§ AI Act · GSR · Type-Approval SECTOR

AI Act for automotive and autonomous vehicles

Vehicle AI is high-risk through the Annex I product path. The conformity assessment is integrated into existing UN-ECE type-approval procedures.

Summary

Automotive AI is high-risk through Annex I, not Annex III. The General Safety Regulation (Regulation (EU) 2019/2144) and the type-approval framework (Regulation (EU) 2018/858) are listed in AI Act Annex I, so any AI that is a safety component of a vehicle subject to those regulations is automatically high-risk under Article 6(1).

The good news: Article 43(3) means manufacturers do not run a separate AI Act conformity assessment. The existing UN-ECE type-approval procedure absorbs the AI Act requirements. The technical file under Annex IV becomes a layer on top of the existing type-approval documentation.

The harder work is the lifecycle integration: AI Act Article 9 risk management must dovetail with ISO 26262 functional safety, the post-market monitoring under Article 72 must converge with the manufacturer's recall and field-monitoring obligations, and Article 73 serious-incident reporting runs in parallel with GSR/UN-ECE Regulation 79/152/157 recall reporting.

Who this applies to

Vehicle manufacturers (OEMs), tier-1 suppliers, ADAS vendors, traffic-management operators, type-approval authorities, market surveillance authorities for automotive.

Compliance deadline

2 August 2026: Article 50 transparency obligations apply (unchanged). The Digital Omnibus provisional agreement of 7 May 2026 moves Annex III high-risk obligations to 2 December 2027 and Annex I embedded products to 2 August 2028, pending formal adoption. Until publication in the Official Journal, plan for 2 August 2026.

§ Key articles

What the law says

Article 6(1)

AI as a safety component of a regulated product — automotive AI sits in Annex I via the vehicle type-approval framework.

Annex I

Lists Regulation (EU) 2019/2144 (General Safety Regulation), Regulation (EU) 2018/858 (motor vehicles), and the predecessor Directive 2007/46/EC.

Annex III §2

Catch-all for safety-related AI in road traffic and traffic management.

Article 43(3)

Integrated conformity assessment — sectoral type-approval procedures are used and the AI Act requirements layer in.

Article 9

Risk management — must integrate with the manufacturer's existing ISO 26262 functional-safety processes.

Article 73

Serious incident reporting — convergent with the GSR/UN-ECE recall and reporting obligations.

§ Detail

In depth

How vehicle AI becomes high-risk

Annex I lists the EU harmonisation legislation that, when an AI system is a safety component of a covered product, automatically pulls the AI into Article 6(1) high-risk status. For automotive that includes:

Regulation (EU) 2019/2144 (General Safety Regulation 2 — driver-assistance systems, AEB, ISA, drowsiness detection).
Regulation (EU) 2018/858 (motor vehicle type-approval framework).
UN-ECE Regulation 79 (steering equipment), Regulation 152/153 (AEB), Regulation 155 (cybersecurity), Regulation 156 (software updates), Regulation 157 (Automated Lane Keeping Systems).

If the AI is a safety component of any vehicle subject to those regimes, it is high-risk. ADAS, autonomous-driving stacks, AI components of EBS, AI-based driver monitoring — all are captured.

Integrated conformity assessment under Article 43(3)

Article 43(3) is the manufacturer's most important provision. It directs that the AI Act requirements are checked as part of the existing type-approval procedure, not as a parallel process. Practically:

The type-approval authority (KBA in Germany, UTAC in France, RDW in the Netherlands) acts as the relevant conformity-assessment body.
The technical service performing the type-approval tests is the de facto AI Act notified body for the automotive case.
The AI Act technical documentation under Annex IV is filed alongside the existing type-approval file.
The EU declaration of conformity under Article 47 is integrated with the certificate of conformity issued for the vehicle.

