once final, will not be binding — only the Court of Justice can give the authoritative reading of the AI Act. That caveat aside, this is the clearest signal so far of how the Commission, and by extension national market surveillance authorities, will approach the classification question. The Guidelines were originally expected in February 2026, and the delay was one of the reasons cited in the broader debate about whether the 2 August 2026 deadline could realistically be met. If you want to understand where that debate stands now, that's what last week's post on the Digital Omnibus trilogue collapse was about.

Why Article 6(3) is the part that matters for financial deployers

The AI Act has two routes to high-risk classification. Article 6(1) and Annex I cover AI embedded as a safety component in regulated products — machinery, medical devices, toys, vehicles. That route does not apply to financial institutions. Article 6(2) and Annex III cover stand-alone AI systems in eight enumerated use areas. For Nordic financial deployers, the relevant entries are point 5(b) — creditworthiness evaluation and credit scoring, with an explicit exception for fraud detection — and point 5(c) — risk assessment and pricing in life and health insurance.

If your AI system's intended purpose lands in one of those entries, it is presumed high-risk under the Act. The full Article 26 deployer obligations and the Article 27 Fundamental Rights Impact Assessment apply. (If the provider/deployer distinction underneath this is what you want to understand first, that's what the first post in this series covered.)

Article 6(3) is the escape hatch from that presumption. It says that a system listed in Annex III is not high-risk if it does not pose a significant risk of harm, and it sets out four alternative conditions under which that is taken to be the case. Until yesterday, the boundaries of those conditions were undefined in any operational sense. Many compliance teams have been quietly assuming the filter would carry more weight than the text of the Article suggests. The Guidelines disabuse them of that assumption.

The four conditions, and how the Commission reads them

Article 6(3) sets four alternative conditions. Only one needs to apply. The Commission devotes more than twenty pages of the Annex III document to interpreting them. The summary:

(a) Narrow procedural task. Strictly procedural functions that do not require substantive assessment of the underlying matter — indexing, formatting, classifying into predefined categories, deduplication. The test is whether the system makes a value judgement about content. A CV-sorter that bins applications by language or by location may qualify. A CV-sorter that scores or ranks candidates does not, even if a human reviews the output.

(b) Improving the result of a previously completed human activity. The system supplements, rather than replaces, an assessment a human has already made. A grammar checker on a credit officer's already-drafted memo would qualify; a system that drafts the memo itself would not.

(c) Detecting decision-making patterns or deviations from prior decision-making patterns. Ex-post pattern recognition, where the system identifies departures from established human practice without replacing or influencing the underlying assessment. A monitoring tool that flags credit-decision drift across a portfolio after the fact might qualify; a tool that intervenes in live decisions does not.

(d) Performing a preparatory task to an Annex III assessment. Strictly upstream of the assessment itself — translation of supporting documents, basic data extraction, OCR. The line between (a) and (d) is subtle; (a) can occur during the assessment process if narrow, (d) by definition precedes it.

Two themes run through the Commission's treatment of all four. First, the filter is an exception to a fundamental-rights-protective regime, and exceptions are interpreted narrowly. Where there is doubt, the system qualifies as high-risk — that is the default the Commission has chosen. Second, the filter does not apply where the AI's output materially influences the outcome of the decision. The "materially influence" test is the operational discipline the Guidelines impose across all four conditions.

The hard rule sitting on top of all four

There is one rule that overrides everything else: if the system performs profiling, no filter is available. Full stop.

Profiling, as defined by Article 4(4) GDPR (with parallel definitions in the Law Enforcement Directive and Regulation 2018/1725), means any form of automated processing of personal data to evaluate, analyse, or predict personal aspects of a natural person — economic situation, behaviour, reliability, preferences, location. The Guidelines treat the profiling carve-out as a hard rule: if the system performs profiling, it is high-risk, regardless of which filter condition is otherwise satisfied.

For Nordic financial deployers, this is the rule that matters most. Creditworthiness scoring and life/health insurance pricing are profiling by construction. The automated processing of personal data to evaluate a natural person's economic situation is what those systems are for. The filter is therefore functionally unavailable for most 5(b) and 5(c) use cases at their core.

