EU AI Act Navigator BETA

Chapter I sets the foundations of the Act. It explains what the Act is for, who it applies to, what the key terms mean, and what every organisation using AI must do regardless of risk level. Anyone working out whether the Act applies to them starts here.

Article 1 — Subject matter

• Establishes harmonised rules across the EU for placing AI on the market, putting it into service, and using it.
• States the dual purpose of the Act: to support innovation while protecting health, safety, fundamental rights, democracy, the rule of law, and the environment.
• Sets out the structure of obligations by risk category, including prohibitions, high-risk requirements, transparency duties, and rules for general-purpose AI.

Article 2 — Scope

• Applies to providers placing AI systems on the EU market, regardless of where they are established (including outside the EU).
• Applies to deployers established in the EU and, in some cases, to providers and deployers outside the EU where the output is used in the EU.
• Also applies to importers, distributors, product manufacturers, authorised representatives, and affected persons located in the EU.
• Excludes AI used exclusively for military, defence, or national security purposes; AI developed solely for scientific research; AI in pre-market research and testing; and personal non-professional use.
• Does not override GDPR, sectoral law, or worker protection rules; the Act sits alongside them.

Article 3 — Definitions

Defines the core terms used throughout the Act, including “AI system”, “general-purpose AI model”, “provider”, “deployer”, “importer”, “distributor”, “operator”, “authorised representative”, and “placing on the market”.

The definition of “AI system” follows the OECD approach: a machine-based system that infers, from inputs it receives, how to generate outputs such as predictions, content, recommendations or decisions, with some degree of autonomy and adaptiveness.

These definitions determine who carries which obligations, and misclassification is the most common source of compliance error.

Article 4 — AI literacy

Requires providers and deployers to ensure a sufficient level of AI literacy among staff and any other persons operating or using AI systems on their behalf.

Literacy must be proportionate to the role, the context of use, and the persons or groups affected by the system.

Applies to all AI systems, not only high-risk ones, and is one of the earliest obligations to take effect (in force from 2 February 2025).

No prescribed format: training, written guidance, internal policies, or other measures may all satisfy the obligation, provided they are documented and proportionate.

Article 5 sets the absolute ceiling. The uses of AI listed here are banned outright in the EU, regardless of safeguards, consent, or commercial benefit.

Anyone placing on the market, putting into service, or using such a system faces the highest tier of fines under the Act — up to €35 million or 7% of global annual turnover. The prohibitions have applied since 2 February 2025, ahead of most other obligations under the Act.

Eight prohibited practices (Article 5(1))

• Subliminal, manipulative or deceptive techniques that materially distort a person’s behaviour by impairing their ability to make an informed decision, where this causes or is likely to cause significant harm.
• Exploitation of vulnerabilities linked to age, disability, or a specific social or economic situation, where this materially distorts behaviour and causes or is likely to cause significant harm.
• Social scoring by public or private actors that evaluates or classifies people based on social behaviour or personal characteristics, where the score leads to detrimental treatment in unrelated contexts or treatment that is unjustified or disproportionate.
• Predictive policing based solely on profiling or personality traits to assess the risk of a person committing a criminal offence. AI tools that support human assessment based on objective, verifiable facts already linked to criminal activity remain permitted.
• Untargeted scraping of facial images from the internet or CCTV to create or expand facial recognition databases.
• Emotion inference in the workplace and in education, except where the system is used for medical or safety reasons.
• Biometric categorisation that deduces or infers race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation. Lawful labelling or filtering of biometric datasets and certain law enforcement uses are excluded.
• Real-time remote biometric identification in publicly accessible spaces for law enforcement, subject to narrow exceptions (see below).

Law enforcement exception for real-time biometric ID (Article 5(1)(h) and 5(2)–(7))

Permitted only for: targeted search for victims of abduction, trafficking, or sexual exploitation; searches for missing persons; prevention of a specific, substantial and imminent threat to life or of a foreseeable terrorist attack; or locating or identifying a suspect for a serious offence listed in Annex II punishable by at least four years’ detention.

Each deployment requires prior authorisation by a judicial or independent administrative authority, except in urgent cases where authorisation must be sought within 24 hours.

A fundamental rights impact assessment under Article 27 and registration in the EU database under Article 49 are mandatory.

No adverse legal decision may be taken solely on the system’s output.
Member States may legislate to permit these uses within the Article 5 limits, or impose stricter rules. National authorities report annually to the Commission, which publishes aggregated reports.

Key compliance points

Article 5 binds providers, deployers, importers, and distributors. There is no derogation for SMEs, research, or sandbox use.

The prohibition applies on the basis of the system’s purpose or effect, not the intent of the operator.

A system marketed for a permitted use can still fall within Article 5 if its actual effect meets the prohibition.

Article 5(8) preserves any stricter prohibitions under other Union law, including GDPR, the Law Enforcement Directive, and equality law.

Last reviewed: 15 May 2026.

Chapter III is the operative core of the Act for most regulated businesses. It defines which AI systems count as high-risk, sets the substantive requirements those systems must meet, allocates obligations across the value chain from provider to deployer, and lays out the conformity assessment and registration machinery before placing such a system on the EU market.

The Chapter spans 44 Articles in five sections. Most obligations apply from 2 August 2026; certain high-risk systems embedded in regulated products under Annex I have until 2 August 2027.

Section 1 — Classification of AI systems as high-risk (Articles 6–7)

• An AI system is high-risk under one of two routes: (i) it is a safety component of, or itself is, a product covered by EU harmonisation legislation listed in Annex I (for example medical devices, machinery, toys, lifts) and that product is subject to third-party conformity assessment; or (ii) it falls within one of the eight use-case areas in Annex III: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services, law enforcement, migration and border control, and administration of justice and democratic processes.
• Article 6(3) provides a filter for Annex III systems: a system is not high-risk if it performs only a narrow procedural task, improves the result of a previously completed human activity, detects decision-making patterns without replacing or influencing the human assessment, or performs preparatory work for an assessment relevant to Annex III use cases. The exception does not apply where the system profiles natural persons.
• Providers relying on Article 6(3) must document their assessment and register the system in the EU database. Misuse of the exception is a basis for enforcement action under Article 80.
• Article 7 empowers the Commission to amend Annex III by delegated act, adding new high-risk use cases or modifying existing ones, against criteria including severity, scale, and reversibility of harm.

Section 2 — Requirements for high-risk AI systems (Articles 8–15)

Every high-risk system must satisfy seven substantive requirements, each generating its own evidence trail:

• Article 8 — Compliance: requirements apply throughout the lifecycle and must take into account the intended purpose and the state of the art.
• Article 9 — Risk management system: a continuous, iterative process to identify, evaluate and mitigate foreseeable risks to health, safety and fundamental rights, including residual risks communicated to deployers.
• Article 10 — Data and data governance: training, validation and testing datasets must be relevant, representative, free of errors and complete to the extent possible, with documented governance over collection, labelling, and bias detection. Special category data may be processed under strict conditions for bias correction.
• Article 11 — Technical documentation: the dossier specified in Annex IV must exist before the system is placed on the market and be kept up to date.
• Article 12 — Record-keeping: automatic logging of events relevant to identifying risks, with retention proportionate to the intended purpose.
• Article 13 — Transparency to deployers: instructions for use must enable deployers to understand the system’s capabilities, limitations, intended purpose, accuracy metrics, and human oversight measures.
• Article 14 — Human oversight: design must enable natural persons to oversee operation, intervene, and override outputs.
• Article 15 — Accuracy, robustness and cybersecurity: the system must achieve appropriate levels of each across the lifecycle, with resilience against errors, faults and adversarial attacks.

Section 3 — Obligations across the value chain (Articles 16–27)

• Providers (Articles 16–22) carry the primary obligation set: ensuring the system meets Section 2 requirements, operating a quality management system (Article 17), keeping documentation (Article 18) and logs (Article 19), taking corrective action and informing authorities of non-compliance (Article 20), cooperating with competent authorities (Article 21), and where established outside the EU, appointing an authorised representative in the Union (Article 22).
• Importers (Article 23) and distributors (Article 24) must verify the provider’s compliance, including CE marking, EU declaration of conformity and accompanying documentation, before making the system available on the market.
• Article 25 governs the value chain: distributors, importers, deployers or third parties become providers in their own right if they put their name on a high-risk system, substantially modify it, or repurpose a non-high-risk system into a high-risk use. The original provider must support the new provider with the information needed to comply.
• Deployers (Article 26) must use the system in accordance with instructions, assign human oversight to competent persons, monitor operation, keep logs for at least six months, inform workers and their representatives where the system is used in the workplace, and cooperate with authorities.
• Article 27 requires a fundamental rights impact assessment by deployers that are public bodies or private bodies providing public services, and by certain deployers in banking and insurance, before first use of an Annex III high-risk system.

Section 4 — Notifying authorities and notified bodies (Articles 28–39)

• Each Member State designates a notifying authority responsible for assessing, designating and monitoring conformity assessment bodies.
• Notified bodies are the independent third parties that carry out conformity assessment where it is required. They must meet requirements on independence, competence, impartiality and resources, and are subject to ongoing supervision.
• The section covers application procedures, identification numbers, subcontracting limits, coordination across Member States, and the recognition of conformity assessment bodies established in third countries.

Section 5 — Standards, conformity assessment, certificates, registration (Articles 40–49)

• Article 40 establishes that conformity with harmonised standards published in the Official Journal gives a presumption of conformity with Section 2 requirements. Article 41 allows the Commission to adopt common specifications where harmonised standards are absent or insufficient.
• Article 43 sets out the conformity assessment procedure: internal control (Annex VI) is the default for most Annex III systems; third-party assessment by a notified body (Annex VII) applies to biometric systems where harmonised standards are not used, and to systems falling under Annex I product legislation following the relevant sectoral procedure.
• Article 44 governs certificates issued by notified bodies, including their validity, suspension and withdrawal.
• Article 46 permits derogation from conformity assessment in exceptional circumstances of public security, life, health or environmental protection, on authorisation of a market surveillance authority.
• Article 47 requires the provider to draw up an EU declaration of conformity. Article 48 requires CE marking before placing on the market.
• Article 49 requires registration of the system, and in some cases of the provider and deployer, in the EU database established under Article 71, before the system is placed on the market or put into service.

Key compliance points

• The classification decision under Article 6 is the gateway to the entire Chapter. Misclassification, in either direction, is the most common source of enforcement risk: under-classification triggers Article 80 procedures and fines; over-classification imposes costs that the Act does not require.
• Conformity must be demonstrable before the system is placed on the market. The evidence base — risk management file, technical documentation, data governance records, logs, declaration of conformity — must exist at that point, not be built afterwards.
• Provider and deployer obligations are distinct but linked. Deployers cannot remedy provider failings, and provider instructions for use are the document that allocates the operational compliance burden between them.
• Article 25 means that customisation, fine-tuning, rebranding or repurposing of a third-party AI system can transfer provider obligations to the deployer. This is the single most overlooked obligation transfer in practice.
• The Chapter sits alongside Annexes I, III, IV, VI and VII, which carry operative content. The Article text alone is not sufficient to determine obligations.

Last reviewed: 15 May 2026.

Chapter IV consists of a single Article. It imposes transparency obligations on AI systems that interact with people, generate or manipulate content, or process biometric and emotional data, regardless of risk classification.

The point is straightforward: people should know when they are dealing with an AI, when content they see has been generated or altered by an AI, and when their biometric or emotional data is being processed.

