§ AI Act TOPICAL

Building the Article 9 risk-management system

Article 9 is the spine of high-risk compliance. Lifecycle, hazard identification, mitigation, residual-risk acceptance — and the integration with what you already do.

Summary

Article 9 sets up the spine that holds the rest of the high-risk regime together. It is a continuous, iterative, lifecycle risk-management system — not a one-off pre-market exercise. Articles 10 (data), 11 (documentation), 13 (transparency), 14 (oversight), 15 (robustness), 72 (post-market monitoring), and 73 (incident reporting) all connect into it.

The structure is recognisable from ISO 31000 and (for medical devices) ISO 14971: identify hazards, estimate and evaluate risks, mitigate, accept residual risk, monitor in operation. The AI-specific additions are Article 9(2)(b)'s focus on risks emerging from misuse and Article 9(8)'s explicit consideration of impact on minors.

The most common compliance failure is treating Article 9 as a document deliverable rather than a live process. Authorities will look for evidence the risk register changed during development, that mitigations were implemented, and that the post-market monitoring under Article 72 actually feeds back into the risk register.

Who this applies to

Providers of high-risk AI systems, quality and risk teams, integration with ISO/IEC 42001, ISO 14971, ISO 31000, and sectoral risk frameworks.

Compliance deadline

2 August 2026 — high-risk AI system obligations apply. The Digital Omnibus (Council + Parliament agreed positions, March 2026) may shift this to 2 December 2027 for Annex III systems and 2 August 2028 for Annex I products. Until the amending regulation is published in the Official Journal, plan for 2 August 2026.

§ Key articles

What the law says

Article 9(1)

Establishment of a risk management system as a continuous iterative process across the lifecycle.

Article 9(2)

Steps — identification, estimation, evaluation of risks; risk mitigation.

Article 9(3)

Risks must be reduced as much as possible through design and development.

Article 9(4)

Residual risks must be acceptable, communicated to deployer.

Article 9(5)

Adequate risk-management measures throughout the lifecycle.

Article 9(8)

Specific consideration when the system is likely to be accessed by or have impact on persons under 18.

§ Detail

In depth

The Article 9 lifecycle

Article 9(1) is explicit: the risk-management system is "a continuous iterative process planned and run throughout the entire lifecycle of the high-risk AI system, requiring regular systematic review and updating." That has four practical implications:

You cannot front-load Article 9 into a pre-market document and walk away. Updates are mandatory.
Significant changes during the operational phase — new training data, model updates, deployment to new contexts — re-trigger the analysis.
The post-market monitoring under Article 72 is a feeder into Article 9, not a parallel process.
Documentation must show the iteration, not just the latest snapshot.

The five-step procedure under Article 9(2)

Identification and analysis of known and reasonably foreseeable risks. Risks to health, safety, fundamental rights — including discrimination. The "reasonably foreseeable" qualifier extends to misuse: if a deployer might foreseeably use the system in a way that produces a risk, that misuse-risk is in scope.
Estimation and evaluation of risks emerging when the system is used in accordance with its intended purpose.
Estimation and evaluation of other possibly arising risks under reasonably foreseeable misuse.
Adoption of appropriate and targeted risk-management measures. Designed to mitigate the risks identified. Article 9(3) requires reduction "as far as possible through adequate design and development."
Evaluation of residual risk. Article 9(4) requires that residual risks are judged acceptable, and communicated to the deployer. The acceptability judgment is documented and signed off by an accountable person.

Where Article 9 intersects with other articles

Article 10 (data governance). Bias and representativeness risks are identified in Article 9, addressed via the Article 10 data-governance procedures.
Article 14 (human oversight). Where a residual risk cannot be reduced by design, Article 14 oversight measures may bring the residual risk to acceptable levels. Article 14 is a mitigation tool inside Article 9.
Article 15 (robustness). Accuracy, robustness, and cybersecurity targets fall out of Article 9 — they are not standalone numbers but the Article 9 conclusions about acceptable performance.
Article 72 (post-market monitoring). The plan under Article 72 is the operating mode of the Article 9 system in production.
Article 73 (incident reporting). Serious incidents feed back into Article 9 risk re-evaluation.

Integration with existing standards

ISO/IEC 42001:2023 (AI management system). The Annex A controls map well to Article 9; ISO 42001 is the closest fit for an integrated framework.
ISO 31000 (general risk management). The vocabulary and process steps are compatible; ISO 31000 alone does not satisfy AI Act content requirements but is a sensible chassis.
ISO 14971 (medical-device risk management). For Annex I medical-device AI, ISO 14971 must be extended to cover Article 9's misuse-risk and fundamental-rights elements; the integrated risk file is a single document.
NIST AI Risk Management Framework. Useful structure for governance and measurement but does not satisfy Article 9 alone — too high-level.

Article 9(8) — minors

Where the system is likely to be accessed by or impact persons under 18, Article 9(8) requires explicit consideration of the impact on those persons. This is operative in education AI (most of Annex III §3), in some healthcare AI, and in any consumer system reasonably accessible to children. The risk register must include child-specific considerations: developmental impact, reduced capacity to recognise AI, parental notice, age-appropriate transparency.

What "good" looks like

A live risk register with version history, not a static PDF.
Linkages from each Article 9 risk to the specific Article 10/14/15 mitigation that addresses it.
Sign-off on residual-risk acceptability by an accountable person, not a working-group consensus.
Evidence of post-market monitoring data feeding back: at least one risk-register update driven by Article 72 input.
For Annex III §3/§5/§7 (where minors or vulnerable groups feature heavily), explicit Article 9(8) and Article 9(2)(b) misuse analyses.

§ Action items

Practical steps

Build the Article 9 risk register as a versioned live artifact, not a snapshot document.

Map each identified risk to a specific Article 10/14/15 mitigation; document the linkage.

Designate an accountable signer for residual-risk acceptability — not a committee.

Connect the Article 72 post-market monitoring plan into the Article 9 update cycle as a formal input.

Where minors or vulnerable groups are reasonably foreseeable users, document the Article 9(8) and 9(2)(b) misuse analyses explicitly.

§ What Fontvera found

Documents in our corpus

ai_office EU Fetched 2026-04

EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence

ai_office EU Fetched 2026-04

AI Act | Shaping Europe’s digital future

eiopa EU Fetched 2026-04

Opinion on Artificial Intelligence governance and risk management

eurlex EU Fetched 2026-04

EUR-Lex: 32025R0454 (2025-03-07)

eurlex EU Fetched 2026-04

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) (Text with EEA relevance)

ai_office EU Fetched 2026-04

AI Act Annex III: High-Risk Use Cases

ai_office EU Fetched 2026-04

AI Act Article 71: EU Database for High-Risk AI Systems

ai_office EU Fetched 2026-04

AI Act Article 57: AI Regulatory Sandboxes

§ Cross-references

Related Fontvera intelligence

Need a cross-border briefing on this?

Search Fontvera ↵ Run the AI Act diagnostic

AI Act enforcement

97 days

until 2026-08-02, when most AI Act provisions begin to apply.