BRUSSELS — The Business Software Alliance (BSA) has called on the European Commission to ensure that upcoming guidance on the AI Act’s high-risk classification rules stays closely tied to real-world use, warning that vague or overly broad definitions could pull in low-risk AI systems commonly used by businesses across Europe. 

In its response to the Commission’s consultation on Article 6 of the AI Act, BSA stresses that the intended purpose of an AI system must remain the key factor in determining whether it falls under high-risk obligations. BSA also warns that treating all flexible or multi-use AI as inherently high-risk — or conflating them with general-purpose AI (GPAI) — would introduce unnecessary compliance burdens and create legal uncertainty. 

“Not every AI system that can perform multiple tasks is a foundation model, and not every tool that supports business operations poses a high risk to people’s rights or safety,” said Hadrien Valembois, Director, Policy-EMEA. “The classification rules need to reflect what the system is designed and used to do.” 

BSA is urging the Commission to address several implementation risks by providing guidance that: 

• Distinguishes between general-purpose functionality and GPAI. Many enterprise AI systems support multiple uses, but don’t meet the criteria for general-purpose AI under the AI Act. The Commission should avoid treating these systems in the same context as GPAI models, unless they meet the qualification criteria.
• Reinforces safeguards to protect trade secrets and proprietary information. The guidelines should confirm that compliance obligations, such as documentation or transparency, do not require companies to disclose confidential technical information.
• Takes a proportionate approach to high-risk classification. AI tools used for cybersecurity, for example, should not be automatically treated as high-risk simply because they process sensitive inputs. The assessment must focus on the system’s intended use and whether it genuinely creates a risk to health, safety, or fundamental rights.
• Defines what a substantial modification is. BSA calls for clarity on when an entity has intentionally changed the intended purpose or core capabilities of an AI system in a way that materially increases reasonably foreseeable risks. 

BSA has played an active role in shaping the AI Act from its earliest stages and continues to support a risk-based, use-focused approach to AI regulation. Over the past six months, BSA has contributed to key EU and global initiatives on AI governance — including its response to the EU’s GPAI Code of Practice, comments on the Commission’s GPAI guidance, and its endorsement of the G7’s AI adoption roadmap. Across this work, BSA has consistently called for rules that safeguard fundamental rights while enabling responsible adoption of AI systems across the enterprise ecosystem.