The obligations apply on top of, not instead of, the high-risk requirements in Chapter III. Article 50 applies from 2 August 2026.

Provider obligations

Article 50(1) — Disclose AI interaction: providers of AI systems intended to interact directly with natural persons must design the system so that users are informed they are interacting with an AI, unless this is obvious to a reasonably well-informed person in the circumstances.

Excluded: AI systems authorised by law to detect, prevent, investigate or prosecute criminal offences, unless those systems are available to the public for reporting offences.

Article 50(2) — Mark synthetic content: providers of AI systems generating synthetic audio, image, video or text must mark the outputs in a machine-readable format and ensure they are detectable as artificially generated or manipulated.

Technical solutions must be effective, interoperable, robust and reliable, as far as technically feasible and taking into account the state of the art.

Excluded: assistive functions for standard editing, systems that do not substantially alter the input or its semantics, and uses authorised by law for criminal enforcement.

Deployer obligations

Article 50(3) — Disclose emotion recognition and biometric categorisation: deployers must inform exposed persons that the system is operating and process personal data in line with GDPR, Regulation 2018/1725 and the Law Enforcement Directive.

Excluded: systems permitted by law for criminal enforcement, with appropriate safeguards.

Article 50(4) — Disclose deepfakes and AI-generated text on matters of public interest: deployers of systems that generate or manipulate image, audio or video constituting a deepfake must disclose that the content is artificial.

Where the content is part of an evidently artistic, creative, satirical or fictional work, the obligation reduces to disclosing the existence of the generated content in a manner that does not interfere with the work.

For AI-generated or manipulated text published to inform the public on matters of public interest, deployers must disclose the AI origin, unless the use is authorised by law for criminal enforcement or the content has undergone human review with editorial responsibility held by a natural or legal person.

How and when the information must be provided

Article 50(5): information must be clear, distinguishable, and given no later than the first interaction or exposure. It must meet applicable accessibility requirements (Directive (EU) 2019/882 on accessibility).

Article 50(6): Article 50 obligations are without prejudice to Chapter III high-risk requirements and to other transparency duties under Union or national law (GDPR, DSA, consumer law, sectoral rules).

Codes of practice and Commission powers

Article 50(7): the AI Office facilitates Union-level codes of practice for detection and labelling of artificially generated content. The Commission may approve such codes by implementing act under Article 56(6), or, if codes are inadequate, adopt common rules under Article 98(2) examination procedure.

Key compliance points

Article 50 catches systems that are not high-risk. A chatbot, an image generator, a voice synthesiser, or an emotion-detection tool used outside the workplace and education contexts (which would fall under Article 5) is still subject to Chapter IV regardless of risk tier.

The marking obligation under Article 50(2) sits with the provider. The disclosure obligations under Article 50(3) and (4) sit with the deployer. The two are distinct and both must be satisfied in the value chain.

The “obvious” exception in Article 50(1) is narrower than it reads. It applies to the reasonably well-informed, observant and circumspect person, not the average user.

Embedded AI in a customer service flow is rarely obvious enough to rely on the exception.

The editorial-responsibility carve-out in Article 50(4) for AI-generated text is the route most newsrooms and publishers will rely on, but it requires a documented human review process and a named person or entity holding editorial responsibility — not a nominal sign-off.

The machine-readable marking obligation under Article 50(2) will be operationalised through technical standards and codes of practice. Providers that ship synthetic content systems before those standards are finalised remain bound by the obligation to use the best available state of the art.

Article 50 obligations apply alongside GDPR for biometric and emotion data, the Digital Services Act for very large online platforms, and the Audiovisual Media Services Directive for media services. Compliance under Article 50 does not exhaust the disclosure duties applicable in any given case.

Last reviewed: 15 May 2026.

Chapter V regulates the upstream layer of the AI stack: the foundation models that downstream providers integrate into AI systems. It is the only Chapter in the Act that applies directly to model providers as such, rather than to system providers and deployers.

The Chapter creates a two-tier regime: baseline obligations for every general-purpose AI (“GPAI”) model placed on the EU market, and additional obligations for the small set of models classified as posing systemic risk.

The Chapter spans six Articles in four sections and applies from 2 August 2025. Enforcement sits with the AI Office at Union level rather than with national authorities. Penalties for GPAI providers reach 3% of global annual turnover or €15 million, whichever is higher, under Article 101.

Section 1 — Classification rules (Articles 51–52)

Article 51 — Classification as GPAI with systemic risk: a GPAI model is classified as having systemic risk if it has high-impact capabilities, assessed against the criteria in Annex XIII (model parameters, dataset size and quality, compute used for training, modalities, benchmarks, downstream reach and number of registered business users).

A presumption of systemic risk applies where cumulative compute used for training exceeds 10²⁵ floating point operations (FLOPs). The Commission may amend the threshold and the Annex XIII criteria by delegated act.

Article 52 — Procedure: providers must notify the Commission within two weeks of meeting, or being able to foresee meeting, the classification threshold. Providers may submit arguments to rebut the systemic risk classification on the basis that their model does not present systemic risks.

The Commission may designate a model as systemic risk on its own initiative or on a qualified alert from the Scientific Panel, and publishes a list of designated models.

Section 2 — Obligations for all GPAI providers (Articles 53–54)

Article 53 — Baseline obligations: providers of every GPAI model placed on the EU market must:

• Draw up and keep up to date the technical documentation of the model in accordance with Annex XI, including training and testing processes and evaluation results, and make it available to the AI Office and national competent authorities on request;
• Draw up, keep up to date and make available to downstream providers integrating the model the information set out in Annex XII, enabling them to understand the model’s capabilities and limitations and to comply with their own obligations;
• Put in place a policy to comply with Union copyright law, including by identifying and respecting reservations of rights expressed under Article 4(3) of the Copyright Directive (the text and data mining opt-out);
  draw up and make publicly available a sufficiently detailed summary of the content used for training the model, on the basis of a template provided by the AI Office.

Free and open-source exception (Article 53(2)): the documentation obligations under Article 53(1)(a) and (b) do not apply to GPAI models released under a free and open-source licence whose parameters, including weights, architecture and information on model usage, are made publicly available, provided the model is not classified as systemic risk. The copyright policy and training-data summary obligations apply regardless.

Article 54 — Authorised representatives: providers established outside the EU must, before placing a GPAI model on the Union market, appoint an authorised representative established in the EU by written mandate. The representative verifies that the technical documentation is in order, keeps a copy for ten years, cooperates with the AI Office, and serves as the contact point for compliance matters.

The obligation does not apply to providers of free and open-source GPAI models that are not classified as systemic risk.

Section 3 — Obligations for GPAI providers with systemic risk (Article 55)

In addition to the Section 2 baseline, providers of GPAI models with systemic risk must:

• Perform model evaluation in accordance with standardised protocols and tools reflecting the state of the art, including adversarial testing of the model, to identify and mitigate systemic risks;
• Assess and mitigate possible systemic risks at Union level, including their sources, that may stem from the development, placing on the market or use of the model;
• Track, document and report without undue delay to the AI Office and, where appropriate, national competent authorities, relevant information about serious incidents and possible corrective measures;
• Ensure an adequate level of cybersecurity protection for the model and its physical infrastructure.

Providers may rely on codes of practice under Article 56 to demonstrate compliance until harmonised standards are published.

Section 4 — Codes of practice (Article 56)

The AI Office and the AI Board facilitate the drawing up of codes of practice at Union level to support proper application of the Chapter V obligations.

Codes must cover at least the obligations in Articles 53 and 55 and may include detail on how to keep technical documentation current, the level of detail of the training-data summary, identification of systemic risks, and risk mitigation measures.

The Commission may approve a code of practice by implementing act and give it general validity within the Union. Where codes are not finalised or the Commission considers them inadequate, common rules may be set by implementing act.

Compliance with an approved code creates a presumption of conformity with the corresponding Chapter V obligations.

Key compliance points

The threshold question is whether a model is a “general-purpose AI model” within the Article 3 definition: a model trained on a large amount of data using self-supervision at scale, displaying significant generality and capable of competently performing a wide range of distinct tasks. Narrow domain-specific models fall outside the Chapter, regardless of size.

The 10²⁵ FLOPs presumption is a presumption, not a definition. A model below the threshold can still be designated as systemic risk under Article 52, and a model above it can rebut the presumption.

The training-data summary obligation in Article 53(1)(d) applies to every GPAI provider, including open-source providers. The template is set by the AI Office. The level of detail required is “sufficiently detailed” — narrower than full disclosure, broader than a list of categories.

The copyright policy obligation in Article 53(1)(c) is the operative compliance link to Article 4(3) of the Copyright Directive. Providers must have a mechanism to identify and honour text and data mining opt-outs expressed by rightholders.

Downstream providers integrating a GPAI model into their own AI system rely on the Annex XII information to discharge their obligations under Chapter III. A gap in the upstream documentation is a compliance gap for every downstream integrator. Procurement contracts should secure the right to receive and rely on Annex XII information.

The open-source carve-out is narrow. Weights, architecture and usage information must all be public, the licence must be genuinely free and open-source, and the carve-out is lost on classification as systemic risk. Open-weight releases without architectural disclosure do not qualify.

Enforcement of Chapter V sits exclusively with the AI Office under Articles 88 to 94, not with national market surveillance authorities. The procedural rights of providers, including the right to be heard before a final decision, are set out in Article 94.

Last reviewed: 15 May 2026.

Chapter VI is the counterweight to the obligation-heavy Chapters that precede it. It creates the legal infrastructure for developing and testing AI under regulatory supervision before market entry, and provides targeted relief for SMEs and start-ups.

The Chapter covers regulatory sandboxes, real-world testing of high-risk systems, the lawful basis for further processing of personal data in the public interest, and concessions for smaller operators.

Most provisions apply from 2 August 2026, although Member States were required to have at least one operational sandbox by that date. The Chapter spans seven Articles.

Article 57 — AI regulatory sandboxes

Each Member State must establish at least one AI regulatory sandbox at national level, operational by 2 August 2026. Sandboxes may also be established jointly with other Member States or at regional level.
A sandbox is a controlled framework set up by a competent authority that offers providers and prospective providers the possibility to develop, train, validate and test innovative AI systems for a limited time before placing them on the market, under regulatory supervision.

Participation is free of charge for SMEs and start-ups, except for exceptional costs that authorities may recover in a fair and proportionate manner.

Sandboxes must support the development of AI systems that comply with the Act, accelerate access to the EU market for SMEs and start-ups, contribute to evidence-based regulatory learning, and facilitate cooperation between authorities.

Competent authorities cannot impose administrative fines for infringements of the Act identified within the sandbox, provided participants follow the sandbox plan and act in good faith. Liability under Union or national law for damage caused to third parties is preserved.

Article 58 — Detailed arrangements for sandboxes

The Commission must adopt implementing acts setting common rules on eligibility, application procedures, selection, participation, exit, monitoring, and the rights and obligations of participants and authorities.

The arrangements must give priority access to SMEs and start-ups, allow cross-border collaboration between authorities, and provide for an exit report that participants may use to demonstrate compliance.

Authorities cooperate within the AI Board and report annually to the AI Office and the Commission on sandbox results, lessons learned, and recommendations.

Article 59 — Further processing of personal data in the sandbox

Provides a legal basis under GDPR Article 6(4) for further processing of personal data lawfully collected for other purposes, where the processing is for developing, training and testing AI systems in the sandbox and in the public interest.

Strict cumulative conditions apply: the AI system must serve substantial public interest in healthcare, environmental protection, energy sustainability, transport safety, critical infrastructure, public sector efficiency, public safety, or fundamental rights protection; the data must be necessary and not satisfiable by anonymised or synthetic data; effective monitoring and safeguards must be in place; data cannot be transmitted outside the sandbox; processing must not adversely affect data subjects; and personal data must be deleted at the end of sandbox participation.

Article 59 does not override sectoral data protection rules, and supervision by the competent data protection authority continues.

Article 60 — Testing of high-risk AI systems in real-world conditions outside sandboxes

Providers and prospective providers of Annex III high-risk systems may test in real-world conditions outside a sandbox, subject to a real-world testing plan approved by the market surveillance authority of the Member State concerned.

Testing is limited to six months, extendable once by six months. The plan must specify objectives, conditions, duration, monitoring, safeguards, and a clear process for suspension if risks materialise.
Testing must be registered in the EU database under Annex IX before it begins. Providers must report serious incidents under Article 73 and stop testing immediately where necessary.
Subjects of testing remain entitled to the protections of Article 61.

Article 61 — Informed consent for real-world testing

Natural persons participating in real-world testing must give freely-given, specific, unambiguous and informed consent before participation, in line with applicable data protection law.
Information provided to participants must cover the nature and objectives of the testing, the conditions, the expected duration, their rights and guarantees, the modalities for refusing or withdrawing consent, and the arrangements for requesting reversal or disregard of predictions, recommendations or decisions made by the AI system.

Consent must be documented. Withdrawal does not affect activities already carried out.

Article 62 — Measures for SMEs and start-ups

Member States must give SMEs and start-ups with a registered office or branch in the Union priority access to sandboxes, where eligibility criteria are met.

Awareness-raising, training, and support on the application of the Act must be organised for SMEs, start-ups, and where relevant, local public authorities.

Member States must establish dedicated channels of communication with SMEs, start-ups, deployers, innovators, and other relevant stakeholders.

Conformity assessment fees charged to SMEs by notified bodies must be reduced in proportion to their development stage, size, market demand and other relevant indicators.

The AI Office must provide standardised templates and tools to facilitate compliance, particularly for SMEs.

Article 63 — Derogations for specific operators

Microenterprises within the meaning of Recommendation 2003/361/EC may comply with certain elements of the quality management system under Article 17 in a simplified manner, provided they do not have partner enterprises or linked enterprises within the meaning of that Recommendation.

The Commission must develop guidelines specifying the elements of the quality management system that may be complied with in a simplified manner.

The derogation does not exempt microenterprises from any other obligation under the Act, including the substantive requirements of Chapter III Section 2 and the documentation and record-keeping obligations.

Key compliance points

Sandbox participation is voluntary. It does not exempt a participant from the Act, but it does provide regulatory supervision during development, an exit report usable as evidence of compliance, and a shield against administrative fines for infringements identified within the sandbox.

The Article 59 GDPR carve-out is narrow. Eight cumulative conditions must be met, and the most restrictive in practice are the public interest test, the necessity-of-personal-data test (which forces a serious anonymisation and synthetic-data assessment first), and the deletion obligation at exit.

Article 60 real-world testing is the only route to lawful pre-market testing of high-risk systems on real users outside a sandbox. It is heavily conditioned and creates its own evidence trail through the Annex IX registration and the testing plan.
Article 61 consent operates alongside, not instead of, GDPR consent where personal data is processed. Both bases of consent must be satisfied.

Article 62 obligations sit with Member States, not with providers. They are entitlements that SMEs and start-ups can claim, including reduced conformity assessment fees and priority sandbox access. Failure by a Member State to deliver these is a matter for the Commission and, ultimately, infringement proceedings.

Article 63 is the only operational derogation in the Act for smaller operators, and it is narrow: it applies only to microenterprises (fewer than 10 staff, turnover or balance sheet under €2 million), only to elements of the quality management system, and only to standalone enterprises. Partner or linked enterprise structures take a business outside the derogation regardless of headcount.

The Chapter does not relax the substantive requirements for high-risk AI in Chapter III. Sandbox participation, real-world testing, and SME measures change how compliance is assessed and supported, not what compliance requires.

Last reviewed: 15 May 2026.

Chapter VII builds the institutional architecture that runs the Act. It creates the bodies at Union level that interpret, coordinate and enforce the Regulation, and requires each Member State to designate the national authorities that supervise it on the ground.

The Chapter does not impose obligations on providers or deployers directly; it is structural law, defining who does what across the EU compliance ecosystem.

Most provisions apply from 2 August 2025, ahead of the substantive obligations on operators, so that the supervisory machinery is in place before enforcement begins. The Chapter spans seven Articles in two sections.

Section 1 — Governance at Union level (Articles 64–69)

Article 64 — AI Office

Establishes the AI Office within the European Commission as the central Union-level body responsible for the application and enforcement of the Act, with particular responsibility for general-purpose AI models under Chapter V.

The Office develops Union expertise and capabilities, contributes to the implementation of the Act, supports Member State authorities, and acts as the Commission’s interlocutor with industry, civil society and international partners.

Member States must facilitate the tasks of the AI Office, including by providing information and access necessary for the Office to perform its functions.

The detailed organisation and tasks of the AI Office are set by separate Commission decision; the Office was established by Commission Decision C(2024) 390 of 24 January 2024.

Article 65 — European Artificial Intelligence Board

Establishes the AI Board as the formal coordination body between Member States and the Commission on the application of the Act.
The Board is composed of one representative per Member State, with the European Data Protection Supervisor as observer. The AI Office attends without voting rights. The Commission chairs without voting rights.

The Board adopts its own rules of procedure, may establish standing or temporary sub-groups, and may invite experts and observers as needed.

Its mandate is coordination and harmonised application, including issuing recommendations and opinions on matters relating to the implementation of the Act.

Article 66 — Tasks of the Board

• Advises and assists the Commission and Member States to facilitate consistent and effective application of the Act.
• Coordinates national competent authorities, collects and shares technical and regulatory expertise, and issues opinions, recommendations and written contributions on application of the Act.
• Supports the development of guidelines, codes of practice and codes of conduct.
• Assists with consistent application of the Article 6 high-risk classification, the rules for general-purpose AI, and the sandbox framework.
• Contributes to the development of common criteria and shared understanding of key concepts in the Act, including on what constitutes substantial modification under Article 25.

Article 67 — Advisory Forum

Establishes an Advisory Forum to provide technical expertise to the Board and the Commission, and to feed stakeholder input into the implementation process.

Composition must reflect a balanced selection of stakeholders, including industry, start-ups, SMEs, civil society and academia. The Fundamental Rights Agency, ENISA, the European standardisation organisations (CEN, CENELEC, ETSI), and the Joint Research Centre are permanent members.

The Forum prepares opinions, recommendations and written contributions at the request of the Board or the Commission, or on its own initiative. Outputs are made publicly available.

The Forum adopts its own rules of procedure and selects two co-chairs from its membership.

Article 68 — Scientific Panel of Independent Experts

Establishes the Scientific Panel to support enforcement of the Act, particularly the GPAI provisions in Chapter V.

Panel members are selected by the Commission on the basis of scientific or technical expertise in the AI field, independence from any provider of AI systems or GPAI models, and integrity. Members are appointed in their personal capacity.

The Panel advises and supports the AI Office, particularly by alerting the Office to possible systemic risks at Union level under Article 90, contributing to the development of tools and methodologies for evaluating GPAI models, and advising on the classification of GPAI models with systemic risk.

The Panel may also support market surveillance authorities at their request, with cost recovery rules set by Commission implementing act.

Article 69 — Access to the pool of experts by Member States

Member States may call on the experts of the Scientific Panel to support their enforcement activities under the Act.

The Commission may require that Member States pay fees for the advice and support of the experts. Fee structures and access modalities are set by Commission implementing act.
The arrangement is intended to give smaller or less-resourced Member States access to specialist expertise without each having to build it independently.

Section 2 — National competent authorities (Article 70)

Article 70 — Designation of national competent authorities and single point of contact

Each Member State must designate at least one notifying authority and at least one market surveillance authority as national competent authorities for the purposes of the Act, by 2 August 2025.

One of the designated authorities must act as the single point of contact for the Member State, including towards the public and other Member State counterparts.

Member States must ensure that national competent authorities have adequate technical, financial and human resources, including sufficient expertise in AI technologies, data, computing, cybersecurity, fundamental rights, health and safety, and knowledge of existing standards and legal requirements.

The authorities must operate with the necessary independence, objectivity and impartiality to perform their tasks. Their members and staff are bound by professional secrecy.
Member States must report to the Commission, by 2 August 2025 and annually thereafter, on the status of the resources of their national competent authorities. The Commission communicates this information to the Board.

The market surveillance authority for AI systems used by law enforcement, border control, asylum and migration, or by judicial authorities, is the data protection supervisory authority under the Law Enforcement Directive (2016/680) or any other authority designated under the same conditions of independence.

Key compliance points

Operators interact with three layers of supervision: their national market surveillance authority for AI systems generally, the AI Office for GPAI models, and the European Data Protection Supervisor for AI systems used by EU institutions. Knowing which layer applies to which system is the operational starting point for any enforcement engagement.

The single point of contact under Article 70 is the practical entry point for cross-border enforcement, complaints and information requests. Each Member State publishes the designation; the AI Office maintains a consolidated list.

The Board, the Advisory Forum and the Scientific Panel are not enforcement bodies. They produce opinions, recommendations and methodologies that supervisors apply. Their outputs are not directly binding, but supervisors and courts will look to them in interpreting the Act.

Member State implementation of Article 70 has been uneven. Some Member States have designated a single existing authority (typically the data protection authority); others have created a new dedicated AI authority; others have split functions across sectoral regulators. The choice affects how an operator is supervised in practice and which legal procedural framework applies.

The Article 70 requirement that authorities have adequate resources and expertise is enforceable in principle but slow in practice. Where a national authority lacks capacity, the AI Office and the Board can support but cannot substitute.

Operators should expect significant national variation in the speed and quality of supervisory engagement, particularly in the first two to three years.

The independence requirement in Article 70 is a substantive procedural protection. Decisions taken by an authority that does not meet the independence test are vulnerable to challenge under national administrative law.

Last reviewed: 15 May 2026.

Chapter VIII consists of a single Article. It establishes the public-facing registration infrastructure for high-risk AI systems on the EU market. The database is the operational link between the registration obligations elsewhere in the Act (Articles 49 and 60) and the supervisory functions of national authorities and the Commission.

Some information is public, some is restricted to authorities. Article 71 applies from 2 August 2026, in line with the high-risk obligations it supports.

Article 71 — EU database for high-risk AI systems

The Commission, in collaboration with Member States, establishes and maintains an EU database containing information referred to in Article 49(1), (2) and (3) and Article 60 on high-risk AI systems listed in Annex III, and on real-world testing under Article 60. Annex I high-risk systems registered under sectoral legislation (medical devices, machinery and the like) are not registered in the EU database; they remain registered under their sectoral regime.

The Commission acts as data controller for the database and provides technical and administrative support to those obliged to register.

The database holds information set out in Annexes VIII and IX, covering the identity of the provider and where relevant the deployer, a description of the AI system, its intended purpose, its compliance status, and the relevant CE marking and conformity assessment details.

Information in the database is accessible to the public in a user-friendly manner, except where the system is intended for use in law enforcement, migration, asylum and border control, or by judicial authorities and democratic processes.

