Article 6. Classification rules for high-risk AI systems

4 obligations

EU-AIA-6-01 Requirement

Classify AI systems as high-risk based on safety component criteria

AI system providers must classify their system as high-risk if it is intended as a safety component of a product covered

EU-AIA-6-02 Requirement

Classify AI systems listed in Annex III as high-risk

AI system providers must classify systems referred to in Annex III as high-risk AI systems, subject to derogation condit

EU-AIA-6-06 Requirement

Commission must provide implementation guidelines by February 2026

The European Commission shall provide guidelines specifying the practical implementation of Article 6 and a comprehensiv

EU-AIA-6-07 Requirement

Commission empowered to adopt delegated acts amending paragraph 3 conditions

The Commission is empowered to adopt delegated acts in accordance with Article 97 to amend the conditions laid down in p

Article 7. Amendments to Annex III

12 obligations

EU-AIA-7-01 Requirement

Adopt delegated acts to amend Annex III for high-risk AI systems

The Commission must adopt delegated acts in accordance with Article 97 to amend Annex III by adding or modifying use cas

EU-AIA-7-02 Requirement

Assess intended purpose criterion when amending Annex III

The Commission must take into account the intended purpose of the AI system when assessing whether the risk condition is

EU-AIA-7-03 Requirement

Assess usage extent criterion when amending Annex III

The Commission must take into account the extent to which an AI system has been used or is likely to be used when assess

EU-AIA-7-04 Requirement

Assess data processing criterion when amending Annex III

The Commission must take into account the nature and amount of data processed and used by the AI system, particularly wh

EU-AIA-7-05 Requirement

Assess autonomy and human override criterion when amending Annex III

The Commission must take into account the extent to which the AI system acts autonomously and the possibility for a huma

EU-AIA-7-06 Requirement

Assess actual harm history criterion when amending Annex III

The Commission must take into account the extent to which the use of an AI system has already caused harm to health and

EU-AIA-7-07 Requirement

Assess potential harm extent criterion when amending Annex III

The Commission must take into account the potential extent of harm or adverse impact, particularly in terms of intensity

EU-AIA-7-08 Requirement

Assess dependency on AI outcome criterion when amending Annex III

The Commission must take into account the extent to which potentially harmed persons are dependent on the AI system outc

EU-AIA-7-09 Requirement

Assess power imbalance criterion when amending Annex III

The Commission must take into account the extent of power imbalance or vulnerability of potentially harmed persons in re

EU-AIA-7-10 Requirement

Assess outcome reversibility criterion when amending Annex III

The Commission must take into account the extent to which AI system outcomes are easily corrigible or reversible, consid

EU-AIA-7-11 Requirement

Assess deployment benefits criterion when amending Annex III

The Commission must take into account the magnitude and likelihood of benefit of AI system deployment for individuals, g

EU-AIA-7-12 Requirement

Assess existing legal redress criterion when amending Annex III

The Commission must take into account the extent to which existing Union law provides for effective measures of redress

Article 8. Compliance with the requirements

4 obligations

EU-AIA-8-01 Requirement

High-risk AI systems must comply with Chapter requirements considering intended purpose

High-risk AI systems must comply with all requirements laid down in Chapter 2, taking into account their intended purpos

EU-AIA-8-02 Requirement

Dual compliance required for AI systems in products under harmonisation legislation

Where a product contains an AI system that is subject to both this Regulation and Union harmonisation legislation listed

EU-AIA-8-03 Requirement

Providers must consider state of art to minimize risks when ensuring compliance

To ensure high-risk AI systems referred to in Article 6(1) comply with Chapter requirements and minimize risks to health

EU-AIA-8-05 Requirement

Cross-setting compliance measures for geographically/contextually trained systems

Providers of high-risk AI systems that have been trained and tested on data concerning specific geographical, behavioura

Article 11. Technical documentation

1 obligation

EU-AIA-11-07 Requirement

Establish simplified technical documentation form (Commission)

The European Commission must establish a simplified technical documentation form specifically designed for the needs of

Article 12. Record-keeping

2 obligations

EU-AIA-12-01 Requirement

Implement automatic event logging capabilities

High-risk AI systems must be technically designed to automatically record events (logs) throughout the system's entire o

