AI Act

Joint statement: EU legislators must close dangerous loophole in AI Act

The European Union is entering the final stage of negotiations on its Artificial Intelligence Act (AI Act), but Big Tech and other industry players have lobbied to introduce a major loophole to the high-risk classification process, undermining the entire legislation. We call on EU legislators to remove this loophole and maintain a high level of protection in the AI Act. 

The EU AI Act has the potential to improve protections for people impacted by AI systems. In its original form, it outlined a list of ‘high-risk uses’ of AI, including AI systems used to monitor students, to assess consumers’ creditworthiness, to evaluate job-seekers, and to determine who gets access to welfare benefits. 

The legislation requires developers and deployers of such ‘high-risk’ AI to ensure that their systems are safe, free from discriminatory bias, and to provide publicly accessible information about how their systems work. However, these benefits will be undermined by a dangerous loophole introduced into the high-risk classification process in Article 6. 

In the original draft from the European Commission, an AI system was considered ‘high risk’ if it was to be used for one of the high-risk purposes listed in Annex III. However, the Council and the European Parliament have introduced a loophole that would allow developers of these systems decide themselves if they believe the system is ‘high-risk’.1 The same company that would be subject to the law is given the power to unilaterally decide whether or not it should apply to them.  

These changes to Article 6 must be rejected and the European Commission’s original risk classification process must be restored. There must be an objective, coherent and legally certain process to determine which AI systems are ‘high-risk’ in the AI Act. 

If the changes to Article 6 are not reversed, the AI Act will enable AI developers to decide to exempt themselves from all substantive rules for high-risk systems. The AI Act would:

  • Introduce high legal uncertainty as to which systems are considered ‘high risk’;
  • Lead to fragmentation of the EU single market, with different interpretations of what constitutes ‘high-risk’ across Member States;
  • Result in Member State authorities facing severe challenges to enforce the legislation, without enough resources to monitor developers’ self-assessment sufficiently;
  • Allow unscrupulous developers to avoid the basic requirements of the law that are meant to make their systems safer and more reliable. This would put responsible AI developers at a disadvantage. 

We urge lawmakers to reverse these changes and restore the Commission’s original language in Article 6. The AI Act must prioritise the rights of people affected by AI systems and ensure that AI development and use is both accountable and transparent.


Access Now 

BEUC – The European Consumer Organisation

European Digital Rights (EDRi)

Access Info Europe




All Faiths and None

All Out

Alternatif Bilisim (AiA-Alternative Informatics Association)

Amnesty International

ARSIS Association for the Social Support of Youth

Article 19

Asia Indigenous Peoples Pact


Association for Legal Studies on Immigration (ASGI)

Association Konekt

Balkan Civil Society Development Network

Bits of Freedom

Bulgarian center for Not-for-Profit Law (BCNL)

Center for AI and Digital Policy (CAIDP)

Chaos Computer Club

Civil Rights Defenders


CNVOS Slovenia

Coalizione Italiana Libertà e i Diritti civili

Comisión General Justicia y Paz de España

Controle Alt Delete

Corporate Europe Observatory (CEO)

D64 – Zentrum für Digitalen Fortschritt e. V.

DanChurchAid (DCA)

Danes je nov dan, Inštitut za druga vprašanja

Defend Democracy

Democracy Development Foundation Armenia


Digital Security Lab Ukraine

Digitale Gesellschaft



dTest, o.p.s.


EuroMed Rights

European Anti-Poverty Network (EAPN)

European Center for Not-for-Profit Law

European Civic Forum

European Movement Italy

European Network Against Racism (ENAR)

European Network on Statelessness

Fair Trials

Fair Vote UK

Fundación CIVES

Federación de Consumidores y Usuarios CECU

Federación de Sindicatos de Periodistas (FeSP)

Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband – vzbv) FIPR

Fritidsodlingens Riksorganisation


Greek Forum of Refugees

Health Action International

Homo Digitalis

Hungarian Civil Liberties Union

I Have Rights

IDAY Liberia Coalition Inc.

Institute Circle

Institute for Strategic Dialogue (ISD)

Irish Council for Civil Liberties


Iuridicum Remedium

KEPKA- Consumers Protection Center

Kif Kif vzw

KOK German NGO Network against Trafficking in Human Beings

Konsumentvägladarnas Förening

Kosovar Civil Society Foundation (KCSF)


La Strada International

LDH (Ligue des droits de l’Homme)

Legal Centre Lesvos


Ligue des droits humains

Metamorphosis Foundation

Migrant Tales

Mobile Info Team

Moje Państwo Foundation

National Federation of Polish NGOs (OFOP)

National NGO Coalition

New Europeans International

Norwegian Consumer Council



Ökotárs – Hungarian Environmental Partnership Foundation

Open Knowledge Foundation Germany

Panoptykon Foundation

Partners Albania for Change and Development

PIC – Legal Center for the Protection of Human Rights and the Environment

Platform for International Cooperation on Undocumented Migrants (PICUM)

Polish Women’s Strike Foundation


Privacy First

Privacy International

Privacy Network

PRO, Pensionärernas riksorganisation

Promo-LEX Association

Prostitution Information Center

Protection International

Red en Defensa de los Derechos Digitales


SKPF Pensionärerna




Stichting LOS

Superbloom (previously known as Simply Secure)

Swedish Asthma and Allergy Association


Symbiosis – Council of Europe School of Political Studies in Greece

The Swedish Consumers’ Association

Wikimedia Deutschland e. V.

1. The Council text proposes to exclude high-risk systems where the output of the system is ‘purely accessory in respect of the relevant action or decision to be taken’. The European Parliament text states that a system is high risk only if it poses a ‘significant risk’ to fundamental rights, health and safety. If the developer considers their system does not pose such a risk, they must notify a national authority, which has 3 months to respond.

 2. 150 civil society organisations have called on the EU institutions to ensure the AI act protect’s peoples’ rights during the AI Act trilogues: