EU-AI-Act
Regulation (EU) 2024/1689 — Artificial Intelligence Act
- I. General Provisions
- Art. 1. Subject matter ref
- Art. 2. Scope ref
- Art. 3. Definitions ref
- Art. 4. AI literacy ref
- II. Prohibited AI Practices
- Art. 5. Prohibited artificial intelligence practices ref
- III. High-Risk AI Systems
- Ch. 1 — Classification of AI Systems as High-Risk
- Art. 6. Classification rules for high-risk AI systems (7)
- Art. 7. Amendments to Annex III (12)
- Ch. 2 — Requirements for High-Risk AI Systems
- Art. 8. Compliance with the requirements (5)
- Art. 9. Risk management system (15)
- Art. 10. Data and data governance (20)
- Art. 11. Technical documentation (7)
- Art. 12. Record-keeping (8)
- Art. 13. Transparency and provision of information to deployers (14)
- Art. 14. Human oversight (11)
- Art. 15. Accuracy, robustness and cybersecurity (9)
- Ch. 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Art. 16. Obligations of providers of high-risk AI systems (12)
- Art. 17. Quality management system (16)
- Art. 18. Documentation keeping (6)
- Art. 19. Automatically generated logs (2)
- Art. 20. Corrective actions and duty of information (5)
- Art. 21. Cooperation with competent authorities (3)
- Art. 22. Duty of providers of high-risk AI systems to inform (2)
- Art. 23. Obligations of importers (12)
- Art. 24. Obligations of distributors (10)
- Art. 25. Responsibilities along the AI value chain (9)
- Ch. 4 — Obligations of Deployers of High-Risk AI Systems
- Art. 26. Obligations of deployers of high-risk AI systems (17)
- Art. 27. Fundamental rights impact assessment for high-risk AI systems (10)
- Ch. 5 — Notifying Authorities and Notified Bodies
- Art. 28. Notifying authorities (8)
- IV. Transparency Obligations for Providers and Deployers of Certain AI Systems
- Art. 50. Transparency obligations for providers and deployers of certain AI systems (9)
- V. General-Purpose AI Models
- Ch. 1 — Classification Rules
- Art. 51. Classification of general-purpose AI models as general-purpose AI models with systemic risk (4)
- Ch. 2 — Obligations for Providers of General-Purpose AI Models
- Art. 53. Obligations for providers of general-purpose AI models (6)
- Art. 54. Authorised representatives of providers of general-purpose AI models (11)
- Art. 55. Obligations for providers of general-purpose AI models with systemic risk (6)
- Art. 56. Codes of practice (8)
- VIII. Post-Market Monitoring, Information Sharing and Market Surveillance
- Ch. 1 — Post-Market Monitoring
- Art. 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems (7)
- Ch. 2 — Sharing of Information on Serious Incidents
- Art. 73. Reporting of serious incidents (12)
- X. Codes of Conduct and Guidelines
- Art. 95. Codes of conduct for voluntary application of specific requirements (6)
- XII. Penalties
- Art. 99. Penalties (8)
- Art. 100. Administrative fines on Union institutions, bodies, offices and agencies (7)
- Art. 101. Penalties for providers of general-purpose AI models (4)
- Annex I. Union Harmonisation Legislation Listed in Article 6(1)
- Annex III. High-Risk AI Systems Referred to in Article 6(2)
- Annex IV. Technical Documentation Referred to in Article 11(1)
Documentation Obligations
40Title I — General Provisions
Title II — Prohibited AI Practices
Title III — High-Risk AI Systems
Chapter 1 — Classification of AI Systems as High-Risk
Article 6. Classification rules for high-risk AI systems
1 obligation
Chapter 2 — Requirements for High-Risk AI Systems
Article 10. Data and data governance
5 obligations
EU-AIA-10-03
Documentation
Document relevant design choices
Data governance practices must concern the relevant design choices for training, validation and testing data sets.
EU-AIA-10-04
Documentation
Document data collection processes and origin
Data governance practices must document data collection processes and the origin of data, including the original purpose
EU-AIA-10-05
Documentation
Document data preparation processing operations
Data governance practices must document relevant data-preparation processing operations, such as annotation, labelling,
EU-AIA-10-06
Documentation
Formulate and document assumptions about data
Data governance practices must include the formulation of assumptions, particularly with respect to the information that
EU-AIA-10-19
Documentation
Document justification for special personal data processing in records
Processing activity records under GDPR and related regulations must include reasons why processing special categories of
Article 11. Technical documentation
5 obligations
EU-AIA-11-01
Documentation
Draw up technical documentation before market placement/service
Technical documentation of a high-risk AI system must be created before the system is placed on the market or put into s
EU-AIA-11-02
Documentation
Keep technical documentation up to date
The technical documentation must be maintained and kept current throughout the lifecycle of the high-risk AI system.
