EU-AI-Act
Regulation (EU) 2024/1689 — Artificial Intelligence Act
- I. General Provisions
- Art. 1. Subject matter ref
- Art. 2. Scope ref
- Art. 3. Definitions ref
- Art. 4. AI literacy ref
- II. Prohibited AI Practices
- Art. 5. Prohibited artificial intelligence practices ref
- III. High-Risk AI Systems
- Ch. 1 — Classification of AI Systems as High-Risk
- Art. 6. Classification rules for high-risk AI systems (7)
- Art. 7. Amendments to Annex III (12)
- Ch. 2 — Requirements for High-Risk AI Systems
- Art. 8. Compliance with the requirements (5)
- Art. 9. Risk management system (15)
- Art. 10. Data and data governance (20)
- Art. 11. Technical documentation (7)
- Art. 12. Record-keeping (8)
- Art. 13. Transparency and provision of information to deployers (14)
- Art. 14. Human oversight (11)
- Art. 15. Accuracy, robustness and cybersecurity (9)
- Ch. 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Art. 16. Obligations of providers of high-risk AI systems (12)
- Art. 17. Quality management system (16)
- Art. 18. Documentation keeping (6)
- Art. 19. Automatically generated logs (2)
- Art. 20. Corrective actions and duty of information (5)
- Art. 21. Cooperation with competent authorities (3)
- Art. 22. Duty of providers of high-risk AI systems to inform (2)
- Art. 23. Obligations of importers (12)
- Art. 24. Obligations of distributors (10)
- Art. 25. Responsibilities along the AI value chain (9)
- Ch. 4 — Obligations of Deployers of High-Risk AI Systems
- Art. 26. Obligations of deployers of high-risk AI systems (17)
- Art. 27. Fundamental rights impact assessment for high-risk AI systems (10)
- Ch. 5 — Notifying Authorities and Notified Bodies
- Art. 28. Notifying authorities (8)
- IV. Transparency Obligations for Providers and Deployers of Certain AI Systems
- Art. 50. Transparency obligations for providers and deployers of certain AI systems (9)
- V. General-Purpose AI Models
- Ch. 1 — Classification Rules
- Art. 51. Classification of general-purpose AI models as general-purpose AI models with systemic risk (4)
- Ch. 2 — Obligations for Providers of General-Purpose AI Models
- Art. 53. Obligations for providers of general-purpose AI models (6)
- Art. 54. Authorised representatives of providers of general-purpose AI models (11)
- Art. 55. Obligations for providers of general-purpose AI models with systemic risk (6)
- Art. 56. Codes of practice (8)
- VIII. Post-Market Monitoring, Information Sharing and Market Surveillance
- Ch. 1 — Post-Market Monitoring
- Art. 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems (7)
- Ch. 2 — Sharing of Information on Serious Incidents
- Art. 73. Reporting of serious incidents (12)
- X. Codes of Conduct and Guidelines
- Art. 95. Codes of conduct for voluntary application of specific requirements (6)
- XII. Penalties
- Art. 99. Penalties (8)
- Art. 100. Administrative fines on Union institutions, bodies, offices and agencies (7)
- Art. 101. Penalties for providers of general-purpose AI models (4)
- Annex I. Union Harmonisation Legislation Listed in Article 6(1)
- Annex III. High-Risk AI Systems Referred to in Article 6(2)
- Annex IV. Technical Documentation Referred to in Article 11(1)
Title I — General Provisions
Title II — Prohibited AI Practices
Title III — High-Risk AI Systems
Chapter 1 — Classification of AI Systems as High-Risk
Chapter 2 — Requirements for High-Risk AI Systems
Article 8. Compliance with the requirements
5 obligations
EU-AIA-8-01
Requirement
High-risk AI systems must comply with Chapter requirements considering intended purpose
High-risk AI systems must comply with all requirements laid down in Chapter 2, taking into account their intended purpos
EU-AIA-8-02
Requirement
Dual compliance required for AI systems in products under harmonisation legislation
Where a product contains an AI system that is subject to both this Regulation and Union harmonisation legislation listed
EU-AIA-8-03
Requirement
Providers must consider state of art to minimize risks when ensuring compliance
To ensure high-risk AI systems referred to in Article 6(1) comply with Chapter requirements and minimize risks to health
EU-AIA-8-04
Conformity
Presumption of conformity through harmonised standards compliance
Providers who comply with harmonised standards referred to in Article 40 or common specifications referred to in Article
EU-AIA-8-05
Requirement
Cross-setting compliance measures for geographically/contextually trained systems
Providers of high-risk AI systems that have been trained and tested on data concerning specific geographical, behavioura
Article 9. Risk management system
15 obligations
EU-AIA-9-01
Risk Management
Establish risk management system for high-risk AI systems
A risk management system must be established, implemented, documented and maintained in relation to high-risk AI systems