For those categories, registration is in a non-public part of the database accessible only to the Commission and national market surveillance authorities, with limited fields visible publicly.

Personal data is processed in accordance with GDPR, Regulation 2018/1725 and the Law Enforcement Directive. Only the personal data strictly necessary for registration and supervision is processed.

The database must be accessible, machine-readable, and navigable. Information must be provided in a structured electronic format and in the languages specified by implementing act.

Key compliance points

Registration under Article 49 is a precondition for placing an Annex III high-risk AI system on the market or putting it into service. The system must be registered before it goes live, not after.

The provider registers the system.

The deployer additionally registers where the deployer is a public authority, an agency, an EU body, or a private body acting on behalf of a public authority (Article 49(3)). The two registrations are linked in the database.

The Article 6(3) exception route requires its own registration. Where a provider considers an Annex III system not to be high-risk under the filter in Article 6(3), the system and the supporting assessment must still be registered. This is the database mechanism that allows supervisors to identify and challenge over-broad use of the exception under Article 80.

Real-world testing under Article 60 must be registered before testing begins, using the information set out in Annex IX. The registration is the operational basis for supervisory oversight of testing.

Public visibility is a compliance signal, not just a transparency feature. Customers, civil society, journalists and competitors can search the database. Registration entries are a public-facing representation of the operator’s compliance position; gaps and inconsistencies are detectable from outside.

The law enforcement, migration and judicial-process carve-out narrows public access but does not exempt operators from registration. The same fields are filled in; only visibility is restricted.

The database does not replace the technical documentation, conformity assessment, or declaration of conformity obligations. It is an additional layer of public registration, supplied from those underlying documents.

The Commission’s role as data controller means complaints about the database itself, including accuracy and access requests, are directed to the Commission under Regulation 2018/1725, not to national authorities.

Last reviewed: 15 May 2026.

Chapter IX is the operative chapter for enforcement of the Act. It sets out how providers monitor their own high-risk systems after deployment, how serious incidents are reported, how market surveillance authorities supervise and intervene, what remedies are available to affected persons, and how the AI Office enforces the GPAI obligations in Chapter V.

The Chapter is structured around five sections and runs from Article 72 to Article 94. Most provisions apply from 2 August 2026 in step with the high-risk obligations they enforce; the GPAI enforcement provisions in Section 5 apply from 2 August 2025 alongside Chapter V.

Section 1 — Post-market monitoring (Article 72)

Providers of high-risk AI systems must establish and document a post-market monitoring system that is proportionate to the nature of the system and its risks.

The system must actively and systematically collect, document and analyse relevant data on the performance of the high-risk system throughout its lifecycle, including data provided by deployers or collected through other sources, and allow the provider to evaluate continuous compliance with the requirements in Chapter III Section 2.

The provider must follow a post-market monitoring plan that forms part of the technical documentation under Annex IV. The Commission adopts a template for the plan by implementing act.

For high-risk systems covered by Annex I product legislation, the post-market monitoring system must be integrated with the post-market surveillance system already required under that legislation, to avoid duplication.

Section 2 — Sharing of information on serious incidents (Article 73)

Providers of high-risk AI systems placed on the EU market must report any serious incident to the market surveillance authority of the Member State where the incident occurred.
A “serious incident” under Article 3(49) covers death, serious harm to health, serious and irreversible disruption of critical infrastructure, infringement of fundamental rights obligations under Union law, or serious harm to property or the environment.

Reporting deadlines are graduated by severity:

• Immediately and no later than 15 days after the provider becomes aware of the incident;
• 10 days for serious and irreversible disruption of critical infrastructure or death;
• 2 days for widespread infringement or serious disruption.

The provider must carry out an investigation, including a risk assessment and corrective action, and cooperate with the authority.

Reporting under Article 73 is without prejudice to reporting obligations under other Union law (GDPR breach notification, NIS2 incident reporting, sectoral product safety regimes).

Section 3 — Enforcement (Articles 74–84)

Article 74 — Market surveillance: Regulation (EU) 2019/1020 applies to AI systems covered by the Act, with the modifications set out in Article 74. National market surveillance authorities have full inspection, documentation and access powers, including access to source code where strictly necessary to assess conformity.

Article 75 — Mutual assistance for GPAI systems: where a high-risk system is based on a GPAI model from the same provider, the AI Office may exercise market surveillance powers; where the model is from a different provider, mutual assistance between the national authority and the AI Office applies.

Article 76 — Real-world testing supervision: the market surveillance authority of the Member State where testing under Article 60 takes place supervises that testing.

Article 77 — Authorities protecting fundamental rights: national bodies protecting fundamental rights (equality bodies, ombudspersons, data protection authorities) may request and obtain access to documentation created under the Act where necessary to investigate alleged infringements of fundamental rights linked to a high-risk AI system.

Article 78 — Confidentiality: authorities must respect the confidentiality of information and data obtained, including trade secrets, source code and personal data, subject to disclosure obligations under Union and national law.

Article 79 — National procedure for AI systems presenting a risk: where a market surveillance authority has reason to consider that an AI system presents a risk to health, safety or fundamental rights, it carries out an evaluation, requires corrective action by the operator, and may take prohibitive or restrictive measures if the operator fails to act.

Article 80 — Procedure for systems classified as non-high-risk under Article 6(3): where a market surveillance authority has reason to consider that a system classified by the provider as not high-risk under the Article 6(3) filter is in fact high-risk, the authority evaluates the classification and may require reclassification and the corresponding compliance measures.

Article 81 — Union safeguard procedure: where Member States disagree on a national measure under Article 79, the Commission decides whether the measure is justified, by implementing act.

Article 82 — Compliant systems presenting a risk: a system that meets all formal requirements but still presents a risk to health, safety or fundamental rights can be restricted by the market surveillance authority, with notification to the Commission and other Member States.

Article 83 — Formal non-compliance: where there is non-compliance with formal requirements (CE marking, declaration of conformity, registration, technical documentation, authorised representative appointment), the market surveillance authority requires the operator to correct it within a specified period; failure to do so triggers restrictive measures.

Article 84 — Union AI testing support structures: the Commission designates Union AI testing support structures that provide independent technical and scientific advice to market surveillance authorities.

Section 4 — Remedies (Articles 85–87)

Article 85 — Right to lodge a complaint: any natural or legal person who has grounds to consider that an infringement of the Act has occurred may lodge a complaint with the relevant market surveillance authority. The authority handles the complaint in line with its procedures and informs the complainant of the outcome.

Article 86 — Right to explanation of individual decision-making: any affected person subject to a decision taken by a deployer on the basis of the output of a high-risk AI system listed in Annex III (with some exceptions) which produces legal effects or similarly significantly affects them, has the right to obtain from the deployer clear and meaningful explanations of the role of the AI system in the decision-making procedure and the main elements of the decision taken. The right operates alongside, not instead of, rights under GDPR Article 22 and other Union or national law.

Article 87 — Reporting of infringements and whistleblower protection: Directive (EU) 2019/1937 on whistleblower protection applies to the reporting of infringements of the Act and to the protection of persons reporting such infringements.

Section 5 — Supervision of GPAI model providers (Articles 88–94)

Article 88 — Exclusive AI Office enforcement: the AI Office exercises exclusive enforcement of the Chapter V obligations on GPAI model providers. National authorities have no enforcement role for GPAI models as such, although they retain jurisdiction over AI systems built on GPAI models.

Article 89 — Monitoring actions: the AI Office monitors compliance through its own initiative, including by carrying out evaluations and assessing reports from the Scientific Panel and other sources.

Article 90 — Scientific Panel alerts: the Scientific Panel may issue qualified alerts to the AI Office on systemic risks at Union level, including risks from a specific GPAI model. The Office must take the alert into account and may launch monitoring actions.

Article 91 — Power to request documentation and information: the AI Office may require GPAI providers to provide documentation, including Annex XI technical documentation, Annex XII downstream information, and any other information necessary to assess compliance.

Article 92 — Power to conduct evaluations: the AI Office may evaluate a GPAI model, including model evaluations and adversarial testing, either directly or through independent experts. Providers must cooperate, including by providing access to the model.

Article 93 — Power to request measures: the AI Office may require providers to take appropriate measures to comply with Chapter V, including risk mitigation, restriction, withdrawal or recall of the model. Where the provider does not comply, the Commission may impose fines under Article 101.

Article 94 — Procedural rights: providers subject to Section 5 procedures have the procedural rights of economic operators under Regulation (EU) 2019/1020, including the right to be heard before a final decision, access to the file subject to confidentiality limits, and judicial review before the Court of Justice of the European Union.

Key compliance points

The post-market monitoring system in Article 72 is the operational mechanism through which Chapter III compliance is maintained, not just demonstrated. A static technical file at the point of placing the system on the market is not enough.

Providers need a documented, living monitoring process that produces evidence over the system’s lifecycle.

Article 73 reporting deadlines are tight and graduated. The shortest (2 days) applies to widespread infringement or serious disruption.

Operators need a triage process that can classify incidents quickly enough to meet the shortest applicable deadline, not the longest.

The Article 80 procedure on Annex III classification is the enforcement mechanism for the Article 6(3) filter.

Over-broad use of the “narrow procedural task” or “preparatory work” exceptions is detectable from the database registration and the documentation submitted under Article 6(4), and is the most likely first wave of enforcement action against providers.

Article 86 is the deployer-side individual remedy. It creates a direct compliance obligation on deployers of Annex III systems to provide explanations to affected persons. The obligation operates alongside GDPR Article 22 but is broader: it applies to legal-effect and similarly significant decisions regardless of whether the decision was solely automated, and it requires explanation of the AI system’s role, not just the existence of automated processing.

Article 87 imports the Whistleblower Directive in full. Operators with internal reporting channels must extend their scope to cover Act infringements, and the protective measures (no detriment, confidentiality, reversal of burden of proof) apply.

Chapter V enforcement (Section 5) is centralised at the AI Office. GPAI providers do not have a “lead supervisory authority” in any Member State; the Office is the sole point of contact for enforcement under Articles 88 to 94. Procedural rights under Article 94 are the operational link to the Court of Justice for judicial review.

The market surveillance authority for AI systems used by EU institutions is the European Data Protection Supervisor. AI systems used by law enforcement, border, asylum and judicial bodies are supervised by the relevant data protection authority under the Law Enforcement Directive (2016/680) or any other independent authority designated under the same conditions.

Confidentiality protection under Article 78 covers source code, model weights, training data and other trade secrets. The protection is operational, not absolute: disclosure obligations under Union and national law (including in court proceedings) override the confidentiality rule.

Last reviewed: 15 May 2026.

Chapter X is the soft-law layer of the Act. It encourages voluntary application of high-risk requirements to systems that are not legally classified as high-risk, and it gives the Commission a framework for issuing implementation guidelines.

Nothing in this Chapter is independently binding on operators; its function is to shape compliance practice and reduce interpretive uncertainty around the rest of the Act. Both Articles apply from 2 August 2026. The Chapter spans two Articles.

Article 95 — Codes of conduct for voluntary application of specific requirements

The AI Office and Member States encourage and facilitate the drawing up of codes of conduct, including related governance mechanisms, intended to foster the voluntary application of some or all of the requirements set out in Chapter III Section 2 to AI systems that are not classified as high-risk.

