§ EU AI Act · Article 15
AI Act Article 15: Obligations, Deadlines & Penalties
At a glance
Article 15 of the AI Act imposes 6 obligations on provider.
§ Obligations
All obligations under Article 15
Obligation 1
High-risk AI systems shall be designed and developed to achieve an appropriate level of accuracy, robustness, and cybersecurity, performing consistently throughout their lifecycle.
Regulation (EU) 2024/1689, Article 15, Article 15
- Obligated entity
-
provider
- Action required
-
design
- Deadline
-
—
- Penalty
-
—
Obligation 2
The levels of accuracy and the relevant accuracy metrics of high-risk AI systems shall be declared in the accompanying instructions of use.
Regulation (EU) 2024/1689, Article 15, Article 15
- Obligated entity
-
provider
- Action required
-
document
- Deadline
-
—
- Penalty
-
—
Obligation 3
High-risk AI systems shall be as resilient as possible regarding errors, faults, or inconsistencies, with technical and organisational measures taken, including technical redundancy solutions like backup or fail-safe plans.
Regulation (EU) 2024/1689, Article 15, Article 15
- Obligated entity
-
provider
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
Obligation 4
High-risk AI systems that continue to learn after being placed on the market shall be developed to eliminate or reduce the risk of biased outputs influencing future operations and ensure feedback loops are addressed with mitigation measures.
Regulation (EU) 2024/1689, Article 15, Article 15
- Obligated entity
-
provider
- Action required
-
mitigate
- Deadline
-
—
- Penalty
-
—
Obligation 5
High-risk AI systems shall be resilient against attempts by unauthorised third parties to alter their use, outputs, or performance by exploiting system vulnerabilities.
Regulation (EU) 2024/1689, Article 15, Article 15
- Obligated entity
-
provider
- Action required
-
secure
- Deadline
-
—
- Penalty
-
—
Obligation 6
Technical solutions to address AI specific vulnerabilities shall include measures to prevent, detect, respond to, resolve, and control for attacks such as data poisoning, model poisoning, adversarial examples, confidentiality attacks, or model flaws.
Regulation (EU) 2024/1689, Article 15, Article 15
- Obligated entity
-
provider
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
§ Deadlines
EU AI Act compliance deadlines
-
2025-02-02
Article 4 AI literacy
in_force
-
2025-02-02
Article 5 prohibitions (unacceptable risk)
in_force
-
2025-08-02
GPAI model obligations (Articles 51 to 56)
in_force
-
2026-08-02
Article 50(2) machine-readable marking (watermarking) of AI-generated content
provisionally_amended
-
2026-08-02
Article 50 transparency obligations OTHER than the 50(2) marking grace (for example disclosure that a user is interacting with an AI system)
scheduled
-
2026-08-02
Annex III stand-alone high-risk obligations
provisionally_amended
-
2026-08-02
National AI regulatory sandboxes (establishment deadline)
provisionally_amended
-
2026-12-02
NEW Article 5 prohibition: AI generation of non-consensual intimate imagery (NCII) and CSAM
provisionally_amended
-
2027-08-02
Annex I embedded (regulated-product) high-risk obligations
provisionally_amended
§ Frequently asked
Questions about Article 15
Who must comply with Article 15 of the AI Act?
+
provider.
What does Article 15 of the AI Act require?
+
design document implement