EU-AI-Act
Regulation (EU) 2024/1689 — Artificial Intelligence Act
- I. General Provisions
- Art. 1. Subject matter ref
- Art. 2. Scope ref
- Art. 3. Definitions ref
- Art. 4. AI literacy ref
- II. Prohibited AI Practices
- Art. 5. Prohibited artificial intelligence practices ref
- III. High-Risk AI Systems
- Ch. 1 — Classification of AI Systems as High-Risk
- Art. 6. Classification rules for high-risk AI systems (7)
- Art. 7. Amendments to Annex III (12)
- Ch. 2 — Requirements for High-Risk AI Systems
- Art. 8. Compliance with the requirements (5)
- Art. 9. Risk management system (15)
- Art. 10. Data and data governance (20)
- Art. 11. Technical documentation (7)
- Art. 12. Record-keeping (8)
- Art. 13. Transparency and provision of information to deployers (14)
- Art. 14. Human oversight (11)
- Art. 15. Accuracy, robustness and cybersecurity (9)
- Ch. 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Art. 16. Obligations of providers of high-risk AI systems (12)
- Art. 17. Quality management system (16)
- Art. 18. Documentation keeping (6)
- Art. 19. Automatically generated logs (2)
- Art. 20. Corrective actions and duty of information (5)
- Art. 21. Cooperation with competent authorities (3)
- Art. 22. Duty of providers of high-risk AI systems to inform (2)
- Art. 23. Obligations of importers (12)
- Art. 24. Obligations of distributors (10)
- Art. 25. Responsibilities along the AI value chain (9)
- Ch. 4 — Obligations of Deployers of High-Risk AI Systems
- Art. 26. Obligations of deployers of high-risk AI systems (17)
- Art. 27. Fundamental rights impact assessment for high-risk AI systems (10)
- Ch. 5 — Notifying Authorities and Notified Bodies
- Art. 28. Notifying authorities (8)
- IV. Transparency Obligations for Providers and Deployers of Certain AI Systems
- Art. 50. Transparency obligations for providers and deployers of certain AI systems (9)
- V. General-Purpose AI Models
- Ch. 1 — Classification Rules
- Art. 51. Classification of general-purpose AI models as general-purpose AI models with systemic risk (4)
- Ch. 2 — Obligations for Providers of General-Purpose AI Models
- Art. 53. Obligations for providers of general-purpose AI models (6)
- Art. 54. Authorised representatives of providers of general-purpose AI models (11)
- Art. 55. Obligations for providers of general-purpose AI models with systemic risk (6)
- Art. 56. Codes of practice (8)
- VIII. Post-Market Monitoring, Information Sharing and Market Surveillance
- Ch. 1 — Post-Market Monitoring
- Art. 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems (7)
- Ch. 2 — Sharing of Information on Serious Incidents
- Art. 73. Reporting of serious incidents (12)
- X. Codes of Conduct and Guidelines
- Art. 95. Codes of conduct for voluntary application of specific requirements (6)
- XII. Penalties
- Art. 99. Penalties (8)
- Art. 100. Administrative fines on Union institutions, bodies, offices and agencies (7)
- Art. 101. Penalties for providers of general-purpose AI models (4)
- Annex I. Union Harmonisation Legislation Listed in Article 6(1)
- Annex III. High-Risk AI Systems Referred to in Article 6(2)
- Annex IV. Technical Documentation Referred to in Article 11(1)
Title I — General Provisions
Title II — Prohibited AI Practices
Title III — High-Risk AI Systems
Chapter 1 — Classification of AI Systems as High-Risk
Chapter 2 — Requirements for High-Risk AI Systems
Chapter 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
Article 16. Obligations of providers of high-risk AI systems
1 obligation
Article 17. Quality management system
16 obligations
EU-AIA-17-01
Requirement
Establish quality management system for high-risk AI systems
Providers of high-risk AI systems must put a quality management system in place that ensures compliance with this Regula
EU-AIA-17-02
Documentation
Document quality management system systematically
The quality management system must be documented in a systematic and orderly manner in the form of written policies, pro
EU-AIA-17-03
Requirement
Include regulatory compliance strategy in QMS
The quality management system must include a strategy for regulatory compliance, including compliance with conformity as
EU-AIA-17-04
Requirement
Include design techniques and procedures in QMS
The quality management system must include techniques, procedures and systematic actions to be used for the design, desi
EU-AIA-17-05
Requirement
Include development and quality control procedures in QMS
The quality management system must include techniques, procedures and systematic actions to be used for the development,
EU-AIA-17-06
Requirement
Include examination, test and validation procedures in QMS
The quality management system must include examination, test and validation procedures to be carried out before, during
EU-AIA-17-07
Requirement
Include technical specifications and standards in QMS
The quality management system must include technical specifications, including standards, to be applied and, where the r
EU-AIA-17-08
Data Governance
Include comprehensive data management systems in QMS
The quality management system must include systems and procedures for data management, including data acquisition, data
EU-AIA-17-09
Risk Management
Include risk management system in QMS
The quality management system must include the risk management system referred to in Article 9.
EU-AIA-17-10
Monitoring
Include post-market monitoring system in QMS
The quality management system must include the setting-up, implementation and maintenance of a post-market monitoring sy
EU-AIA-17-11
Reporting
Include serious incident reporting procedures in QMS
The quality management system must include procedures related to the reporting of a serious incident in accordance with
EU-AIA-17-12
Requirement
Include communication handling procedures in QMS
The quality management system must include the handling of communication with national competent authorities, other rele
EU-AIA-17-13
Documentation
Include record-keeping systems in QMS
The quality management system must include systems and procedures for record-keeping of all relevant documentation and i
EU-AIA-17-14
Requirement
Include resource management in QMS
The quality management system must include resource management, including security-of-supply related measures.
EU-AIA-17-15
Requirement
Include accountability framework in QMS
The quality management system must include an accountability framework setting out the responsibilities of the managemen
EU-AIA-17-16
Requirement
Ensure proportionate QMS implementation
The implementation of the quality management system aspects must be proportionate to the size of the provider's organisa
Article 18. Documentation keeping
6 obligations
EU-AIA-18-01
Documentation
Maintain technical documentation for 10 years
Keep technical documentation referred to in Article 11 at the disposal of national competent authorities for 10 years af
EU-AIA-18-02
Documentation
Maintain quality management system documentation for 10 years
Keep documentation concerning the quality management system referred to in Article 17 at the disposal of national compet
EU-AIA-18-03
Documentation
Maintain notified body approved changes documentation for 10 years
Keep documentation concerning changes approved by notified bodies at the disposal of national competent authorities for
EU-AIA-18-04
Documentation
Maintain notified body decisions and documents for 10 years
Keep decisions and other documents issued by notified bodies at the disposal of national competent authorities for 10 ye
EU-AIA-18-05
Documentation
Maintain EU declaration of conformity for 10 years
Keep the EU declaration of conformity referred to in Article 47 at the disposal of national competent authorities for 10
EU-AIA-18-06
Documentation
Maintain technical documentation under financial services law
Financial institutions subject to Union financial services law requirements must maintain technical documentation as par
Article 19. Automatically generated logs
2 obligations
EU-AIA-19-01
Documentation
Keep automatically generated logs for high-risk AI systems
Providers must retain logs automatically generated by their high-risk AI systems as referenced in Article 12, to the ext
EU-AIA-19-02
Documentation
Financial institutions maintain logs under financial services law documentation
Providers that are financial institutions subject to internal governance requirements under Union financial services law