What is required for AI Act compliance?

Risk management system (Article 9); Data governance documentation (Article 10); Technical file (Article 11); Human oversight procedures (Article 14); EU Declaration of Conformity (Article 48)

AI Act

AI Act Conformity Assessment: What High-Risk AI Providers Must Do Before August 2, 2026

Name: EU Regulatory Enforcement Corpus
Creator: Fontvera
Published: 2026-04-11
License: https://fontvera.eu/terms
Keywords: AI Act, enforcement, compliance

For providers and deployers of high-risk AI systems under Annex III. Built on 301,000 regulatory documents across 32 EU jurisdictions and 1.2 million cross-references.

Export PDF (Pro)

At a glance

Who this applies to

Providers and deployers of AI systems classified as high-risk under AI Act Annex III.

Deadline

August 2, 2026 for most high-risk systems, August 2, 2027 for certain AI systems already on the market.

What you must have

Risk management system (Article 9)
Data governance documentation (Article 10)
Technical file (Article 11)
Human oversight procedures (Article 14)
EU Declaration of Conformity (Article 48)

days until AI Act conformity assessment deadline

2026-08-02

Not sure if your AI system is high-risk? Take the 5-minute diagnostic

Intelligence briefing

Who this applies to

This obligation applies to providers (including developers) and deployers of high-risk AI systems as defined under Article 6(1), as well as importers and distributors of such systems under Article 24(1). Public sector entities using high-risk AI in the public interest (e.g., law enforcement, critical infrastructure) are also subject to conformity assessment per Article 43(1).

What is required

Conduct a conformity assessment for high-risk AI systems prior to market placement or deployment, demonstrating compliance with Article 43(1) and Annex VII requirements.
Prepare and maintain technical documentation as specified in Article 11(1), including:

- Detailed system design and training methodologies (Annex IV, Section 1). - Risk management processes (Article 9). - Data governance and quality assurance measures (Article 10).

Draw up an EU declaration of conformity per Article 48(1), signed by an authorized representative, affirming compliance with Article 5 (prohibited practices) and Article 8 (data quality).
Affix the CE marking to the AI system in accordance with Article 49(1), indicating conformity with the AI Act.
Register the high-risk AI system in the EU database (per Article 60) before deployment, including:

- System identification details (Article 60(2)(a)). - Conformity assessment results (Article 60(2)(b)).

Implement a post-market monitoring system to track performance and compliance post-deployment, as required by Article 61(1) and Article 72(1).

Key deadlines

The primary deadline for this obligation is August 2, 2026.

Enforcement patterns

AI Act enforcement begins August 2, 2026. No precedent currently exists. This page will be updated as enforcement cases emerge.

Cross-border considerations

Implementation references suggest Spain (ES) and Norway (NO) have early engagement with Article 44 (42 citations, including 5 from ES) and Article 47 (1 citation from NO), often co-cited with GDPR provisions on data transfers. No jurisdiction-specific deviations from the AI Act’s conformity assessment framework are yet documented.

Cross-reference intelligence

No AI Act article citations in corpus yet. AI Act entered into force August 2024. Article 50 transparency obligations take effect 2 August 2026; Annex III high-risk obligations are expected 2 December 2027 (pending Digital Omnibus formal adoption). This section will populate as citations accumulate.

Analogous GDPR articles

GDPR article citations that relate to this AI Act topic and may inform enforcement patterns.

Article	Citations	Top Countries	Most Co-Cited
GDPR Art. 43	1	GB (1)	GDPR Art. 32, GDPR Art. 42
GDPR Art. 44	42	SE (6), ES (5), NO (4)	GDPR Art. 46, GDPR Art. 5(2), GDPR Art. 60
GDPR Art. 47	1	NO (1)	GDPR Art. 44, GDPR Art. 45, GDPR Art. 46
GDPR Art. 48	1	NO (1)	GDPR Art. 44, GDPR Art. 45, GDPR Art. 46

Regulatory framework

AI Act: Implementation timeline — key dates for compliance

EU · ai_office · 2026-03-24 · aio-implementation-timeline

AI Act: Implementation timeline — key dates for compliance AI Act implementati

AI Act: Requirements for high-risk AI systems (Articles 8-15)

EU · ai_office · 2026-03-24 · aio-high-risk-requirements

AI Act: Requirements for high-risk AI systems (Articles 8-15) Requirements High-ris

AI Act: Risk Classification — How to determine if your AI system is high-risk

EU · ai_office · 2026-03-24 · aio-risk-classification

AI Act: Risk Classification — How to determine if your AI system is high-risk Classification

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence

EU · ai_office · 2026-03-24 · aio-ai-act-overview

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence Act The EU AI Act (Regulation 2024/1689) is the worl

Cross-regulatory overlap

ESMA: DORA — Digital Operational Resilience Act for the Financial Sector

EU · esma · 2026-03-23 · esma-dora-digital-resilience

ESMA: DORA — Digital Operational Resilience Act for the Financial Sector ESMA: DORA — Digital Operational Resilience Act for the Financial Sector Cate

ENISA: Multilayer Framework for Good Cybersecurity Practices for AI

EU · enisa · 2026-03-24 · enisa-multilayer-framework-for-good-cybersecurity-practices-for-ai

ENISA: Multilayer Framework for Good Cybersecurity Practices for AI ENISA: Multilayer Framework for Good Cybersecurity Practices for AI

EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data i

EU · edpb · 2026-03-18 · Opinion 28/2024

EDPB Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models EDPB Opinion 28/2024 on

ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems

EU · enisa · 2026-03-23 · enisa-ai-cybersecurity

ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems Category

ENISA: AI an opportunity for the EU cyber crisis blueprint - Report

EU · enisa · 2026-03-24 · enisa-ai-an-opportunity-for-the-blueprin-report

ENISA: AI an opportunity for the EU cyber crisis blueprint - Report ENISA: AI an opportunity for the EU cyber crisis blueprint - Report

ENISA: Cybersecurity of AI and Standardisation

EU · enisa · 2026-03-24 · enisa-cybersecurity-of-ai-and-standardisation

ENISA: Cybersecurity of AI and Standardisation ENISA: Cybersecurity of AI and Standardisation

Sources (12)

AI Act: Implementation timeline — key dates for compliance (ai_office, EU)
AI Act: Requirements for high-risk AI systems (Articles 8-15) (ai_office, EU)
AI Act: Risk Classification — How to determine if your AI system is high-risk (ai_office, EU)
EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence (ai_office, EU)
ESMA: DORA — Digital Operational Resilience Act for the Financial Sector (esma, EU)
ENISA: Multilayer Framework for Good Cybersecurity Practices for AI (enisa, EU)
EDPB Opinion 28/2024 on certain data protection aspects related to the processin (edpb, EU)
ENISA: AI and Cybersecurity — Securing Artificial Intelligence Systems (enisa, EU)
ENISA: AI an opportunity for the EU cyber crisis blueprint - Report (enisa, EU)
ENISA: Cybersecurity of AI and Standardisation (enisa, EU)
ENISA: Cyber Insurance - Models and methods and the use of AI (enisa, EU)
ENISA: Interoperable EU Risk Management Framework (enisa, EU)

Get the complete AI Act compliance checklist as a PDF

Mapped to enforcement precedents and cross-referenced against 1.2 million regulatory citations. Free.

We'll email you the PDF. No spam. Unsubscribe anytime.

Get unlimited briefings on Fontvera Pro — or browse all intelligence briefings