EU-AIA-12-02 Requirement

Ensure appropriate traceability throughout system lifecycle

The logging capabilities must ensure a level of traceability of the AI system's functioning throughout its lifecycle tha

Article 15. Accuracy, robustness and cybersecurity

8 obligations

EU-AIA-15-01 Requirement

Design and develop for appropriate accuracy, robustness and cybersecurity

High-risk AI systems must be designed and developed to achieve an appropriate level of accuracy, robustness and cybersec

EU-AIA-15-03 Requirement

Ensure resilience to errors, faults and inconsistencies

High-risk AI systems must be as resilient as possible regarding errors, faults or inconsistencies that may occur within

EU-AIA-15-04 Requirement

Implement technical and organisational resilience measures

Technical and organisational measures must be taken to ensure high-risk AI systems are resilient regarding errors, fault

EU-AIA-15-05 Requirement

Eliminate or reduce biased feedback loops in learning systems

High-risk AI systems that continue to learn after being placed on the market or put into service must be developed to el

EU-AIA-15-06 Requirement

Address feedback loops with appropriate mitigation measures

High-risk AI systems that continue to learn must ensure that any feedback loops are duly addressed with appropriate miti

EU-AIA-15-07 Requirement

Ensure resilience against unauthorized third-party alteration

High-risk AI systems must be resilient against attempts by unauthorised third parties to alter their use, outputs or per

EU-AIA-15-08 Requirement

Implement appropriate cybersecurity technical solutions

Technical solutions aiming to ensure the cybersecurity of high-risk AI systems must be appropriate to the relevant circu

EU-AIA-15-09 Requirement

Address AI-specific vulnerabilities with technical solutions

Technical solutions to address AI-specific vulnerabilities must include, where appropriate, measures to prevent, detect,

Article 16. Obligations of providers of high-risk AI systems

2 obligations

EU-AIA-16-01 Requirement

Ensure compliance with Chapter 2 requirements

Providers must ensure their high-risk AI systems comply with all requirements set out in Chapter 2 of Title III of the E

EU-AIA-16-12 Requirement

Accessibility requirements compliance

Providers must ensure their high-risk AI system complies with accessibility requirements in accordance with Directives (

Article 17. Quality management system

10 obligations

EU-AIA-17-01 Requirement

Establish quality management system for high-risk AI systems

Providers of high-risk AI systems must put a quality management system in place that ensures compliance with this Regula

EU-AIA-17-03 Requirement

Include regulatory compliance strategy in QMS

The quality management system must include a strategy for regulatory compliance, including compliance with conformity as

EU-AIA-17-04 Requirement

Include design techniques and procedures in QMS

The quality management system must include techniques, procedures and systematic actions to be used for the design, desi

EU-AIA-17-05 Requirement

Include development and quality control procedures in QMS

The quality management system must include techniques, procedures and systematic actions to be used for the development,

EU-AIA-17-06 Requirement

Include examination, test and validation procedures in QMS

The quality management system must include examination, test and validation procedures to be carried out before, during

EU-AIA-17-07 Requirement

Include technical specifications and standards in QMS

The quality management system must include technical specifications, including standards, to be applied and, where the r

EU-AIA-17-12 Requirement

Include communication handling procedures in QMS

The quality management system must include the handling of communication with national competent authorities, other rele

EU-AIA-17-14 Requirement

Include resource management in QMS

The quality management system must include resource management, including security-of-supply related measures.

EU-AIA-17-15 Requirement

Include accountability framework in QMS

The quality management system must include an accountability framework setting out the responsibilities of the managemen

EU-AIA-17-16 Requirement

Ensure proportionate QMS implementation

The implementation of the quality management system aspects must be proportionate to the size of the provider's organisa

Article 20. Corrective actions and duty of information

1 obligation

EU-AIA-20-01 Requirement

Immediate corrective action when non-conformity identified

When providers consider or have reason to consider that their high-risk AI system is not in conformity with the EU AI Ac

Article 23. Obligations of importers

3 obligations

EU-AIA-23-04 Requirement

Authorised representative verification

Before placing a high-risk AI system on the market, importers must verify that the provider has appointed an authorised

