Who this applies to
This obligation applies to providers (including developers) and deployers (including users) of high-risk AI systems as defined under Article 6(1), as well as importers and distributors under Article 2(2). Obligations extend to public and private organizations operating within the EU or placing high-risk AI systems on the EU market, regardless of their establishment location (Article 2(1)).What is required
- Conformity assessment procedure: Conduct a mandatory assessment under Article 43 (for providers) to demonstrate compliance with Articles 8–15 before placing the system on the market or putting it into service.
- Risk management system: Establish and maintain a system under Article 9(1) to identify, analyze, and mitigate risks throughout the AI system’s lifecycle.
- Data governance: Implement measures under Article 10 to ensure training, validation, and testing datasets are relevant, representative, and free from biases, with documentation of data collection processes.
- Technical documentation: Compile and maintain documentation per Article 11, including design specifications, risk assessment reports, and compliance evidence, available to competent authorities upon request.
- Record-keeping: Retain logs under Article 12 for a minimum of 6 months (or longer if required by sectoral law) to enable traceability of AI system operations.
- Transparency obligations: Provide clear instructions for use under Article 13(1) and ensure human oversight capabilities as per Article 14.
- CE marking and registration: Affix the CE conformity mark under Article 48 and register the system in the EU database per Article 60 before market placement.
- Post-market monitoring: Implement a system under Article 61 to collect and evaluate performance data, report serious incidents to authorities within 15 days (Article 62(2)), and take corrective actions.
Key deadlines
Under Article 113 as written, the primary deadline for this obligation is August 2, 2026. The Digital Omnibus provisional agreement of 7 May 2026 moves Annex III high-risk obligations to 2 December 2027, pending formal adoption; until Official Journal publication, the original date remains law.Enforcement patterns
AI Act Article 50 transparency obligations take effect 2 August 2026. Annex III high-risk obligations are expected 2 December 2027, pending formal adoption of the Digital Omnibus (political agreement of 7 May 2026). No AI Act enforcement precedent currently exists. This page will be updated as enforcement cases emerge.(Section intentionally omitted: No jurisdiction-specific implementation patterns are provided in the structured context for high-risk AI systems under the AI Act.)
Related: [the Annex III high-risk classification test](/intelligence/ai-act-high-risk-classification)