The EU AI Act uses the intended purpose specification as the load-bearing document for high-risk classification. If your specification is ambiguous, the classification assessment is ambiguous. If it does not clearly exclude high-risk uses, you cannot self-certify that you have.

The classification guidelines the Commission published this year are careful and detailed on this. They correctly note that a provider cannot escape high-risk classification by asserting exclusions that the specification's actual scope, examples, or positioning contradicts.

What the guidelines do not require is that the specification be structurally complete before the system goes to market.

That is a gap. The specification is the primary evidence base. The guidelines establish that its quality matters for classification. They do not establish what quality means.

We already have data on what this looks like in practice. Across 34 real AI governance documents from multiple sectors, zero declare any trigger for revalidation. The most common failures: no verifiable success definition, no scope boundary, no verification mechanism. These are not edge cases. They are the norm (arXiv:2604.21090).

Aviation certification has required structural completeness for software specifications since DO-178B in 1992. Every requirement traces to a test. Every test traces back. Extraneous code is a finding. Undocumented behaviour is a finding. The Commission's own classification guidelines acknowledge that aviation's tradition is relevant here.

The compliance guidelines that follow the classification guidelines are the right instrument to close this. Five criteria: a verifiable purpose declaration, a scope boundary, a verification mechanism, an internal consistency requirement, and a currency declaration stating when the document requires revalidation.

These are not additional obligations. Each one is already implied by Articles 9, 13, 14, 16, and 72. Making them explicit reduces burden: it tells providers what is structurally necessary before market, rather than leaving them to infer it from downstream compliance requirements.

I submitted this as a formal comment to the EU stakeholder consultation on the Draft Guidelines on the Classification of High-Risk AI Systems under Article 6 of the AI Act (contribution 259d4ef8-6ebf-4177-9b5e-513714606ac0, submitted 21 June 2026). The comment record is public.