EU-AI-Act
Regulation (EU) 2024/1689 — Artificial Intelligence Act
- I. General Provisions
- Art. 1. Subject matter ref
- Art. 2. Scope ref
- Art. 3. Definitions ref
- Art. 4. AI literacy ref
- II. Prohibited AI Practices
- Art. 5. Prohibited artificial intelligence practices ref
- III. High-Risk AI Systems
- Ch. 1 — Classification of AI Systems as High-Risk
- Art. 6. Classification rules for high-risk AI systems (7)
- Art. 7. Amendments to Annex III (12)
- Ch. 2 — Requirements for High-Risk AI Systems
- Art. 8. Compliance with the requirements (5)
- Art. 9. Risk management system (15)
- Art. 10. Data and data governance (20)
- Art. 11. Technical documentation (7)
- Art. 12. Record-keeping (8)
- Art. 13. Transparency and provision of information to deployers (14)
- Art. 14. Human oversight (11)
- Art. 15. Accuracy, robustness and cybersecurity (9)
- Ch. 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Art. 16. Obligations of providers of high-risk AI systems (12)
- Art. 17. Quality management system (16)
- Art. 18. Documentation keeping (6)
- Art. 19. Automatically generated logs (2)
- Art. 20. Corrective actions and duty of information (5)
- Art. 21. Cooperation with competent authorities (3)
- Art. 22. Duty of providers of high-risk AI systems to inform (2)
- Art. 23. Obligations of importers (12)
- Art. 24. Obligations of distributors (10)
- Art. 25. Responsibilities along the AI value chain (9)
- Ch. 4 — Obligations of Deployers of High-Risk AI Systems
- Art. 26. Obligations of deployers of high-risk AI systems (17)
- Art. 27. Fundamental rights impact assessment for high-risk AI systems (10)
- Ch. 5 — Notifying Authorities and Notified Bodies
- Art. 28. Notifying authorities (8)
- IV. Transparency Obligations for Providers and Deployers of Certain AI Systems
- Art. 50. Transparency obligations for providers and deployers of certain AI systems (9)
- V. General-Purpose AI Models
- Ch. 1 — Classification Rules
- Art. 51. Classification of general-purpose AI models as general-purpose AI models with systemic risk (4)
- Ch. 2 — Obligations for Providers of General-Purpose AI Models
- Art. 53. Obligations for providers of general-purpose AI models (6)
- Art. 54. Authorised representatives of providers of general-purpose AI models (11)
- Art. 55. Obligations for providers of general-purpose AI models with systemic risk (6)
- Art. 56. Codes of practice (8)
- VIII. Post-Market Monitoring, Information Sharing and Market Surveillance
- Ch. 1 — Post-Market Monitoring
- Art. 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems (7)
- Ch. 2 — Sharing of Information on Serious Incidents
- Art. 73. Reporting of serious incidents (12)
- X. Codes of Conduct and Guidelines
- Art. 95. Codes of conduct for voluntary application of specific requirements (6)
- XII. Penalties
- Art. 99. Penalties (8)
- Art. 100. Administrative fines on Union institutions, bodies, offices and agencies (7)
- Art. 101. Penalties for providers of general-purpose AI models (4)
- Annex I. Union Harmonisation Legislation Listed in Article 6(1)
- Annex III. High-Risk AI Systems Referred to in Article 6(2)
- Annex IV. Technical Documentation Referred to in Article 11(1)
Title I — General Provisions
Title II — Prohibited AI Practices
Title III — High-Risk AI Systems
Chapter 1 — Classification of AI Systems as High-Risk
Chapter 2 — Requirements for High-Risk AI Systems
Article 10. Data and data governance
13 obligations
EU-AIA-10-01
Data Governance
Use quality training, validation and testing data sets
High-risk AI systems using training techniques must be developed using training, validation and testing data sets that m
EU-AIA-10-02
Data Governance
Implement appropriate data governance and management practices
Training, validation and testing data sets must be subject to data governance and management practices appropriate for t
EU-AIA-10-03
Documentation
Document relevant design choices
Data governance practices must concern the relevant design choices for training, validation and testing data sets.