Where the filter may still have legitimate room to operate is in supporting and peripheral systems — translating supporting documents in a credit application, deduplicating customer records before the credit assessment runs, structuring KYC documents into a standardised format for a human reviewer. Those can plausibly qualify under conditions (a) or (d). They will still need documented assessments under Article 6(4) and registration under Article 49(2). The Guidelines do not exempt anyone from documenting the analysis, even when the conclusion is "not high-risk".

The fraud-detection carve-out, read in light of the Guidelines

Annex III 5(b) excludes "AI systems used for the purpose of detecting financial fraud" from the high-risk category. That carve-out is a feature of the Act itself, not the Guidelines, and it is unchanged. But the Commission's general posture — interpret exceptions narrowly, look at the substance not the label — applies here too.

A pure transaction-monitoring system designed only to flag fraudulent transactions can rely on the carve-out. A system marketed as "fraud detection" that in practice produces a creditworthiness signal fed into a lending decision cannot. Under Article 3(12) of the AI Act, "intended purpose" is defined to include instructions for use, technical documentation, and promotional or sales materials — but the classification follows the substantive function the system performs, not just the label attached to it. The regulator will look at what the system actually does and how it is integrated into the deployer's workflow.

Worth noting: there is no parallel fraud-detection carve-out for point 5(c) life and health insurance pricing. That asymmetry is built into the Act and the Guidelines do not unwind it.

What changes for deployer vendor due diligence

The most immediate operational change for compliance teams is the shape of vendor due-diligence questions. Until yesterday, asking a vendor "is this system high-risk under the AI Act?" was a reasonable question with no obviously good answer. After yesterday, the better question is: show me your Article 6(3) analysis.

Specifically:

• Which of the four conditions does the system rely on?
• Why does the system not perform profiling under Article 4(4) GDPR?
• How does the output not materially influence the outcome of the decision?
• Where is the documented assessment under Article 6(4), produced before market placement?
• Where is the registration under Article 49(2)?

A vendor that cannot answer those questions has not done the work, and the Article 6(4) burden has practical consequences: if a market surveillance authority later determines the system was misclassified, Article 99 penalties apply. Misclassification risk transfers to the deployer in any case where the deployer ought reasonably to have caught the gap during procurement. Strong vendor diligence is where that risk gets surfaced before contract signature.

Submit feedback if your sector deserves clearer examples

The consultation is open until 23 June 2026 through the Commission's "Have Your Say" platform. The final Guidelines will be more useful — and more accurate — to the extent that the Commission has read input from the sectors actually deploying high-risk AI.

Financial services is one of the sectors with the most specific Annex III exposure — point 5 is structured around credit and insurance use cases — and the Guidelines' financial-services examples are still relatively thin compared to, say, the employment or biometrics examples. If your team is operating real systems against these classifications, your input has more weight than a law firm's. Concrete examples from regulated deployment — what worked, what did not, where the perimeter felt arbitrary — are the kind of feedback the Commission has explicitly invited. Even a short, well-evidenced submission improves the final text.

The practical takeaway

Three things to do this week:

1. Re-examine the Article 6(3) argument if your team has been quietly relying on the filter to classify a credit, scoring, underwriting, or claims-related system as not high-risk. The profiling rule and the narrow-interpretation posture together close most of the room that argument was sitting in.
2. Make the Article 6(3) file a deliverable, not a footnote. Even for systems you classify as not high-risk, the documented assessment must exist before market placement, must be registered under Article 49(2), and must be producible to authorities on request.
3. Re-shape vendor due diligence questions around the Guidelines' framework. "Is this high-risk?" is the wrong question. "Show me the Article 6(3) analysis" is the right one.

None of this changes the underlying obligations under Articles 26 and 27 — those were always going to apply to credit and insurance deployers under 5(b) and 5(c). What the Guidelines change is the room for argument that they do not apply. That room is now considerably smaller.

---

If you would like to walk through what the Guidelines change for your specific AI inventory — and what an Article 6(3) file actually needs to contain to hold up — we offer a 45-minute session that maps your systems against the new interpretation. Book a time →

The draft Guidelines are available on the Commission's AI Act library page and the full text of the AI Act on EUR-Lex: eur-lex.europa.eu/eli/reg/2024/1689/oj.

This article is informational and is not legal advice. Application of the EU AI Act and the draft Commission Guidelines to a specific organisation depends on facts that should be reviewed with qualified counsel.