§ EU AI Act · Article 17

AI Act Article 17: Obligations, Deadlines & Penalties

Regulation (EU) 2024/1689, Article 17 · All obligations · EU AI Act · Full article analysis
At a glance
Article 17 of the AI Act imposes 19 obligations on provider.
§ Obligations

All obligations under Article 17

Obligation 1
Providers of high-risk AI systems shall put a quality management system in place that ensures compliance with this Regulation. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
establish
Deadline
Penalty
Obligation 2
The quality management system shall be documented in a systematic and orderly manner in the form of written policies, procedures and instructions. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
document
Deadline
Penalty
Obligation 3
The quality management system shall include a strategy for regulatory compliance, including compliance with conformity assessment procedures and procedures for the management of modifications to the high-risk AI system. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 4
The quality management system shall include techniques, procedures and systematic actions to be used for the design, design control and design verification of the high-risk AI system. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 5
The quality management system shall include techniques, procedures and systematic actions to be used for the development, quality control and quality assurance of the high-risk AI system. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 6
The quality management system shall include examination, test and validation procedures to be carried out before, during and after the development of the high-risk AI system, and the frequency with which they have to be carried out. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 7
The quality management system shall include technical specifications, including standards, to be applied and, where relevant harmonised standards are not applied in full or do not cover all requirements, the means to ensure compliance. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 8
The quality management system shall include systems and procedures for data management, including data acquisition, collection, analysis, labelling, storage, filtration, mining, aggregation, retention and other operations. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 9
The quality management system shall include the risk management system referred to in Article 9. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 10
The quality management system shall include the setting-up, implementation and maintenance of a post-market monitoring system, in accordance with Article 72. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 11
The quality management system shall include procedures related to the reporting of a serious incident in accordance with Article 73. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 12
The quality management system shall include the handling of communication with national competent authorities, other relevant authorities, notified bodies, other operators, customers or other interested parties. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 13
The quality management system shall include systems and procedures for record-keeping of all relevant documentation and information. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 14
The quality management system shall include resource management, including security-of-supply related measures. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 15
The quality management system shall include an accountability framework setting out the responsibilities of the management and other staff with regard to all the aspects listed in this paragraph. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Obligation 16
The implementation of the quality management system aspects shall be proportionate to the size of the provider’s organisation. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
implement
Deadline
Penalty
Obligation 17
Providers shall respect the degree of rigour and the level of protection required to ensure the compliance of their high-risk AI systems with this Regulation. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
ensure
Deadline
Penalty
Obligation 18
Providers subject to obligations regarding quality management systems under relevant sectoral Union law may include the aspects listed in paragraph 1 as part of the quality management systems pursuant to that law. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Action required
include
Deadline
Penalty
Exemptions
Providers subject to sectoral Union law quality management obligations
Obligation 19
For financial institutions, the obligation to put in place a quality management system (except for points g, h, and i) shall be deemed fulfilled by complying with rules on internal governance arrangements or processes pursuant to relevant Union financial services law. Regulation (EU) 2024/1689, Article 17, Article 17
Obligated entity
provider
Sector scope
financial institutions
Action required
comply
Deadline
Penalty
Exemptions
Financial institutions complying with Union financial services law internal governance rules
§ Deadlines

EU AI Act compliance deadlines

§ Frequently asked

Questions about Article 17

Who must comply with Article 17 of the AI Act? +
provider.
What does Article 17 of the AI Act require? +
establish document include
Need a cross-border briefing on AI Act Article 17?
Search Fontvera ↵
All EU obligation pages  ·  All EU AI Act articles  ·  AI Act Article 17 deep analysis