EU-AIA-11-03
Documentation
Include minimum elements from Annex IV in technical documentation
Technical documentation must contain, at minimum, all elements specified in Annex IV to demonstrate compliance with Chap
EU-AIA-11-04
Documentation
Use simplified technical documentation form (SMEs)
SMEs including start-ups that opt to provide Annex IV information in a simplified manner must use the Commission-establi
EU-AIA-11-05
Documentation
Create single technical documentation for harmonized products
For high-risk AI systems related to products covered by Union harmonisation legislation in Annex I Section A, a single s
Article 12. Record-keeping
4 obligations
EU-AIA-12-05
Documentation
Record usage periods for biometric identification systems
For high-risk AI systems referred to in point 1(a) of Annex III (biometric identification systems), logging capabilities
EU-AIA-12-06
Documentation
Record reference database information for biometric identification systems
For high-risk AI systems referred to in point 1(a) of Annex III (biometric identification systems), logging capabilities
EU-AIA-12-07
Documentation
Record matching input data for biometric identification systems
For high-risk AI systems referred to in point 1(a) of Annex III (biometric identification systems), logging capabilities
EU-AIA-12-08
Documentation
Record identity of result verification personnel for biometric identification systems
For high-risk AI systems referred to in point 1(a) of Annex III (biometric identification systems), logging capabilities
Article 13. Transparency and provision of information to deployers
2 obligations
EU-AIA-13-02
Documentation
Provide instructions for use in appropriate digital format
High-risk AI systems must be accompanied by instructions for use in an appropriate digital format or otherwise that incl
EU-AIA-13-13
Documentation
Specify computational resources and maintenance requirements
Instructions must include the computational and hardware resources needed, expected system lifetime, and necessary maint
Chapter 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
Article 16. Obligations of providers of high-risk AI systems
1 obligation
Article 17. Quality management system
2 obligations
EU-AIA-17-02
Documentation
Document quality management system systematically
The quality management system must be documented in a systematic and orderly manner in the form of written policies, pro
EU-AIA-17-13
Documentation
Include record-keeping systems in QMS
The quality management system must include systems and procedures for record-keeping of all relevant documentation and i
Article 18. Documentation keeping
6 obligations
EU-AIA-18-01
Documentation
Maintain technical documentation for 10 years
Keep technical documentation referred to in Article 11 at the disposal of national competent authorities for 10 years af
EU-AIA-18-02
Documentation
Maintain quality management system documentation for 10 years
Keep documentation concerning the quality management system referred to in Article 17 at the disposal of national compet
EU-AIA-18-03
Documentation
Maintain notified body approved changes documentation for 10 years
Keep documentation concerning changes approved by notified bodies at the disposal of national competent authorities for
EU-AIA-18-04
Documentation
Maintain notified body decisions and documents for 10 years
Keep decisions and other documents issued by notified bodies at the disposal of national competent authorities for 10 ye
EU-AIA-18-05
Documentation
Maintain EU declaration of conformity for 10 years
Keep the EU declaration of conformity referred to in Article 47 at the disposal of national competent authorities for 10
EU-AIA-18-06
Documentation
Maintain technical documentation under financial services law
Financial institutions subject to Union financial services law requirements must maintain technical documentation as par
Article 19. Automatically generated logs
2 obligations
EU-AIA-19-01
Documentation
Keep automatically generated logs for high-risk AI systems
Providers must retain logs automatically generated by their high-risk AI systems as referenced in Article 12, to the ext
EU-AIA-19-02
Documentation
Financial institutions maintain logs under financial services law documentation
Providers that are financial institutions subject to internal governance requirements under Union financial services law
Article 23. Obligations of importers
2 obligations
EU-AIA-23-02
Documentation
Technical documentation verification
Before placing a high-risk AI system on the market, importers must verify that the provider has drawn up technical docum
EU-AIA-23-09
Documentation
10-year document retention requirement
Importers must keep, for a period of 10 years after the high-risk AI system has been placed on the market or put into se
Chapter 4 — Obligations of Deployers of High-Risk AI Systems
Article 26. Obligations of deployers of high-risk AI systems
1 obligation
Article 27. Fundamental rights impact assessment for high-risk AI systems
3 obligations
EU-AIA-27-02
Documentation
Describe deployer processes using AI system
As part of the fundamental rights impact assessment, deployers must provide a description of the deployer's processes in
EU-AIA-27-03
Documentation
Describe time period and frequency of AI system use
As part of the fundamental rights impact assessment, deployers must provide a description of the period of time within w
EU-AIA-27-10
Documentation
Complement existing data protection impact assessments
If obligations under this Article are already met through data protection impact assessments under Article 35 of GDPR or
Chapter 5 — Notifying Authorities and Notified Bodies
Title IV — Transparency Obligations for Providers and Deployers of Certain AI Systems
Title V — General-Purpose AI Models
Chapter 1 — Classification Rules
Chapter 2 — Obligations for Providers of General-Purpose AI Models
Article 53. Obligations for providers of general-purpose AI models
1 obligation
Article 54. Authorised representatives of providers of general-purpose AI models
1 obligation
Title VIII — Post-Market Monitoring, Information Sharing and Market Surveillance
Chapter 1 — Post-Market Monitoring
Article 72. Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems
2 obligations
EU-AIA-72-05
Documentation
Base monitoring system on post-market monitoring plan
The post-market monitoring system must be based on a post-market monitoring plan.
EU-AIA-72-06
Documentation
Include monitoring plan in technical documentation
The post-market monitoring plan must be part of the technical documentation referred to in Annex IV.