Codes of conduct may also be drawn up to foster voluntary application of additional requirements relating to:

• Environmental sustainability of AI systems, including energy-efficient programming and techniques for the efficient design, training and use of AI;
• AI literacy, in particular of persons dealing with the development, operation and use of AI;
• Inclusive and diverse design of AI systems, including by establishing inclusive and diverse development teams and promoting stakeholder participation;
• Assessment and prevention of the negative impact of AI systems on vulnerable persons or groups of vulnerable persons, including with regard to accessibility for persons with disabilities, and on gender equality.

Codes may be drawn up by individual providers or deployers, by organisations representing them, or both, and may cover one or more systems on the basis of similarity of intended purpose.

The AI Office and Member States must take into account the specific interests and needs of SMEs and start-ups when encouraging and facilitating the drawing up of codes.

The AI Office and Member States may invite all relevant stakeholders, including civil society, academia and Union institutions, to participate in the drawing up of codes.

Codes must contain clear objectives and key performance indicators to measure the achievement of those objectives.

The Commission and the Board, taking into account the work of the AI Office, must evaluate the impact and effectiveness of codes within three years of the date of application of the Act, and every three years thereafter.

Article 96 — Guidelines from the Commission on the implementation of this Regulation

The Commission must develop guidelines on the practical implementation of the Act, in particular on:

• The application of the high-risk classification requirements in Article 6, including the Article 6(3) exception;
• The practical implementation of the prohibitions in Article 5;
  the practical implementation of the transparency obligations in Article 50;
• The relationship between the Act and Union harmonisation legislation listed in Annex I, and other relevant Union law including consistency in their enforcement;
• The application of the definition of an AI system in Article 3(1);
  the application of the requirements in Section 2 of Chapter III, including how those requirements interact with harmonised standards and common specifications.

Guidelines must give particular attention to the needs of SMEs, start-ups, local public authorities and the sectors most likely to be affected by the Act.

The Commission must consult the Board, and may consult the Advisory Forum, the Scientific Panel, stakeholders and Member State authorities, as appropriate, when developing guidelines.

Guidelines must be made publicly available and updated as necessary, in particular as best practices develop and new requirements are introduced.

Key compliance points

Codes of conduct under Article 95 are voluntary. A provider that signs up to a code is not legally obliged to comply with high-risk requirements for a non-high-risk system, but assumes a contractual or reputational obligation to do so. The Article does not convert the code into binding law.

For high-risk systems, the relevant soft-law instrument is harmonised standards under Article 40 and common specifications under Article 41, not Article 95 codes of conduct. Article 95 codes operate below the high-risk threshold.

Codes of practice under Article 56 (GPAI) and codes of conduct under Article 95 (non-high-risk systems) are two distinct instruments with different legal effects.

Compliance with an approved Article 56 code creates a presumption of conformity with the corresponding Chapter V obligations; signing up to an Article 95 code does not create a presumption of anything.

Commission guidelines under Article 96 are non-binding but are the operative interpretive document that supervisors and courts will treat as authoritative. The Article 5 guidelines published in February 2025 are already the reference document for prohibited practices, and the high-risk classification guidelines under Article 6 will play the same role once finalised.

Article 96 guidelines are updated over time. Compliance content built on the Articles alone is incomplete; the guidelines layer must be tracked and the “last reviewed” date kept current.

Article 95 codes are a route for sectoral or industry-level alignment on environmental, AI literacy, accessibility and diversity practices that the Act itself does not mandate. For SMEs and start-ups, signing up to a credible sectoral code can be a low-cost way to signal compliance maturity to buyers, insurers and investors.

Last reviewed: 15 May 2026.

Chapter XI is the procedural plumbing that lets the Act adapt over time without reopening the legislative text. It sets out how the Commission exercises its delegated powers (where the Act lets it amend Annexes or fill in technical detail) and how Member States exercise oversight through the comitology procedure for implementing acts.

Operators have no direct obligations under this Chapter, but every Commission instrument that updates the Act in practice — amended Annexes, common specifications, sandbox rules, database arrangements — flows through one of these two procedures.

Both Articles applied from 1 August 2024 (the date of entry into force of the Act). The Chapter spans two Articles.

Article 97 — Exercise of the delegation

Identifies which provisions of the Act confer delegated powers on the Commission to adopt non-legislative acts of general application supplementing or amending non-essential elements of the Act. The principal delegated powers are:

• Article 6(6) and (7) — adjusting the conditions of the Article 6(3) high-risk exception filter;
• Article 7(1) and (3) — amending Annex III by adding or modifying high-risk use cases;
• Article 11(3) — amending Annex IV on technical documentation, in particular for SMEs;
• Article 43(5) and (6) — amending the conformity assessment procedures in Annexes VI and VII;
• Article 47(5) — amending Annex V on the EU declaration of conformity;
• Article 51(3) — amending the 10²⁵ FLOPs threshold and the benchmarks for GPAI models with systemic risk;
• Article 52(4) — amending Annex XIII on systemic risk designation criteria.

The power to adopt delegated acts is conferred on the Commission for a period of five years from 1 August 2024, tacitly extended for further five-year periods unless the European Parliament or the Council opposes extension.

The European Parliament or the Council may revoke the delegation at any time. A revocation decision ends the delegation specified in the decision but does not affect delegated acts already in force.

Before adopting a delegated act, the Commission must consult experts designated by each Member State in accordance with the principles in the 2016 Inter-institutional Agreement on Better Law-Making.

The Commission notifies a delegated act simultaneously to the European Parliament and the Council as soon as it is adopted.

A delegated act enters into force only if neither the Parliament nor the Council objects within three months of notification, extendable by three months at the initiative of either institution. If either objects within that period, the act does not enter into force.

Article 98 — Committee procedure

The Commission is assisted by a committee within the meaning of Regulation (EU) No 182/2011 (the comitology regulation). The committee is composed of representatives of the Member States and chaired by the Commission.

Where the Act refers to Article 98(2), the examination procedure under Article 5 of Regulation 182/2011 applies. This is the procedure used for implementing acts of general scope or substantial operational significance, including:

• Common specifications under Article 41;
• Templates for the post-market monitoring plan under Article 72;
• The format and modalities of registration in the EU database under Article 71;
• The template for the public summary of training data under Article 53(1)(d);
• The modalities of sandbox operation under Article 58;
  rules on access to the Scientific Panel’s expertise by Member States under Article 69;
• The approval of codes of practice under Article 56(6) and codes of conduct evaluations under Article 95.

Under the examination procedure, the Commission may adopt an implementing act only if the committee delivers a positive opinion by qualified majority. If the committee delivers a negative opinion or no opinion, specific safeguard procedures apply, including referral to the appeal committee.

Key compliance points

Operators do not engage with Chapter XI directly, but every operational instrument that determines how the Act actually applies passes through it.

Annex III amendments (new high-risk use cases), Annex IV updates (technical documentation), Annex XIII updates (systemic risk criteria), and the GPAI compute threshold are all moving targets governed by Article 97.

Common specifications, sandbox rules, database arrangements and code-of-practice approvals are all moving targets governed by Article 98.
The Article 97 three-month objection period is a meaningful constraint on the Commission.

A delegated act amending Annex III, for example, can be blocked by either the Parliament or the Council. In practice this is rare, but it means delegated acts can be tracked publicly during the objection window and operators have a meaningful sightline on changes before they enter into force.

The Article 98(2) examination procedure is the more politically constrained route, requiring qualified-majority support from Member States.

Common specifications under Article 41 and implementing acts on sandbox operation under Article 58 are where Member State positions on contested questions become visible. Operators with regulatory affairs capacity should track committee opinions, not only the final acts.

The five-year delegation period under Article 97 runs from 1 August 2024 to 1 August 2029, with tacit renewal. The Parliament and the Council retain revocation powers throughout. For long-term compliance planning, the delegation framework is stable for the medium term.

The Inter-institutional Agreement on Better Law-Making consultation requirement under Article 97 means national experts and, in practice, industry stakeholders are consulted on draft delegated acts before adoption.

Engagement with national competent authorities and the AI Office during the consultation phase is the operational route to influencing delegated acts before they crystallise.
“Delegated act” and “implementing act” are not interchangeable. Delegated acts under Article 97 amend or supplement non-essential elements of the Act itself.

Implementing acts under Article 98 specify uniform conditions for the implementation of the Act. Annex amendments are delegated; templates, formats and procedural rules are implementing. The distinction matters for tracking and for understanding the political constraints on each instrument.

Last reviewed: 15 May 2026.

Chapter XII sets the financial consequences of non-compliance. It establishes three separate fining regimes:

• Administrative fines imposed by Member States on operators (Article 99),
• Administrative fines imposed by the European Data Protection Supervisor on Union institutions, bodies, offices and agencies (Article 100)
• Fines imposed by the Commission directly on providers of general-purpose AI models (Article 101).

The fining tiers track the severity of the infringement: prohibited practices attract the highest tier, breaches of substantive obligations the middle tier, and supply of incorrect or misleading information the lowest.

The Chapter applies from 2 August 2025 for prohibited practices, GPAI obligations and the supporting governance machinery, and from 2 August 2026 for the broader operator regime. The Chapter spans three Articles.

Article 99 — Penalties imposed by Member States

Member States must lay down rules on penalties and other enforcement measures applicable to infringements of the Act by operators, and take all measures necessary to ensure they are properly and effectively implemented.

Penalties must be effective, proportionate and dissuasive, and must take into account the interests of SMEs and start-ups and their economic viability.

Three tiers of administrative fines:

• Tier 1 — prohibited practices (Article 5): up to €35 million or, if the offender is an undertaking, up to 7% of total worldwide annual turnover for the preceding financial year, whichever is higher.
• Tier 2 — substantive non-compliance: up to €15 million or 3% of total worldwide annual turnover for the preceding financial year, whichever is higher. This tier covers non-compliance with obligations on operators (Articles 16, 22, 23, 24, 26), notified bodies (Articles 31, 33(1), 33(3), 33(4), 34), transparency obligations (Article 50), conformity assessment requirements, and other substantive obligations.
• Tier 3 — incorrect or misleading information: up to €7.5 million or 1% of total worldwide annual turnover, whichever is higher, for the supply of incorrect, incomplete or misleading information to notified bodies or national competent authorities in reply to a request.

For SMEs, including start-ups, each fine is the lower of the two amounts (the percentage of turnover or the fixed figure), not the higher. This is the inverse of the rule for larger undertakings and is the principal financial concession in the Act for smaller operators.

When deciding whether to impose a fine and the amount, the authority must take into account, in each individual case, all relevant circumstances, including:

• The nature, gravity and duration of the infringement and its consequences, considering the purpose of the system, the number of affected persons and the level of damage;
• Whether the same operator has already been subject to fines by other market surveillance authorities for the same infringement;
• The size, annual turnover and market share of the operator;
  any other aggravating or mitigating factor, including financial benefits gained or losses avoided;
• The degree of cooperation with the national competent authorities;
• The degree of responsibility of the operator, considering the technical and organisational measures implemented;
  the manner in which the infringement became known, in particular whether the operator notified it;
• Whether the infringement was committed intentionally or negligently;
• Any actions taken to mitigate the harm.

Each Member State lays down rules on whether and to what extent administrative fines may be imposed on public authorities and bodies. Member States may also provide for the possibility of imposing periodic penalty payments.

Member States must report annually to the Commission on the administrative fines they have issued.

Article 100 — Administrative fines on Union institutions, bodies, offices and agencies

The European Data Protection Supervisor (EDPS) may impose administrative fines on Union institutions, bodies, offices and agencies for infringements of the Act.
Two tiers apply:

• Up to €1.5 million for infringements of the prohibitions in Article 5;
• Up to €750,000 for non-compliance with other obligations under the Act.