Provider obligations in automotive

Article 9 risk management aligned with ISO 26262 — the AI-specific risks (data drift, edge-case behaviour, training-data bias) are layered on top of the functional-safety hazard analysis.
Article 10 data governance — training-data documentation including the geographic, weather, and lighting conditions covered; bias testing across pedestrian populations and atypical scenarios.
Article 11 + Annex IV technical documentation, integrated into the type-approval file.
Article 14 human oversight — for non-autonomous ADAS, the driver remains in the loop; for ALKS Level 3+, the system must support a safe transition of control.
Article 15 robustness and cybersecurity — UN-ECE Regulation 155 cybersecurity management system serves the AI Act cybersecurity requirement.
Article 72 post-market monitoring — the manufacturer's existing field-monitoring under GSR feeds the AI Act surveillance plan.

Who deploys, who provides

The OEM is the provider. Tier-1 suppliers furnishing AI subsystems are providers of those subsystems and may also act as authorised representatives for non-EU OEMs (Article 22). Fleet operators using vehicles in commercial service are deployers under Article 26 — including taxi and logistics fleets running L4 vehicles when they become available. Traffic-management operators (city traffic-control AI) are providers when they build the system in-house, deployers when they procure it.

Where the AI Act stretches existing automotive practice

Article 10 data-governance evidence is more explicit than the type-approval data submissions to date — expect type-approval authorities to ask for representativeness statistics they have not asked for before.
Article 49 EU AI Database registration is in addition to the existing vehicle-VIN tracking.
Article 73 serious-incident reporting (15 days) is shorter than some sector recall timelines — the AI Act clock controls for AI-implicated events.
Article 14 human-oversight evidence requirements apply even when the existing UN-ECE Regulation 79/152/157 already addresses control authority.

Cross-regulatory data update

Auto-merged from the Fontvera archetype dataset on 2026-05-12. The sections below are extracted verbatim from the `obligations` and `obligation_crossrefs` tables; the page itself was last reviewed manually before this update.

Practical steps

What the obligations on this page actually require you to do, ordered by article. Use this as a starting checklist; verify each item against the underlying article text before treating it as legal advice.

Art 107 — consider (European Commission)

Obligation reference table

Article	Obligated entity	Deadline	Penalty
Art 107	European Commission	—	—
Art 104	Commission	—	—
Art 103	European Commission	—	—
Art 109	Commission	—	—

Penalty exposure

None of the 4 obligations on this page carry an explicit penalty figure in the AI Act text itself — the fine ceiling is set elsewhere in the regulation and applies by reference. Refer to AI Act's general penalties article (or the diagnostic below) to estimate exposure before signing off on a compliance programme.

§ Action items

Practical steps

Map every AI-enabled subsystem against Annex I — confirm which UN-ECE / GSR regulation applies and which type-approval authority owns it.

Engage your type-approval authority and technical service early on the integrated AI Act + UN-ECE submission so the Annex IV documentation enters the existing file at the right moment.

Align ISO 26262 hazard analysis with AI Act Article 9 risk management; document the mapping in the safety case.

For tier-1 suppliers: produce an Article 13 instructions-for-use document the OEM can integrate into its overall system safety case.

Set up a 15-day Article 73 serious-incident pipeline that runs in parallel with existing recall-reporting workflows.

§ What Fontvera found

Documents in our corpus

ai_office EU Fetched 2026-06

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence

eurlex EU Fetched 2026-04

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) (Text with EEA relevance)

eiopa EU Fetched 2026-04

Opinion on Artificial Intelligence governance and risk management

eurlex EU Fetched 2026-04

EUR-Lex: 32025R0454 (2025-03-07)

ai_office EU Fetched 2026-06

AI Act | Shaping Europe’s digital future

enisa EU Fetched 2026-06

ENISA: Critical Infrastructure Protection — EU Cybersecurity for Essential Services

enisa EU Fetched 2026-06

ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems

edpb EU Fetched 2026-06

EDPB-EDPS Joint opinion 1/2026 on the Proposal for a Regulation as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI)

§ Cross-references

Related Fontvera intelligence

Need a cross-border briefing on this?

Search Fontvera ↵ Run the AI Act diagnostic

AI Act Article 50 transparency

50 days

until 2026-08-02, when Article 50 transparency obligations apply (unchanged). Annex III high-risk obligations move provisionally to 2 December 2027 under the Digital Omnibus agreement of 7 May 2026, pending formal adoption.

Preparing for 2 August 2026? Read the EU AI Act August 2026 deadline requirements checklist.