Executive Summary

On December 4th 2025, the European Union Agency for Fundamental Rights (FRA) issued a new report that crystallizes a problem long visible to practitioners: the EU AI Act is facing a structural failure = and it begins at Article 6.

Most organizations assume the Act’s real complexity sits downstream in Chapter III obligations: risk management, documentation, oversight, monitoring. But the FRA’s findings show the opposite. The Act collapses much earlier, at the point where organizations determine whether a system is high-risk in the first place.

The report highlights three interlocking vulnerabilities:

• Organizations are redefining “AI” narrowly to escape the Act entirely.

• Article 6(3)’s “filter” is being stretched, creating potential loopholes for systems that impact fundamental rights.

• Providers are missing the profiling-override logic that automatically designates systems as high-risk.

The result is severe: When classification is wrong, Article 27 never triggers. No Fundamental Rights Impact Assessment (FRIA) is performed. The entire safeguard architecture vanishes.

This article explains why Article 6 is the upstream bottleneck, how misclassification silently nullifies the regulation, and what “upstream logic” must look like before any organization can claim compliance.