EU-AIA-9-02
Risk Management
Implement continuous iterative risk management process
The risk management system must be understood as a continuous iterative process planned and run throughout the entire li
EU-AIA-9-03
Risk Management
Identify and analyze known and reasonably foreseeable risks
Providers must identify and analyze the known and the reasonably foreseeable risks that the high-risk AI system can pose
EU-AIA-9-04
Risk Management
Estimate and evaluate risks under intended use and foreseeable misuse
Providers must estimate and evaluate the risks that may emerge when the high-risk AI system is used in accordance with i
EU-AIA-9-05
Risk Management
Evaluate risks from post-market monitoring data
Providers must evaluate other risks possibly arising, based on the analysis of data gathered from the post-market monito
EU-AIA-9-06
Risk Management
Adopt appropriate and targeted risk management measures
Providers must adopt appropriate and targeted risk management measures designed to address the risks identified through
EU-AIA-9-07
Risk Management
Consider combined effects of requirements in risk management
Risk management measures must give due consideration to the effects and possible interactions resulting from the combine
EU-AIA-9-08
Risk Management
Ensure acceptable residual risk levels
Risk management measures must ensure that the relevant residual risk associated with each hazard, as well as the overall
EU-AIA-9-09
Risk Management
Eliminate or reduce risks through adequate design and development
Providers must ensure elimination or reduction of identified and evaluated risks as far as technically feasible through
EU-AIA-9-10
Risk Management
Implement mitigation and control measures for non-eliminable risks
Where appropriate, providers must implement adequate mitigation and control measures addressing risks that cannot be eli
EU-AIA-9-11
Transparency
Provide required information and training to deployers
Providers must provide information required pursuant to Article 13, and, where appropriate, training to deployers. Due c
EU-AIA-9-12
Risk Management
Test high-risk AI systems for risk management purposes
High-risk AI systems must be tested for the purpose of identifying the most appropriate and targeted risk management mea
EU-AIA-9-13
Conformity
Conduct testing throughout development and before market placement
Testing of high-risk AI systems must be performed, as appropriate, at any point in time throughout the development proce
EU-AIA-9-14
Conformity
Test against predefined metrics and probabilistic thresholds
Testing must be carried out against prior defined metrics and probabilistic thresholds that are appropriate to the inten
EU-AIA-9-15
Risk Management
Consider impact on minors and vulnerable groups in risk management
When implementing the risk management system, providers must give consideration to whether, in light of its intended pur
Chapter 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
Chapter 4 — Obligations of Deployers of High-Risk AI Systems
Chapter 5 — Notifying Authorities and Notified Bodies
Title IV — Transparency Obligations for Providers and Deployers of Certain AI Systems
Title V — General-Purpose AI Models
Chapter 1 — Classification Rules
Chapter 2 — Obligations for Providers of General-Purpose AI Models
Title VIII — Post-Market Monitoring, Information Sharing and Market Surveillance
Chapter 1 — Post-Market Monitoring
Chapter 2 — Sharing of Information on Serious Incidents
Title X — Codes of Conduct and Guidelines
Article 95. Codes of conduct for voluntary application of specific requirements
5 obligations
EU-AIA-95-01
Requirement
AI Office obligation to encourage and facilitate codes of conduct for non-high-risk AI
The AI Office must encourage and facilitate the drawing up of codes of conduct intended to foster voluntary application
EU-AIA-95-02
Requirement
Member States obligation to encourage and facilitate codes of conduct for non-high-risk AI
Member States must encourage and facilitate the drawing up of codes of conduct intended to foster voluntary application
EU-AIA-95-03
Requirement
AI Office obligation to facilitate specific codes of conduct for all AI systems
The AI Office must facilitate the drawing up of codes of conduct concerning voluntary application of specific requiremen
EU-AIA-95-04
Requirement
Member States obligation to facilitate specific codes of conduct for all AI systems
Member States must facilitate the drawing up of codes of conduct concerning voluntary application of specific requiremen
EU-AIA-95-05
Requirement
AI Office obligation to consider SME interests in code facilitation
The AI Office must take into account the specific interests and needs of SMEs, including start-ups, when encouraging and