EU-AIA-23-08 Requirement

Storage and transport compliance maintenance

Importers must ensure that storage or transport conditions, while a high-risk AI system is under their responsibility, d

EU-AIA-23-12 Requirement

Authority cooperation requirement

Importers must cooperate with relevant national competent authorities in any action those authorities take in relation t

Article 24. Obligations of distributors

3 obligations

EU-AIA-24-06 Requirement

Ensure proper storage and transport conditions maintain system compliance

Distributors must ensure that storage or transport conditions, while a high-risk AI system is under their responsibility

EU-AIA-24-07 Requirement

Take corrective actions for non-conforming systems made available on market

When a distributor considers or has reason to consider that a high-risk AI system it has made available is not conformin

EU-AIA-24-10 Requirement

Cooperate with national authorities in enforcement actions

Distributors must cooperate with relevant national competent authorities in any action those authorities take in relatio

Article 25. Responsibilities along the AI value chain

8 obligations

EU-AIA-25-01 Requirement

Third parties become providers when putting name/trademark on high-risk AI system

Distributors, importers, deployers or other third parties who put their name or trademark on a high-risk AI system alrea

EU-AIA-25-02 Requirement

Third parties become providers when substantially modifying high-risk AI system

Distributors, importers, deployers or other third parties who make substantial modifications to a high-risk AI system th

EU-AIA-25-03 Requirement

Third parties become providers when modifying intended purpose to create high-risk system

Distributors, importers, deployers or other third parties who modify the intended purpose of an AI system (including gen

EU-AIA-25-04 Requirement

Initial provider must closely cooperate with new provider

When a third party becomes the new provider under paragraph 1 circumstances, the initial provider must closely cooperate

EU-AIA-25-06 Requirement

Initial provider must provide technical access to new provider

When provider status transfers, the initial provider must provide reasonably expected technical access to enable the new

EU-AIA-25-07 Requirement

Initial provider must provide assistance to new provider

When provider status transfers, the initial provider must provide reasonably expected assistance required for the new pr

EU-AIA-25-08 Requirement

Product manufacturer becomes provider when placing safety component under their name/trademark

For high-risk AI systems that are safety components of products under Union harmonisation legislation, the product manuf

EU-AIA-25-09 Requirement

Product manufacturer becomes provider when putting safety component into service under their name/trademark

For high-risk AI systems that are safety components of products under Union harmonisation legislation, the product manuf

Article 26. Obligations of deployers of high-risk AI systems

6 obligations

EU-AIA-26-01 Requirement

Use high-risk AI systems according to instructions

Deployers must take appropriate technical and organisational measures to ensure they use high-risk AI systems in accorda

EU-AIA-26-11 Requirement

Verify system registration before use

When public authority deployers find that the high-risk AI system that they envisage using has not been registered in th

EU-AIA-26-13 Requirement

Request authorization for post-remote biometric identification

In criminal investigations, deployers of high-risk AI systems for post-remote biometric identification must request auth

EU-AIA-26-14 Requirement

Limit biometric system use to necessary scope

Each use of post-remote biometric identification systems must be limited to what is strictly necessary for the investiga

EU-AIA-26-15 Requirement

Stop unauthorized biometric system use and delete data

If authorization for post-remote biometric identification is rejected, deployers must stop the use of the system with im

EU-AIA-26-17 Requirement

Cooperate with national competent authorities

Deployers must cooperate with the relevant national competent authorities in any action those authorities take in relati

Article 28. Notifying authorities

5 obligations

EU-AIA-28-01 Requirement

Designate or establish notifying authorities

Each Member State must designate or establish at least one notifying authority responsible for setting up and carrying o

EU-AIA-28-02 Requirement

Develop procedures in cooperation with other Member States

Notifying authorities must develop their assessment, designation, notification and monitoring procedures in cooperation

EU-AIA-28-03 Requirement

Ensure no conflict of interest with conformity assessment bodies

Notifying authorities must be established, organised and operated in a manner that prevents any conflict of interest wit

EU-AIA-28-04 Requirement

Separate decision-makers from assessors

Notifying authorities must organize themselves so that decisions relating to notification of conformity assessment bodie