The same case-by-case considerations as Article 99 apply, including the nature, gravity and duration of the infringement, the degree of cooperation, and any actions taken to mitigate the harm.

Funds collected through fines under Article 100 are paid into the general budget of the Union.

Procedural rights of the institution concerned are preserved, including the right to be heard and the right to effective judicial review before the Court of Justice of the European Union.

Article 101 — Fines for providers of general-purpose AI models

The Commission may impose fines on providers of GPAI models, not exceeding 3% of the provider’s total worldwide annual turnover in the preceding financial year or €15 million, whichever is higher, where the Commission finds that the provider intentionally or negligently:

• Infringed the relevant provisions of the Act;
• Failed to comply with a request for documentation or information under Article 91, or supplied incorrect, incomplete or misleading information;
• Failed to comply with a measure requested under Article 93;
• Failed to make available to the Commission access to the GPAI model or GPAI model with systemic risk for the purpose of conducting an evaluation under Article 92.

When fixing the amount, the Commission must take into account the nature, gravity and duration of the infringement, the financial benefit gained, the size and market power of the provider, the degree of cooperation, and any prior findings of infringement.

The procedural rights in Article 94 apply, including the right to be heard, access to the file subject to confidentiality limits, and judicial review by the Court of Justice of the European Union.
The Commission’s power to impose fines under Article 101 is subject to limitation periods set by separate implementing act, including for the bringing of proceedings and for the enforcement of decisions.

Key compliance points

The three regimes do not overlap. Article 99 covers operators in the Member States but Article 100 covers EU institutions and bodies and is enforced by the EDPS. Article 101 covers GPAI model providers and is enforced by the Commission.

An operator that is both a GPAI provider and a system provider can face proceedings under both Articles 99 and 101 for different obligations.

The “whichever is higher” formula in Article 99 is the standard for large undertakings. The “whichever is lower” formula for SMEs and start-ups is the structural relief. For a small operator with low turnover, the fixed cap is the operative ceiling; for a large operator, the percentage of turnover is.

The case-by-case mitigating factors in Article 99(7) are doing real work in setting actual fine levels. The operator’s degree of cooperation with the authority, voluntary disclosure of the infringement, and remediation measures are among the largest single levers on the final amount.

Compliance posture during an investigation matters as much as the underlying conduct in many cases.
Tier 3 (incorrect or misleading information) is not a residual category. Authorities can use it independently of any underlying substantive infringement. Inaccurate responses to a request for information, inaccurate registration entries in the EU database, or inaccurate documentation supplied to a notified body are independently fineable under this tier.

Article 100 fines on EU institutions are administratively significant but financially modest. The €1.5 million and €750,000 caps reflect the fact that the institutions concerned do not have commercial turnover; the deterrent effect operates through reputation and parliamentary oversight rather than financial penalty.

Article 101 fines on GPAI providers are imposed by the Commission directly, not by national authorities.

There is no national-court route for a first-instance challenge. The procedural route is administrative within the Commission under Article 94, then judicial review at the General Court and on appeal at the Court of Justice. The 3% / €15 million cap is lower than the Article 99 Tier 2 cap (3% / €15 million for operators with the higher figure controlling) because GPAI obligations are narrower. The Commission has signalled that aggregated fines across multiple infringements can reach materially higher figures.

Limitation periods under Article 101 are governed by implementing act and have been the subject of significant industry comment. Operators close to the GPAI threshold should track the limitation framework alongside the substantive obligations.

Periodic penalty payments under Article 99 are a separate enforcement instrument from administrative fines. A Member State may impose a daily payment to compel an operator to comply with a corrective measure under Article 79 or to remedy formal non-compliance under Article 83. The amounts are uncapped by the Act and are set under national procedural law.

Last reviewed: 15 May 2026.

Chapter XIII closes the Act. It

• Amends nine pieces of existing EU product and consumer legislation to integrate AI Act requirements into sectoral regimes (Articles 102 to 110),
• Sets the transitional rules for AI systems and GPAI models already on the market before the Act took effect (Article 111),
• Schedules the Commission’s review and evaluation cycles (Article 112), and
• Fixes the entry into force and the phased application dates that determine when each part of the Act becomes operative (Article 113).

The Chapter contains the dates that every compliance roadmap is built around. The Chapter spans twelve Articles.

Articles 102 to 110 — Amendments to existing Union legislation

A block of nine amending Articles. Each integrates AI Act requirements into a specific piece of existing EU sectoral legislation, so that high-risk AI systems embedded in products already regulated under that legislation are covered by both regimes in a coordinated way rather than in parallel.

Article 102 — Regulation (EC) No 300/2008 on common rules in the field of civil aviation security.

• Article 103 — Regulation (EU) 167/2013 on agricultural and forestry vehicles.
• Article 104 — Regulation (EU) 168/2013 on two- or three-wheel vehicles and quadricycles.
• Article 105 — Directive 2014/90/EU on marine equipment.
• Article 106 — Directive (EU) 2016/797 on the interoperability of the rail system within the European Union.
• Article 107 — Regulation (EU) 2018/858 on the approval and market surveillance of motor vehicles.
• Article 108 — Regulation (EU) 2018/1139 on common rules in the field of civil aviation (the EASA Regulation).
• Article 109 — Regulation (EU) 2019/2144 on type-approval requirements for the general safety of motor vehicles.
• Article 110 — Directive (EU) 2020/1828 on representative actions for the protection of the collective interests of consumers, adding the AI Act to the list of Union laws whose infringement may give rise to a representative action.

The mechanism is the same across Articles 102 to 109: the sectoral act is amended so that, where it contains a delegated power to adopt detailed rules, those rules must take into account the requirements set out in Chapter III Section 2 of the AI Act when AI systems are involved. Article 110 is structurally different — it extends the collective redress regime to AI Act infringements.

Article 111 — Transitional rules

AI systems already on the market or in service: operators of AI systems, other than those listed in Annex III, placed on the market or put into service before 2 August 2026 are not subject to the obligations of the Act unless those systems undergo significant changes in their design after that date.

For high-risk AI systems used by public authorities and listed in Annex III, providers and deployers must bring them into compliance by 2 August 2030.

AI systems as components of large-scale IT systems in the area of freedom, security and justice (Annex X): high-risk AI systems already placed on the market or put into service that are components of these large-scale IT systems must be brought into compliance by 31 December 2030.

GPAI models already on the market: providers of GPAI models placed on the market before 2 August 2025 must take the necessary steps to comply with the Chapter V obligations by 2 August 2027.

The transitional rules do not cover prohibited practices under Article 5, which apply immediately from 2 February 2025 to all systems regardless of when they were placed on the market.

Article 112 — Evaluation and review

The Commission must assess once a year, following the entry into force of the Act and until the end of the period of the delegation of power, the need for amendment of the list in Annex III and of the list of prohibited practices in Article 5. The findings are reported to the European Parliament and the Council.

By 2 August 2028, and every four years thereafter, the Commission must evaluate and report to the Parliament and the Council on the following:

• The need for amendments extending or modifying the area headings in Annex III, including the addition of new use cases;
• The application of the prohibitions in Article 5 and the need to amend them;
  the effectiveness of the supervision and governance system, including the AI Office and the Board;
• The financial, technical and human resources of national competent authorities;
• The implementation of the penalty regime, including the levels of fines imposed by Member States;
• The implementation of codes of practice and codes of conduct under Articles 56 and 95.

By 2 August 2029, and every four years thereafter, the Commission must evaluate and report on the impact and effectiveness of voluntary codes of conduct to foster the application of the requirements set out in Chapter III Section 2 to non-high-risk AI systems, and possibly other additional requirements.

The Commission must take into account the positions and findings of the European Parliament, the Council, the Board and other relevant bodies or sources.

By 2 August 2028, and every three years thereafter, the Commission must evaluate the streamlining of, and the need for further delegated acts amending, the conformity assessment procedures, the list in Annex III, the rules on GPAI models, and the technical documentation requirements in Annex IV.

Article 113 — Entry into force and application

The Act entered into force on 1 August 2024, the twentieth day following its publication in the Official Journal of the European Union on 12 July 2024.

The Act applies from 2 August 2026, with the following exceptions:

• Chapters I and II (Articles 1 to 5): General Provisions and Prohibited AI Practices apply from 2 February 2025. This is the earliest operative date in the Act and the date on which Article 4 (AI literacy) and Article 5 (prohibited practices) became binding.
• Chapter III Section 4 (Articles 28 to 39), Chapter V (Articles 51 to 56), Chapter VII (Articles 64 to 70), Chapter XII (Articles 99 to 101) and Article 78 (confidentiality): apply from 2 August 2025. This covers notified bodies, GPAI obligations, governance, and the penalty regime, with the exception of Article 101 fines on GPAI providers.
• Article 6(1) and the corresponding obligations on high-risk AI systems referred to in Annex I: apply from 2 August 2027. This covers high-risk AI systems embedded in products regulated under Annex I sectoral legislation, which have an additional twelve months to comply.

The Act is binding in its entirety and directly applicable in all Member States.

Key compliance points

The Act is a Regulation, not a Directive. It is directly applicable in all Member States without national transposition, although Member States must adopt rules on penalties under Article 99 and designate national competent authorities under Article 70. Compliance content should not refer to “transposition” of the Act.

The phased application dates in Article 113 are the structural backbone of every compliance roadmap.

The operative dates are:

• 2 February 2025 (prohibited practices and AI literacy),
• 2 August 2025 (GPAI, governance, penalties, notified bodies),
• 2 August 2026 (the main operator regime including high-risk obligations for Annex III systems), and
• 2 August 2027 (Annex I product-embedded systems).

The Article 111 transitional rule for legacy non-Annex-III systems is broad: systems placed on the market before 2 August 2026 are not subject to the Act unless they undergo significant changes after that date. “Significant change” is not defined in Article 111 but is informed by the Article 3 and Article 25 definitions.

Operators relying on the legacy carve-out should document the system as it stood on 2 August 2026 to evidence what counts as the baseline against which later changes are measured.

The Article 111 transitional rule for GPAI models gives providers until 2 August 2027 to comply, two years after the Chapter V obligations took effect for new models on 2 August 2025. The carve-out is generous in time but creates a documentation burden: providers must evidence that the model was on the market before 2 August 2025 to claim it.

The Article 5 prohibitions are not subject to any transitional rule. A system that was on the market on 1 February 2025 and meets one of the Article 5 prohibitions was unlawful from 2 February 2025 onwards.

The Article 110 extension of the Representative Actions Directive (2020/1828) to AI Act infringements is the structural basis for collective redress under the Act. Consumer organisations and other qualified entities can bring representative actions against operators for AI Act infringements affecting collective consumer interests. This is the route through which class-action-style litigation against AI operators will most likely develop in the Union, alongside individual remedies under Article 86.

The Commission’s Article 112 review obligations are continuous. The annual review of Article 5 and Annex III, the four-yearly evaluation of the wider framework, and the three-yearly streamlining review together mean the Act is on a permanent review cycle. Compliance content built on a static reading of the Articles will date quickly.

Last reviewed: 15 May 2026.

Annex I lists the existing EU product safety legislation that interlocks with the AI Act. Its function is structural: where an AI system is, or is a safety component of, a product covered by one of these laws, the AI Act’s high-risk regime applies on top of the sectoral product safety regime.

