Who this applies to
This obligation applies to providers (including developers) and deployers of high-risk AI systems as defined under Article 6(1), as well as importers and distributors of such systems under Article 24(1). Public sector entities using high-risk AI in the public interest (e.g., law enforcement, critical infrastructure) are also subject to conformity assessment per Article 43(1).What is required
- Conduct a conformity assessment for high-risk AI systems prior to market placement or deployment, demonstrating compliance with Article 43(1) and Annex VII requirements.
- Prepare and maintain technical documentation as specified in Article 11(1), including:
- Draw up an EU declaration of conformity per Article 48(1), signed by an authorized representative, affirming compliance with Article 5 (prohibited practices) and Article 8 (data quality).
- Affix the CE marking to the AI system in accordance with Article 49(1), indicating conformity with the AI Act.
- Register the high-risk AI system in the EU database (per Article 60) before deployment, including:
- Implement a post-market monitoring system to track performance and compliance post-deployment, as required by Article 61(1) and Article 72(1).
Key deadlines
Under Article 113 as written, the primary deadline for this obligation is August 2, 2026. The Digital Omnibus provisional agreement of 7 May 2026 moves Annex III high-risk obligations to 2 December 2027, pending formal adoption; until Official Journal publication, the original date remains law.Enforcement patterns
AI Act Article 50 transparency obligations take effect 2 August 2026. Annex III high-risk obligations are expected 2 December 2027, pending formal adoption of the Digital Omnibus (political agreement of 7 May 2026). No AI Act enforcement precedent currently exists. This page will be updated as enforcement cases emerge.Cross-border considerations
Implementation references suggest Spain (ES) and Norway (NO) have early engagement with Article 44 (42 citations, including 5 from ES) and Article 47 (1 citation from NO), often co-cited with GDPR provisions on data transfers. No jurisdiction-specific deviations from the AI Act’s conformity assessment framework are yet documented.Fontvera also analyses closely related obligations, including [AI Act Article 17 on provider obligations](/intelligence/ai-act-art-17-provider-obligations), [AI Act exemptions FAQ](/intelligence/ai-act-faq-exemptions), [AI Act social scoring FAQ](/intelligence/ai-act-faq-social-scoring), and [AI Act Annex IV technical documentation](/intelligence/ai-act-technical-documentation-annex-iv).
Related: [whether your system is high-risk](/intelligence/ai-act-high-risk-classification)