The risk-management system should consist of a continuous, iterative process that is planned and run throughout the entire lifecycle of a high-risk AI system. That process should be aimed at identifying and mitigating the relevant risks of AI systems on health, safety and fundamental rights. The risk-management system should be regularly reviewed and updated to ensure its continuing effectiveness, as well as justification and documentation of any significant decisions and actions taken subject to this Regulation. This process should ensure that the provider identifies risks or adverse impacts and implements mitigation measures for the known and reasonably foreseeable risks of AI systems to the health, safety and fundamental rights in light of their intended purpose and reasonably foreseeable misuse, including the possible risks arising from the interaction between the AI system and the environment within which it operates. The risk-management system should adopt the most appropriate risk-management measures in light of the state of the art in AI. When identifying the most appropriate risk-management measures, the provider should document and explain the choices made and, when relevant, involve experts and external stakeholders. In identifying the reasonably foreseeable misuse of high-risk AI systems, the provider should cover uses of AI systems which, while not directly covered by the intended purpose and provided for in the instruction for use may nevertheless be reasonably expected to result from readily predictable human behaviour in the context of the specific characteristics and use of a particular AI system. Any known or foreseeable circumstances related to the use of the high-risk AI system in accordance with its intended purpose or under conditions of reasonably foreseeable misuse, which may lead to risks to the health and safety or fundamental rights should be included in the instructions for use that are provided by the provider. This is to ensure that the deployer is aware and takes them into account when using the high-risk AI system. Identifying and implementing risk mitigation measures for foreseeable misuse under this Regulation should not require specific additional training for the high-risk AI system by the provider to address foreseeable misuse. The providers however are encouraged to consider such additional training measures to mitigate reasonable foreseeable misuses as necessary and appropriate.
Table of contents
Section 1: Classification of AI Systems as High-Risk
Article 6: Classification Rules for High-Risk AI Systems
Article 7: Amendments to Annex III
Section 2: Requirements for High-Risk AI Systems
Article 8: Compliance with the Requirements
Article 9: Risk Management System
Article 10: Data and Data Governance
Article 11: Technical Documentation
Article 13: Transparency and Provision of Information to Deployers
Article 15: Accuracy, Robustness and Cybersecurity
Section 3: Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
Article 16: Obligations of Providers of High-Risk AI Systems
Article 17: Quality Management System
Article 18: Documentation Keeping
Article 19: Automatically Generated Logs
Article 20: Corrective Actions and Duty of Information
Article 21: Cooperation with Competent Authorities
Article 22: Authorised Representatives of Providers of High-Risk AI Systems
Article 23: Obligations of Importers
Article 24: Obligations of Distributors
Article 25: Responsibilities Along the AI Value Chain
Article 26: Obligations of Deployers of High-Risk AI Systems
Article 27: Fundamental Rights Impact Assessment for High-Risk AI Systems
Section 4: Notifying Authorities and Notified Bodies
Article 28: Notifying Authorities
Article 29: Application of a Conformity Assessment Body for Notification
Article 30: Notification Procedure
Article 31: Requirements Relating to Notified Bodies
Article 32: Presumption of Conformity with Requirements Relating to Notified Bodies
Article 33: Subsidiaries of Notified Bodies and Subcontracting
Article 34: Operational Obligations of Notified Bodies
Article 35: Identification Numbers and Lists of Notified Bodies
Article 36: Changes to Notifications
Article 37: Challenge to the Competence of Notified Bodies
Article 38: Coordination of Notified Bodies
Article 39: Conformity Assessment Bodies of Third Countries
Section 5: Standards, Conformity Assessment, Certificates, Registration
Article 40: Harmonised Standards and Standardisation Deliverables
Article 41: Common Specifications