The two regimes operate together, with the conformity assessment, post-market surveillance and CE marking processes already in place under the sectoral law used as the vehicle for AI Act compliance.

The Annex is divided into two sections: Section A lists product legislation that follows the New Legislative Framework (the “NLF” — the EU’s harmonised approach to product CE marking and conformity assessment), and Section B lists other Union harmonisation legislation that operates under sector-specific approval regimes.

Section A — Union harmonisation legislation based on the New Legislative Framework

Twelve pieces of legislation, all built around CE marking, conformity assessment by notified bodies, and market surveillance under Regulation (EU) 2019/1020:

• Directive 2006/42/EC on machinery (now replaced by the Machinery Regulation (EU) 2023/1230, applying from January 2027).
• Directive 2009/48/EC on the safety of toys.
• Directive 2013/53/EU on recreational craft and personal watercraft.
• Directive 2014/33/EU on lifts and safety components for lifts.
• Directive 2014/34/EU on equipment and protective systems intended for use in potentially explosive atmospheres (ATEX).
• Directive 2014/53/EU on radio equipment.
• Directive 2014/68/EU on pressure equipment.
• Regulation (EU) 2016/424 on cableway installations.
• Regulation (EU) 2016/425 on personal protective equipment.
• Regulation (EU) 2016/426 on appliances burning gaseous fuels.
• Regulation (EU) 2017/745 on medical devices.
• Regulation (EU) 2017/746 on in vitro diagnostic medical devices.

Section B — Other Union harmonisation legislation
Seven pieces of legislation operating under sector-specific approval and certification regimes (typically civil aviation, motor vehicles, marine and rail):

• Regulation (EC) No 300/2008 on common rules in civil aviation security.
• Regulation (EU) No 167/2013 on agricultural and forestry vehicles.
• Regulation (EU) No 168/2013 on two- and three-wheel vehicles and quadricycles.
• Directive 2014/90/EU on marine equipment.
• Directive (EU) 2016/797 on the interoperability of the rail system.
• Regulation (EU) 2018/858 on motor vehicles.
• Regulation (EU) 2018/1139 on civil aviation (the EASA Regulation).
• Regulation (EU) 2019/2144 on general safety of motor vehicles.

Key compliance points

Annex I is the gateway to one of the two routes into high-risk classification under Article 6(1).

The other route is Annex III. The two routes apply different rules: Annex I systems integrate with sectoral product safety procedures; Annex III systems use the standalone AI Act conformity assessment and registration regime.

For Annex I systems, the AI Act application date is 2 August 2027, not 2 August 2026 (Article 113(c)). The additional twelve months reflects the operational complexity of integrating AI Act requirements into existing sectoral approval procedures.

Annex I systems are not registered in the EU database under Article 71 in the same way as Annex III systems. They are registered under their sectoral regimes, with the AI Act requirements integrated into the sectoral documentation and conformity assessment process.

The Section A / Section B distinction matters operationally. Section A products follow the New Legislative Framework: CE marking, notified body conformity assessment, declaration of conformity, post-market surveillance. The AI Act layers directly into this framework.

Section B products follow type-approval and certification regimes that are structurally different (type-approval authorities and technical services rather than notified bodies). The integration mechanism is different for each.

The amending Articles in Chapter XIII (Articles 102 to 109) modify the Section B legislation specifically to incorporate AI Act requirements into the sectoral delegated and implementing acts. Section A legislation is not amended directly; the integration is achieved through the conformity assessment procedure in Article 43 of the AI Act, which routes Annex I Section A systems through the existing sectoral procedure with AI Act requirements added.

The Medical Devices Regulation (MDR, Regulation (EU) 2017/745) and the In Vitro Diagnostic Medical Devices Regulation (IVDR, Regulation (EU) 2017/746) are the highest-volume Annex I integration points in practice. AI-enabled medical devices and diagnostic software are subject to both regimes simultaneously, with the AI Act high-risk requirements integrated into the MDR/IVDR conformity assessment carried out by notified bodies designated under those regulations.

The Machinery Directive (2006/42/EC) was replaced by the Machinery Regulation (EU) 2023/1230, which applies from 20 January 2027. The Machinery Regulation contains its own AI-specific provisions, designed to operate alongside the AI Act. Operators of AI-enabled machinery face a coordinated transition through 2026 and 2027.

Last reviewed: 15 May 2026.

Annex II is the closed list of serious criminal offences that triggers one of the narrow exceptions to the prohibition on real-time remote biometric identification in publicly accessible spaces for law enforcement under Article 5(1)(h). Its function is operational: it defines, exhaustively, the offences for which Member State law enforcement may seek prior authorisation to deploy real-time biometric identification to locate or identify a suspect, where the offence is punishable in the Member State concerned by a custodial sentence or a detention order for a maximum period of at least four years.

The Annex applies from 2 February 2025, in step with Article 5.

The thirty-two listed offences

Annex II lists, by name, the following criminal offences:

• Terrorism.
• Trafficking in human beings.
• Sexual exploitation of children, and child sexual abuse material.
• Illicit trafficking in narcotic drugs and psychotropic substances.
• Illicit trafficking in weapons, munitions and explosives.
• Murder, grievous bodily injury.
• Illicit trade in human organs and tissue.
• Illicit trafficking in nuclear or radioactive materials.
• Kidnapping, illegal restraint and hostage-taking.
• Crimes within the jurisdiction of the International Criminal Court.
• Unlawful seizure of aircraft or ships.
• Rape.
• Environmental crime.
• Organised or armed robbery.
• Sabotage.
• Participation in a criminal organisation involved in one or more of the offences listed above.
• Crimes consisting of, or related to, conduct referred to in the relevant Union law on terrorism (Directive (EU) 2017/541), trafficking in human beings (Directive 2011/36/EU), sexual abuse and exploitation of children (Directive 2011/93/EU), illicit drug trafficking (Council Framework Decision 2004/757/JHA), illegal entry and residence (Council Directive 2002/90/EC and Council Framework Decision 2002/946/JHA), and money laundering (Directive (EU) 2018/1673).

The list is drawn from, and broadly mirrors, the offence categories used in the European Arrest Warrant framework under Council Framework Decision 2002/584/JHA, with adjustments to reflect post-2002 legislative developments at Union level.

Key compliance points

Annex II operates only as a precondition for the Article 5(1)(h)(iii) exception. It does not authorise the use of real-time remote biometric identification by itself.

Every other condition in Article 5 must also be met, including the substantial-and-imminent-threat alternative paths under (h)(i) and (h)(ii), prior authorisation by a judicial or independent administrative authority, registration in the EU database, the fundamental rights impact assessment under Article 27, the four-year custodial threshold in the Member State concerned, and the prohibition on adverse legal decisions taken solely on system output.

The four-year custodial threshold is a Member State-specific test, not a Union-wide test. The same offence may meet the threshold in one Member State and not in another. Operators of biometric systems sold into law enforcement must verify the threshold against the criminal code of the deploying Member State, not against the Union list.

The list is closed. Article 5(1)(h)(iii) cannot be invoked for offences outside Annex II, regardless of their gravity in national law. There is no general “serious crime” exception.

The Annex is part of the prohibition framework, not the high-risk framework.

A biometric identification system used in a scenario meeting Annex II and the other Article 5(1)(h) conditions is not “compliant” in the sense of being allowed onto the market freely; it remains within the prohibition regime and continues to be subject to enforcement under Article 99 Tier 1 fines if any of the conditions are breached. The Annex II route is a narrow derogation, not a safe harbour.

The Annex can be amended by delegated act under the Article 7 / Article 97 framework, in line with developments in Union criminal law. Operators should treat the list as a moving reference, although in practice it is one of the more stable Annexes because it is anchored in pre-existing Union criminal law instruments.

Last reviewed: 15 May 2026.

Annex III is the operative list of high-risk AI use cases under the Act. Together with Annex I, it is one of the two gateways into the high-risk regime in Chapter III.

Where Annex I captures AI systems embedded in regulated products (medical devices, machinery, vehicles), Annex III captures standalone AI systems used in eight specified contexts, regardless of the product they sit in.

The Annex is the document that determines whether most AI systems in commercial use today fall within the high-risk regime. It applies from 2 August 2026, in step with the broader high-risk obligations. Annex III is amendable by delegated act under Article 7, and the Commission has signalled it will be revisited as deployment patterns develop.The eight high-risk areas.

1. Biometrics

Where their use is permitted under relevant Union or national law, three categories of biometric AI system are high-risk:

• Remote biometric identification systems, excluding those used solely for biometric verification (one-to-one identity confirmation, e.g. unlocking a device).
• Biometric categorisation systems that categorise natural persons according to sensitive or protected attributes or characteristics, on the basis of the inference of those attributes (this sits alongside, not within, the Article 5 prohibition on inferring race, political opinions, etc.).
• Emotion recognition systems.

2. Critical infrastructure

AI systems intended to be used as safety components in the management and operation of critical digital infrastructure, road traffic, or the supply of water, gas, heating or electricity. The failure or malfunction of such a system risks the life or health of persons or substantial environmental damage.

3. Education and vocational training

Four categories:

• AI systems used to determine access to, admission to, or assignment of natural persons to educational and vocational training institutions at all levels.
• AI systems used to evaluate learning outcomes, including where those outcomes are used to steer the learning process.
• AI systems used to assess the appropriate level of education that an individual will receive or be able to access.
• AI systems used to monitor and detect prohibited behaviour of students during tests.

4. Employment, workers management and access to self-employment

Two categories:

• AI systems used for the recruitment or selection of natural persons, in particular to place targeted job advertisements, analyse and filter job applications, and evaluate candidates.
• AI systems used to make decisions affecting terms of work-related relationships, the promotion or termination of contractual relationships, to allocate tasks based on individual behaviour, personal traits or characteristics, or to monitor and evaluate the performance and behaviour of persons in such relationships.

5. Access to and enjoyment of essential private and public services and benefits

Four categories:

• AI systems used by public authorities, or on their behalf, to evaluate eligibility for essential public assistance benefits and services (healthcare, social security, social welfare).
• AI systems used to evaluate creditworthiness of natural persons or establish their credit score, excluding systems used for detecting financial fraud.
• AI systems used for risk assessment and pricing in relation to natural persons in life and health insurance.
• AI systems used to evaluate and classify emergency calls, or to dispatch or establish priority in the dispatching of emergency first response services (police, firefighters, medical aid, emergency healthcare patient triage).

6. Law enforcement

Where their use is permitted under relevant Union or national law, six categories:

• AI systems used by, or on behalf of, law enforcement authorities to assess the risk of a natural person becoming a victim of criminal offences.
• AI systems used as polygraphs and similar tools.
• AI systems used to evaluate the reliability of evidence in the course of investigation or prosecution.
• AI systems used to assess the risk of a natural person offending or re-offending, not solely on the basis of profiling (which would be prohibited under Article 5) or to assess personality traits and characteristics or past criminal behaviour.
• AI systems used for profiling natural persons in the course of detection, investigation or prosecution of criminal offences.

7. Migration, asylum and border control management

Where their use is permitted under relevant Union or national law, five categories:

• AI systems used as polygraphs or similar tools.
• AI systems used to assess risks posed by a natural person intending to enter or having entered the territory of a Member State (security, irregular migration, health).
• AI systems used to assist competent authorities in examining applications for asylum, visa or residence permits, and associated complaints with regard to the eligibility of the natural persons applying.
• AI systems used in the context of migration, asylum and border control management for the purpose of detecting, recognising or identifying natural persons, with the exception of the verification of travel documents.