EU-AIA-28-08 Requirement

Maintain adequate competent personnel

Notifying authorities must have an adequate number of competent personnel at their disposal for proper performance of th

Article 50. Transparency obligations for providers and deployers of certain AI systems

1 obligation

EU-AIA-50-03 Requirement

Synthetic content technical solution effectiveness

Providers must ensure their technical solutions for marking synthetic content are effective, interoperable, robust and r

Article 51. Classification of general-purpose AI models as general-purpose AI models with systemic risk

4 obligations

EU-AIA-51-01 Requirement

Classify general-purpose AI models based on high impact capabilities

General-purpose AI model providers must classify their models as having systemic risk if they have high impact capabilit

EU-AIA-51-02 Requirement

Classify models based on Commission decision regarding equivalent capabilities

General-purpose AI model providers must classify their models as having systemic risk when the Commission decides (ex of

EU-AIA-51-03 Requirement

Apply presumption of high impact capabilities for compute threshold models

General-purpose AI model providers must presume their model has high impact capabilities when the cumulative compute use

EU-AIA-51-04 Requirement

Commission obligation to adopt delegated acts for threshold amendments

The Commission shall adopt delegated acts according to Article 97 to amend the thresholds in paragraphs 1 and 2, and sup

Article 53. Obligations for providers of general-purpose AI models

2 obligations

EU-AIA-53-03 Requirement

Implement copyright compliance policy

Put in place a policy to comply with Union law on copyright and related rights, particularly to identify and comply with

EU-AIA-53-05 Requirement

Cooperate with regulatory authorities

Cooperate as necessary with the Commission and national competent authorities in the exercise of their competences and p

Article 54. Authorised representatives of providers of general-purpose AI models

7 obligations

EU-AIA-54-01 Requirement

Appoint authorised representative before market placement

Providers established in third countries must appoint, by written mandate, an authorised representative established in t

EU-AIA-54-02 Requirement

Enable authorised representative to perform mandated tasks

The provider must enable its authorised representative to perform all tasks specified in the written mandate received fr

EU-AIA-54-03 Requirement

Perform tasks specified in mandate

The authorised representative must perform all tasks specified in the mandate received from the provider.

EU-AIA-54-05 Requirement

Verify technical documentation and obligation fulfillment

The mandate must empower the authorised representative to verify that the technical documentation specified in Annex XI

EU-AIA-54-08 Requirement

Cooperate with AI Office and competent authorities

The mandate must empower the authorised representative to cooperate with the AI Office and competent authorities, upon a

EU-AIA-54-09 Requirement

Empower representative to be addressed by authorities

The mandate must empower the authorised representative to be addressed, in addition to or instead of the provider, by th

EU-AIA-54-10 Requirement

Terminate mandate if provider acts contrary to obligations

The authorised representative must terminate the mandate if it considers or has reason to consider the provider to be ac

Article 55. Obligations for providers of general-purpose AI models with systemic risk

2 obligations

EU-AIA-55-01 Requirement

Perform model evaluation with standardized protocols and adversarial testing

Conduct model evaluation using standardized protocols and tools reflecting state of the art, including adversarial testi

EU-AIA-55-04 Requirement

Ensure adequate cybersecurity protection for model and infrastructure

Ensure an adequate level of cybersecurity protection for the general-purpose AI model with systemic risk and the physica

Article 56. Codes of practice

5 obligations

EU-AIA-56-01 Requirement

AI Office shall encourage and facilitate drawing up codes of practice

The AI Office must encourage and facilitate the development of codes of practice at Union level to contribute to proper

EU-AIA-56-02 Requirement

AI Office and Board shall ensure codes of practice set clear objectives

The AI Office and Board must aim to ensure that codes of practice clearly set out their objectives and cover at least th

EU-AIA-56-03 Requirement

AI Office may invite participation in code development

The AI Office has the authority to invite general-purpose AI model providers and relevant national competent authorities

EU-AIA-56-04 Requirement

AI Office and Board shall ensure codes contain specific commitments and KPIs

The AI Office and Board must aim to ensure codes of practice clearly set out specific objectives and contain commitments

EU-AIA-56-05 Requirement

AI Office shall ensure participants report on code implementation

The AI Office must aim to ensure that code of practice participants report regularly on implementation of commitments, m