Article 42: Presumption of Conformity with Certain Requirements
Article 43: Conformity Assessment
Article 45: Information Obligations of Notified Bodies
Article 46: Derogation from Conformity Assessment Procedure
Section 1: Classification Rules
Section 2: Obligations for Providers of General-Purpose AI Models
Article 53: Obligations for Providers of General-Purpose AI Models
Article 54: Authorised Representatives of Providers of General-Purpose AI Models
Section 3: Obligations of Providers of General-Purpose AI Models with Systemic Risk
Article 55: Obligations for Providers of General-Purpose AI Models with Systemic Risk
Article 57: AI Regulatory Sandboxes
Article 58: Detailed Arrangements for, and Functioning of, AI Regulatory Sandboxes
Article 60: Testing of High-Risk AI Systems in Real World Conditions Outside AI Regulatory Sandboxes
Article 62: Measures for Providers and Deployers, in Particular SMEs, Including Start-Ups
Section 1: Governance at Union Level
Article 65: Establishment and Structure of the European Artificial Intelligence Board
Article 66: Tasks of the Board
Article 68: Scientific Panel of Independent Experts
Article 69: Access to the Pool of Experts by the Member States
Section 2: National Competent Authorities
Article 70: Designation of National Competent Authorities and Single Point of Contact
Section 1: Post-Market Monitoring
Section 2: Sharing of Information on Serious Incidents
Article 73: Reporting of Serious Incidents
Article 74: Market Surveillance and Control of AI Systems in the Union Market
Article 75: Mutual Assistance, Market Surveillance and Control of General-Purpose AI Systems
Article 76: Supervision of Testing in Real World Conditions by Market Surveillance Authorities
Article 77: Powers of Authorities Protecting Fundamental Rights
Article 79: Procedure at National Level for Dealing with AI Systems Presenting a Risk
Article 81: Union Safeguard Procedure
Article 82: Compliant AI Systems Which Present a Risk
Article 83: Formal Non-Compliance
Article 84: Union AI Testing Support Structures
Article 85: Right to Lodge a Complaint with a Market Surveillance Authority
Article 86: Right to Explanation of Individual Decision-Making
Article 87: Reporting of Infringements and Protection of Reporting Persons
Article 88: Enforcement of the Obligations of Providers of General-Purpose AI Models
Article 89 : Monitoring Actions
Article 90: Alerts of Systemic Risks by the Scientific Panel
Article 91: Power to Request Documentation and Information
Article 92: Power to Conduct Evaluations
Article 93: Power to Request Measures
Article 94: Procedural Rights of Economic Operators of the General-Purpose AI Model
Article 95: Codes of Conduct for Voluntary Application of Specific Requirements
Article 96: Guidelines from the Commission on the Implementation of this Regulation
Article 100: Administrative Fines on Union Institutions, Bodies, Offices and Agencies
Article 101: Fines for Providers of General-Purpose AI Models
Article 102: Amendment to Regulation (EC) No 300/2008
Article 103: Amendment to Regulation (EU) No 167/2013
Article 104: Amendment to Regulation (EU) No 168/2013
Article 105: Amendment to Directive 2014/90/EU
Article 106: Amendment to Directive (EU) 2016/797
Article 107: Amendment to Regulation (EU) 2018/858
Article 108: Amendments to Regulation (EU) 2018/1139
Article 109: Amendment to Regulation (EU) 2019/2144
Article 110: Amendment to Directive (EU) 2020/1828
Recitals
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
Annexes
Annex I: List of Union Harmonisation Legislation
Annex II: List of Criminal Offences Referred to in Article 5(1), First Subparagraph, Point (h)(iii)
Annex III: High-Risk AI Systems Referred to in Article 6(2)
Annex IV: Technical Documentation Referred to in Article 11(1)
Annex V: EU Declaration of Conformity
Annex VI: Conformity Assessment Procedure Based on Internal Control
Search within the Act
Recital 65
NOTE: This translation is a machine-generated translation. It is not the official translation provided by the European Parliament. When the AI Act is published in the official journal, the machine-generated translations will be replaced by the official translations.
Feedback – We are working to improve this tool. Please send feedback to Taylor Jones at taylor@futureoflife.org
View the official text, or browse it online using our AI Act Explorer. The text used in this tool is the ‘Artificial Intelligence Act (Regulation (EU) 2024/1689), Official Journal version of 13 June 2024’. Interinstitutional File: 2021/0106(COD)