EU-AIA-10-04
Documentation
Document data collection processes and origin
Data governance practices must document data collection processes and the origin of data, including the original purpose
EU-AIA-10-05
Documentation
Document data preparation processing operations
Data governance practices must document relevant data-preparation processing operations, such as annotation, labelling,
EU-AIA-10-06
Documentation
Formulate and document assumptions about data
Data governance practices must include the formulation of assumptions, particularly with respect to the information that
EU-AIA-10-07
Data Governance
Assess data availability, quantity and suitability
Data governance practices must include an assessment of the availability, quantity and suitability of the data sets that
EU-AIA-10-08
Risk Management
Examine data for possible biases
Data governance practices must include examination for possible biases that are likely to affect health and safety, nega
EU-AIA-10-09
Risk Management
Implement bias detection, prevention and mitigation measures
Data governance practices must include appropriate measures to detect, prevent and mitigate possible biases identified i
EU-AIA-10-10
Data Governance
Identify and address data gaps and shortcomings
Data governance practices must include identification of relevant data gaps or shortcomings that prevent compliance with
EU-AIA-10-11
Data Governance
Ensure data sets are relevant, representative and error-free
Training, validation and testing data sets must be relevant, sufficiently representative, and to the best extent possibl
EU-AIA-10-12
Data Governance
Ensure data sets have appropriate statistical properties
Data sets must have appropriate statistical properties, including, where applicable, as regards the persons or groups of
EU-AIA-10-13
Data Governance
Account for geographical and contextual characteristics in data sets
Data sets must take into account, to the extent required by the intended purpose, the characteristics or elements partic
Chapter 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
Chapter 4 — Obligations of Deployers of High-Risk AI Systems
Chapter 5 — Notifying Authorities and Notified Bodies
Title IV — Transparency Obligations for Providers and Deployers of Certain AI Systems
Title V — General-Purpose AI Models
Chapter 1 — Classification Rules
Chapter 2 — Obligations for Providers of General-Purpose AI Models
Title VIII — Post-Market Monitoring, Information Sharing and Market Surveillance
Chapter 1 — Post-Market Monitoring
Chapter 2 — Sharing of Information on Serious Incidents
Title X — Codes of Conduct and Guidelines
Title XII — Penalties
Article 100. Administrative fines on Union institutions, bodies, offices and agencies
7 obligations
EU-AIA-100-01
Requirement
Consider relevant circumstances when imposing administrative fines
When deciding whether to impose an administrative fine and determining the amount, the European Data Protection Supervis
EU-AIA-100-02
Requirement
Provide opportunity to be heard before imposing administrative fines
Before taking decisions to impose administrative fines, the European Data Protection Supervisor must give the Union inst
EU-AIA-100-03
Requirement
Base decisions only on elements parties can comment on
The European Data Protection Supervisor must base his or her decisions only on elements and circumstances on which the p
EU-AIA-100-04
Requirement
Associate complainants closely with proceedings
The European Data Protection Supervisor must closely associate complainants, if any, with the proceedings for administra
EU-AIA-100-05
Requirement
Fully respect rights of defence in proceedings
The European Data Protection Supervisor must fully respect the rights of defence of the parties concerned in the proceed
EU-AIA-100-06
Requirement
Provide access to EDPS file subject to legitimate interests
The European Data Protection Supervisor must ensure that parties are entitled to have access to the European Data Protec
EU-AIA-100-07
Requirement
Contribute collected fines to Union general budget
Funds collected by imposition of fines under this Article must be contributed to the general budget of the Union.
Article 101. Penalties for providers of general-purpose AI models
4 obligations
EU-AIA-101-01
Requirement
Comply with EU AI Act provisions for general-purpose AI models
Providers of general-purpose AI models must comply with all relevant provisions of the EU AI Act to avoid fines of up to
EU-AIA-101-02
Transparency
Comply with document/information requests per Article 91
Providers of general-purpose AI models must comply with Commission requests for documents or information pursuant to Art
EU-AIA-101-03
Requirement
Comply with measures requested under Article 93
Providers of general-purpose AI models must comply with measures requested by the Commission under Article 93 to avoid f
EU-AIA-101-04
Transparency
Provide Commission access to AI models for evaluation per Article 92
Providers must make available to the Commission access to their general-purpose AI model or general-purpose AI model wit