Article 73. Reporting of serious incidents

2 obligations

EU-AIA-73-09 Requirement

Market surveillance authority must take appropriate measures within seven days

The market surveillance authority shall take appropriate measures as provided for in Article 19 of Regulation (EU) 2019/

EU-AIA-73-12 Requirement

National authorities must take immediate measures and transmit notifications

Competent national public authorities or bodies referred to in Article 77(1) shall immediately take necessary measures w

Article 95. Codes of conduct for voluntary application of specific requirements

6 obligations

EU-AIA-95-01 Requirement

AI Office obligation to encourage and facilitate codes of conduct for non-high-risk AI

The AI Office must encourage and facilitate the drawing up of codes of conduct intended to foster voluntary application

EU-AIA-95-02 Requirement

Member States obligation to encourage and facilitate codes of conduct for non-high-risk AI

Member States must encourage and facilitate the drawing up of codes of conduct intended to foster voluntary application

EU-AIA-95-03 Requirement

AI Office obligation to facilitate specific codes of conduct for all AI systems

The AI Office must facilitate the drawing up of codes of conduct concerning voluntary application of specific requiremen

EU-AIA-95-04 Requirement

Member States obligation to facilitate specific codes of conduct for all AI systems

Member States must facilitate the drawing up of codes of conduct concerning voluntary application of specific requiremen

EU-AIA-95-05 Requirement

AI Office obligation to consider SME interests in code facilitation

The AI Office must take into account the specific interests and needs of SMEs, including start-ups, when encouraging and

EU-AIA-95-06 Requirement

Member States obligation to consider SME interests in code facilitation

Member States must take into account the specific interests and needs of SMEs, including start-ups, when encouraging and

Article 99. Penalties

4 obligations

EU-AIA-99-01 Requirement

Member States must establish penalty rules for AI Act infringements

Member States shall lay down the rules on penalties and other enforcement measures, which may also include warnings and

EU-AIA-99-04 Requirement

Operators must comply with all AI system requirements and obligations

Non-compliance of an AI system with any requirements or obligations under this Regulation, other than those laid down in

EU-AIA-99-06 Requirement

Member States must establish rules for administrative fines on public authorities

Each Member State shall lay down rules on to what extent administrative fines may be imposed on public authorities and b

EU-AIA-99-07 Requirement

Member States must provide appropriate procedural safeguards

The exercise of powers under this Article shall be subject to appropriate procedural safeguards in accordance with Union

Article 100. Administrative fines on Union institutions, bodies, offices and agencies

7 obligations

EU-AIA-100-01 Requirement

Consider relevant circumstances when imposing administrative fines

When deciding whether to impose an administrative fine and determining the amount, the European Data Protection Supervis

EU-AIA-100-02 Requirement

Provide opportunity to be heard before imposing administrative fines

Before taking decisions to impose administrative fines, the European Data Protection Supervisor must give the Union inst

EU-AIA-100-03 Requirement

Base decisions only on elements parties can comment on

The European Data Protection Supervisor must base his or her decisions only on elements and circumstances on which the p

EU-AIA-100-04 Requirement

Associate complainants closely with proceedings

The European Data Protection Supervisor must closely associate complainants, if any, with the proceedings for administra

EU-AIA-100-05 Requirement

Fully respect rights of defence in proceedings

The European Data Protection Supervisor must fully respect the rights of defence of the parties concerned in the proceed

EU-AIA-100-06 Requirement

Provide access to EDPS file subject to legitimate interests

The European Data Protection Supervisor must ensure that parties are entitled to have access to the European Data Protec

EU-AIA-100-07 Requirement

Contribute collected fines to Union general budget

Funds collected by imposition of fines under this Article must be contributed to the general budget of the Union.

Article 101. Penalties for providers of general-purpose AI models

2 obligations

EU-AIA-101-01 Requirement

Comply with EU AI Act provisions for general-purpose AI models

Providers of general-purpose AI models must comply with all relevant provisions of the EU AI Act to avoid fines of up to

EU-AIA-101-03 Requirement

Comply with measures requested under Article 93

Providers of general-purpose AI models must comply with measures requested by the Commission under Article 93 to avoid f