knowledge 2 June 2026 |

Critical Infrastructure Spotlight: EU AI Act - Draft Guidelines on High-Risk AI Classification

This is the second in a series of briefings on the European Commission's draft Guidelines on the classification of high-risk AI systems under Article 6 of the EU AI Act.  It covers critical infrastructure. 

As mentioned in the first (employment-themed) briefing in this series (Employment Spotlight: EU AI Act - Draft Guidelines on High-Risk AI Classification), the European Commission’s five-week public consultation on the draft Guidelines runs until 23 June 2026.  

What do critical infrastructure operators need to know?

As mentioned in our first spotlight briefing, the draft Guidelines confirm that the application date for the obligations relating to Annex III high-risk AI systems, including critical infrastructure-related systems, has been postponed from 2 August 2026 to 2 December 2027.  Such high-risk AI systems in use prior to 2 December 2027 are not subject to the AI Act unless they are subject to “significant changes in their design”, or if they are used by public authorities (in which case they must comply by 2 August 2030). Otherwise, the substantive compliance obligations have not changed. Operators should use this extended timeline to prepare and may also wish to submit feedback to the Commission during the open consultation period.

Key takeaways from the draft guidelines

Below, we highlight the key takeaways from the Guidelines relating to the critical infrastructure category under Annex III that are particularly relevant for organisations deploying AI in the management and operation of digital infrastructure, road traffic, and the supply of water, gas, heating or electricity.

A narrow gateway to high-risk infrastructure AI classification

An AI system will be classified as high-risk under the critical infrastructure use case only if certain cumulative conditions are met:

  • it must be intended for use as a “safety component”;
  • the intended use must concern the management and operation of critical digital infrastructure, road traffic, or the supply of water, gas, heating or electricity; and
  • the deploying entity must have been designated as a “critical entity” under the Critical Entities Resilience Directive.

The implication of this third condition is that the same AI system deployed by a non-designated entity falls outside scope. The Guidelines clarify that deployers need not disclose their designation as a “critical entity” under the CER Directive to third-party AI providers and they may instead require high-risk compliance through procurement documentation.

Otherwise, notably, the concept of “safety component” is drawn narrowly: the system must directly protect the physical integrity of the infrastructure by reducing, preventing, controlling or mitigating risks that would lead to physical harm or property damage. The Guidelines set out six categories of safety function that would bring an AI system within scope:

  • monitoring and detecting situations which may directly lead to physical harm;
  • detecting maintenance needs which, if unaddressed, may directly compromise physical integrity;
  • preventing physical harm by directly protecting the infrastructure;
  • controlling or limiting possible harm;
  • mitigating the consequences of harm; and
  • controlling or supervising another system that performs a safety function.

Importantly, AI systems that are merely supportive, informational, organisational or optimisation-oriented, for example, systems designed to optimise performance, efficiency or cost, and which do not themselves perform a direct protective function are excluded from high-risk classification.  Similarly, AI systems used solely for cybersecurity purposes are outside scope from a critical infrastructure perspective, as the Commission draws a clear distinction between a “safety component” and a “cybersecurity component.”

It should also be noted that even if certain AI systems may fall outside the scope of the critical infrastructure use cases listed in Annex III, they could still be classified as high-risk under the other condition outlined in our first briefing (AI systems integrated into regulated products (e.g. civil aviation, rail systems).

The Article 6(3) filter is of limited relevance

As set out in more detail in our first spotlight briefing, many organisations have looked to the Article 6(3) ”filter mechanism” as a potential route to escape high-risk classification.

In the critical infrastructure context, however, the filter is likely to be of limited practical relevance. By definition, if the system directly protects the physical integrity of the infrastructure, its role goes beyond the narrow, supportive functions contemplated by the filter. The Commission reinforces this by noting in its practical examples that, for systems such as fire alarm controllers, "none of the exceptions listed in Article 6(3) AI Act apply … due to its role in preventing direct damage to the physical infrastructure...as well as harm to natural persons".

Practical examples

The following is a high-level summary of examples from the Guidelines which indicate where the boundaries sit.

What's in (high-risk):

  • Critical Digital Infrastructure: An AI system used as a fire alarm controlling system in cloud computing centres, due to its direct safety function.
  • Road Traffic: An AI system used to monitor road traffic and adjust traffic lights accordingly, thereby directly protecting physical integrity.
  • Road Traffic: An AI system used to recognise heavy objects on vulnerable bridges and quaysides, helping prevent structural collapse.
  • Water: An AI system used as a pressure sensor in water pressure monitoring systems.
  • Electricity: An AI system used for surveillance and physical perimeter protection of electricity infrastructure.
  • Electricity: An AI system used for the detection of anomalies in data patterns when operating electricity grids for the purpose of monitoring critical functions such as power load distribution, grid stability or shutdown procedures.

What's out (not high-risk):

  • Critical Digital Infrastructure: AI systems used to improve service quality and operations of critical digital infrastructure, such as trouble-ticket management, network optimisation or predicting network load.
  • Road Traffic: An AI-enabled traffic flow optimisation system based on real-time data collection that provides insights but does not directly trigger changes in traffic management. 
  • Gas: An AI system used as a predictive maintenance tool for gas pipeline monitoring, where existing safety systems remain independently operational.
  • Heating: AI-powered patrolling robots in heating plants used only for detection purposes and incapable of taking preventive measures or intervening in operations.
  • Electricity: An AI system used for electricity grid optimisation by forecasting energy demand, where core safety functions are handled separately.
  • Electricity: An AI system used for cybersecurity monitoring of energy grid networks.

How can McCann FitzGerald LLP help?

For further information or assistance, please reach out to one of the key contacts below, or your usual contact at McCann FitzGerald LLP.

This document has been prepared by McCann FitzGerald LLP for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.

Key Contacts
Doug McMahon

Doug McMahon

Partner

Isobel Murphy

Isobel Murphy

Associate

Related Content
Knowledge 27 May 2026

Employment Spotlight: EU AI Act - Draft Guidelines on High-Risk AI Classification

Read more
Knowledge 25 May 2026

What counts as ‘scientific research’ under the GDPR? EDPB consults on Scientific…

Read more
Knowledge 20 May 2026

Clinical Trials and the EU Biotech Act: Key Takeaways from the EDPB - EDPS Joint…

Read more