On 19 May 2026, the European Commission opened a targeted consultation on the draft guidelines for classifying high-risk AI systems under Annex III of the AI Act. It closes on 23 June. That is thirty days to fix something the guidelines currently get wrong — and that no one in the public debate has named precisely.
The guidelines do not distinguish between two fundamentally different categories of AI system.
The first category is a deterministic workflow – a sequence of actions fixed in code before deployment, auditable at design time, whose behaviour under all anticipated conditions can be specified in advance.
The second is what researchers call an ‘agentic system’. Rather than just following a sequence of pre-determined steps, it generates the steps it will take on execution. In other words, an intervention plan that did not exist before the system encountered the specific case.
The distinction matters because it determines whether human oversight is structurally possible. In a deterministic workflow, you can embed oversight in the sequence — because the sequence is known. In an agentic system, the sequence does not exist before execution. Oversight cannot be designed into something that has not yet been generated. It must instead be anchored to the risk profile of each class of action — its irreversibility, its impact on rights — not to a predetermined flow.
