EU-AI-Act
Regulation (EU) 2024/1689 — Artificial Intelligence Act
- I. General Provisions
- Art. 1. Subject matter ref
- Art. 2. Scope ref
- Art. 3. Definitions ref
- Art. 4. AI literacy ref
- II. Prohibited AI Practices
- Art. 5. Prohibited artificial intelligence practices ref
- III. High-Risk AI Systems
- Ch. 1 — Classification of AI Systems as High-Risk
- Art. 6. Classification rules for high-risk AI systems (7)
- Art. 7. Amendments to Annex III (12)
- Ch. 2 — Requirements for High-Risk AI Systems
- Art. 8. Compliance with the requirements (5)
- Art. 9. Risk management system (15)
- Art. 10. Data and data governance (20)
- Art. 11. Technical documentation (7)
- Art. 12. Record-keeping (8)
- Art. 13. Transparency and provision of information to deployers (14)
- Art. 14. Human oversight (11)
- Art. 15. Accuracy, robustness and cybersecurity (9)
- Ch. 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Art. 16. Obligations of providers of high-risk AI systems (12)
- Art. 17. Quality management system (16)
- Art. 18. Documentation keeping (6)
- Art. 19. Automatically generated logs (2)
- Art. 20. Corrective actions and duty of information (5)
- Art. 21. Cooperation with competent authorities (3)
- Art. 22. Duty of providers of high-risk AI systems to inform (2)
- Art. 23. Obligations of importers (12)
- Art. 24. Obligations of distributors (10)
- Art. 25. Responsibilities along the AI value chain (9)
- Ch. 4 — Obligations of Deployers of High-Risk AI Systems
- Art. 26. Obligations of deployers of high-risk AI systems (17)
- Art. 27. Fundamental rights impact assessment for high-risk AI systems (10)
- Ch. 5 — Notifying Authorities and Notified Bodies
- Art. 28. Notifying authorities (8)
- IV. Transparency Obligations for Providers and Deployers of Certain AI Systems
- Art. 50. Transparency obligations for providers and deployers of certain AI systems (9)
- V. General-Purpose AI Models
- Ch. 1 — Classification Rules
- Art. 51. Classification of general-purpose AI models as general-purpose AI models with systemic risk (4)
- Ch. 2 — Obligations for Providers of General-Purpose AI Models
- Art. 53. Obligations for providers of general-purpose AI models (6)
- Art. 54. Authorised representatives of providers of general-purpose AI models (11)
- Art. 55. Obligations for providers of general-purpose AI models with systemic risk (6)
- Art. 56. Codes of practice (8)
- VIII. Post-Market Monitoring, Information Sharing and Market Surveillance
- Ch. 1 — Post-Market Monitoring
- Art. 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems (7)
- Ch. 2 — Sharing of Information on Serious Incidents
- Art. 73. Reporting of serious incidents (12)
- X. Codes of Conduct and Guidelines
- Art. 95. Codes of conduct for voluntary application of specific requirements (6)
- XII. Penalties
- Art. 99. Penalties (8)
- Art. 100. Administrative fines on Union institutions, bodies, offices and agencies (7)
- Art. 101. Penalties for providers of general-purpose AI models (4)
- Annex I. Union Harmonisation Legislation Listed in Article 6(1)
- Annex III. High-Risk AI Systems Referred to in Article 6(2)
- Annex IV. Technical Documentation Referred to in Article 11(1)
Title I — General Provisions
Title II — Prohibited AI Practices
Title III — High-Risk AI Systems
Chapter 1 — Classification of AI Systems as High-Risk
Chapter 2 — Requirements for High-Risk AI Systems
Article 10. Data and data governance
7 obligations
EU-AIA-10-14
Data Governance
Verify necessity before processing special categories of personal data
Providers may only process special categories of personal data if it is strictly necessary for bias detection and correc
EU-AIA-10-15
Data Governance
Apply technical limitations and security measures to special personal data
Special categories of personal data must be subject to technical limitations on re-use and state-of-the-art security and
EU-AIA-10-16
Data Governance
Implement access controls for special personal data
Special categories of personal data must be subject to measures ensuring they are secured, protected, with suitable safe
EU-AIA-10-17
Prohibition
Prohibit transmission of special personal data to other parties
Special categories of personal data must not be transmitted, transferred or otherwise accessed by other parties.
EU-AIA-10-18
Data Governance
Delete special personal data after bias correction or retention period
Special categories of personal data must be deleted once the bias has been corrected or the personal data has reached th
EU-AIA-10-19
Documentation
Document justification for special personal data processing in records
Processing activity records under GDPR and related regulations must include reasons why processing special categories of
EU-AIA-10-20
Data Governance
Apply data requirements to testing data for non-training AI systems
For high-risk AI systems not making use of techniques involving training of AI models, paragraphs 2 to 5 apply only to t
Article 11. Technical documentation
7 obligations
EU-AIA-11-01
Documentation
Draw up technical documentation before market placement/service
Technical documentation of a high-risk AI system must be created before the system is placed on the market or put into s
EU-AIA-11-02
Documentation
Keep technical documentation up to date
The technical documentation must be maintained and kept current throughout the lifecycle of the high-risk AI system.
EU-AIA-11-03
Documentation
Include minimum elements from Annex IV in technical documentation
Technical documentation must contain, at minimum, all elements specified in Annex IV to demonstrate compliance with Chap
EU-AIA-11-04
Documentation
Use simplified technical documentation form (SMEs)
SMEs including start-ups that opt to provide Annex IV information in a simplified manner must use the Commission-establi
EU-AIA-11-05
Documentation
Create single technical documentation for harmonized products
For high-risk AI systems related to products covered by Union harmonisation legislation in Annex I Section A, a single s
EU-AIA-11-06
Conformity
Accept simplified technical documentation form (notified bodies)
Notified bodies must accept the Commission's simplified technical documentation form when used by SMEs for conformity as
EU-AIA-11-07
Requirement
Establish simplified technical documentation form (Commission)
The European Commission must establish a simplified technical documentation form specifically designed for the needs of
Article 12. Record-keeping
3 obligations
EU-AIA-12-01
Requirement
Implement automatic event logging capabilities
High-risk AI systems must be technically designed to automatically record events (logs) throughout the system's entire o
EU-AIA-12-02
Requirement
Ensure appropriate traceability throughout system lifecycle
The logging capabilities must ensure a level of traceability of the AI system's functioning throughout its lifecycle tha
EU-AIA-12-03
Monitoring
Enable monitoring for risk situations and substantial modifications
Logging capabilities must enable monitoring of the high-risk AI system's operation to detect situations that may result