8. Administration of justice and democratic processes

Two categories:

• AI systems used by or on behalf of a judicial authority to assist a judicial authority in researching and interpreting facts and the law, and in applying the law to a concrete set of facts. Includes AI used in alternative dispute resolution.
• AI systems used to influence the outcome of an election or referendum, or the voting behaviour of natural persons in the exercise of their vote. Excludes AI systems whose output natural persons are not directly exposed to, such as tools used to organise, optimise or structure political campaigns from an administrative or logistical point of view.

Key compliance points

Annex III classification is a use-case test, not a technology test. The same underlying AI model can be Annex III high-risk in one deployment and out of scope in another. The intended purpose, the user, and the operational context all matter to the classification under Article 6.

The Article 6(3) filter operates on top of Annex III. A system whose intended purpose falls within Annex III can still be classified as not high-risk if it performs only a narrow procedural task, improves the result of a previously completed human activity, detects decision-making patterns without replacing or influencing the human assessment, or performs preparatory work for an Annex III assessment. The filter does not apply where the system profiles natural persons.

Reliance on the Article 6(3) filter is not a self-certification route. The provider must document the assessment, register the system in the EU database under Article 49, and is exposed to challenge under Article 80 by the market surveillance authority. Over-broad use of the filter is the most likely early enforcement target.

Several Annex III categories are conditioned on being “permitted under relevant Union or national law” (biometrics, law enforcement, migration). Where the underlying use is unlawful at Union or Member State level, the AI Act high-risk regime does not provide a route to legitimacy.

The interaction with Article 5 prohibitions matters. Some uses sit on the boundary: emotion recognition is generally Annex III high-risk under area 1 but prohibited under Article 5 when used in the workplace or in education (except for medical or safety reasons).

Biometric categorisation by sensitive attribute is generally high-risk but prohibited under Article 5 where it infers race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation. The Article 5 prohibition wins where both apply.

The credit scoring carve-out for fraud detection in area 5 is narrow. Systems whose outputs are used for both fraud detection and creditworthiness assessment are high-risk for the creditworthiness function regardless of the fraud-detection function. Providers cannot rely on the fraud-detection labelling to escape the regime where the underlying scoring is also used for credit decisions.

The Annex is amendable by delegated act under Article 7. The Commission may add new use cases, modify existing ones, or, more rarely, remove use cases. The criteria for amendment are set out in Article 7(2) and include severity, scale, reversibility and proportion of persons affected. Operators should treat Annex III as a moving reference with a refresh trigger built into their compliance roadmap, not as a fixed list.

The recruitment and worker management categories in area 4 are the highest-volume Annex III categories in practice. Most enterprise AI deployments touch one or both, and most general-purpose HR and productivity tools have at least one use case that falls within them. The Article 6(3) filter is most actively contested in this area.

The credit scoring and insurance categories in area 5 are the next most volume-significant. The Article 86 individual right to explanation interacts directly with these categories, since they involve decisions producing legal effects or similarly significantly affecting natural persons.

Last reviewed: 15 May 2026.

Annex IV is the document that defines what “the technical documentation” actually contains for a high-risk AI system. Article 11(1) imposes the obligation; Annex IV is the operative content list.

The technical documentation must exist before the system is placed on the market or put into service, is the basis on which conformity assessment is carried out, must be kept up to date for the life of the system, and must be made available to national competent authorities on request. It is, in practice, the largest single evidence artefact in the high-risk regime.

Annex IV applies from 2 August 2026 for Annex III systems and from 2 August 2027 for Annex I systems, in step with the obligations it supports. The Annex is amendable by delegated act under Article 11(3), in particular to simplify documentation for SMEs and start-ups.

The nine content categories

Annex IV requires technical documentation to contain at least the following:

1. General description of the AI system, including:

• Intended purpose, provider name and version, including the relationship to previous versions.
• How the AI system interacts with, or can be used to interact with, hardware or software that is not part of the AI system itself.
• Versions of relevant software or firmware, and any related update requirements.
• Description of all forms in which the AI system is placed on the market or put into service (software packages, downloadable models, embedded products, cloud services).
• Description of the hardware on which the AI system is intended to run.
• Where the AI system is a component of products, photographs or illustrations showing external features, marking and internal layout of those products.
• A basic description of the user interface provided to the deployer.
• Instructions for use for the deployer, including a basic description of the user interface provided to the deployer where applicable.

2. Detailed description of the elements of the AI system and its development, including:

• The methods and steps performed for the development of the AI system, including, where relevant, recourse to pre-trained systems or tools provided by third parties and how those have been used, integrated or modified by the provider.
• Design specifications, including the general logic of the AI system and of the algorithms;
• Key design choices including the rationale and assumptions made, including with regard to the persons or groups of persons on which the system is intended to be used;
• Main classification choices; what the system is designed to optimise for and the relevance of the different parameters.
• The description of the system architecture, explaining how software components build on or feed into each other and integrate into the overall processing; the computational resources used to develop, train, test and validate the AI system.

Where relevant, the data requirements in terms of datasheets describing training methodologies and techniques and the training datasets used, including a general description of these datasets, information about their provenance, scope and main characteristics, how the data was obtained and selected, labelling procedures (e.g. for supervised learning), and data cleaning methodologies (e.g. outlier detection).

Assessment of the human oversight measures needed in accordance with Article 14, including an assessment of the technical measures needed to facilitate the interpretation of the outputs of AI systems by deployers.

Where applicable, a detailed description of pre-determined changes to the AI system and its performance, together with all the relevant information related to the technical solutions adopted to ensure continuous compliance of the AI system with the requirements of Chapter III Section 2.

• The validation and testing procedures used, including information about the validation and testing data used and their main characteristics;
• Metrics used to measure accuracy, robustness and compliance with other relevant requirements set out in Chapter III Section 2, as well as potentially discriminatory impacts;
• Test logs and all test reports dated and signed by the responsible persons, including with regard to pre-determined changes as referred to under the previous point.
• Cybersecurity measures put in place.

3. Detailed information about the monitoring, functioning and control of the AI system, in particular with regard to its capabilities and limitations in performance, including the degrees of accuracy for specific persons or groups of persons on which the system is intended to be used and the overall expected level of accuracy in relation to its intended purpose; the foreseeable unintended outcomes and sources of risks to health and safety, fundamental rights and discrimination in view of the intended purpose of the AI system.  The human oversight measures needed in accordance with Article 14, including the technical measures put in place to facilitate the interpretation of the outputs of AI systems by deployers; specifications on input data, as appropriate.

4. Description of the appropriateness of the performance metrics for the specific AI system.

5. Detailed description of the risk management system in accordance with Article 9.

6. Description of relevant changes made by the provider to the system through its lifecycle.

7. List of the harmonised standards applied in full or in part, the references of which have been published in the Official Journal of the European Union; where no such harmonised standards have been applied, a detailed description of the solutions adopted to meet the requirements set out in Chapter III Section 2, including a list of other relevant standards and technical specifications applied.

8. A copy of the EU declaration of conformity referred to in Article 47.

9. A detailed description of the system in place to evaluate the AI system performance in the post-market phase in accordance with Article 72, including the post-market monitoring plan referred to in Article 72(3).

Key compliance points

Annex IV is the longest and most operationally demanding documentation requirement in the Act. For a non-trivial high-risk AI system, the documentation runs to hundreds of pages and draws on every other Chapter III obligation:

• Article 9 risk management
• Article 10 data governance
• Article 13 transparency
• Article 14 human oversight
• Article 15 accuracy
• Article 17 quality management
• Article 72 post-market monitoring.

The Annex is, in effect, the consolidating evidence artefact that ties Chapter III together.

The documentation must exist at the point of placing on the market, not be assembled afterwards on request. Notified bodies and market surveillance authorities will ask for it; the inability to produce it is independently a formal non-compliance under Article 83 and is fineable under Article 99 Tier 2.

The documentation must be kept up to date for at least ten years after the system has been placed on the market or put into service (Article 18).

Updates triggered by relevant changes under category 6 must be reflected in the documentation. Static documentation prepared once and filed is not compliant.

The data requirements in category 2 (datasheets, provenance, labelling, cleaning) link directly to Article 10.

Where the provider used pre-trained models or third-party tools, the documentation must describe how they were used, integrated or modified. This is the operational basis for the upstream-downstream information flow under Article 25 and, for GPAI-integrated systems, under Annex XII.

The “pre-determined changes” provision in category 2 is the route through which adaptive and continuously-trained AI systems can be documented compliantly. The provider must specify in advance what changes are anticipated and what technical solutions ensure continuous compliance. Changes outside the pre-determined scope require fresh conformity assessment under Article 43(4).

Category 7 (standards and technical specifications) is the mechanism for the Article 40 presumption of conformity. Where the provider applies harmonised standards published in the OJ, the documentation can reference them and benefit from the presumption.

Where no harmonised standards exist or the provider departs from them, the documentation must describe the alternative solutions in detail.

The Annex is amendable by delegated act specifically to simplify documentation for SMEs and start-ups (Article 11(3)). As of mid-2026, no such delegated act has been adopted. SMEs and start-ups face the full Annex IV burden in practice, with the exception of the limited Article 63 microenterprise concession on quality management.

For GPAI providers, the equivalent documentation is Annex XI (model documentation) and Annex XII (downstream provider information), not Annex IV.

The two regimes operate in parallel: downstream providers integrating a GPAI model into a high-risk system rely on Annex XII to complete their own Annex IV documentation.

Last reviewed: 15 May 2026.

Annex V is the content list for the EU declaration of conformity required under Article 47. The declaration is the formal legal document by which the provider of a high-risk AI system states, in its own name and under its own responsibility, that the system complies with the requirements of the Act.

It is the operative compliance statement on which CE marking under Article 48 depends, on which importers and distributors rely under Articles 23 and 24, and which market surveillance authorities can demand at any point under Article 21.

Annex V applies from 2 August 2026 for Annex III systems and from 2 August 2027 for Annex I systems. The Annex is amendable by delegated act under Article 47(5).

Required content of the EU declaration of conformity

The declaration must contain all of the following information:

• AI system name and type, and any additional unambiguous reference allowing identification and traceability of the AI system.
• Name and address of the provider and, where applicable, of the authorised representative.
• A statement that the EU declaration of conformity is issued under the sole responsibility of the provider.
• A statement that the AI system is in conformity with the Act and, where applicable, with any other relevant Union law providing for the issuing of an EU declaration of conformity.
• Where an AI system involves the processing of personal data, a statement that the system complies with GDPR (Regulation (EU) 2016/679), Regulation (EU) 2018/1725 on the processing of personal data by Union institutions, and, where applicable, the Law Enforcement Directive (Directive (EU) 2016/680).
• References to any relevant harmonised standards used or any other common specification in relation to which conformity is declared.
• Where applicable, name and identification number of the notified body, a description of the conformity assessment procedure performed, and identification of the certificate issued.
• Place and date of issue of the declaration, name and function of the person who signed it, and an indication of the person on whose behalf the signature was given.

The declaration must be drawn up in a language that can be easily understood by the national competent authorities of the Member States in which the AI system is placed on the market or made available.

Key compliance points

The EU declaration of conformity is not a certificate issued by a third party. It is a unilateral legal statement by the provider, signed in its own name. The provider takes full responsibility for the accuracy of the declaration.

Issuing a false declaration is independently actionable. Article 99 Tier 3 (€7.5 million / 1% turnover) covers the supply of incorrect, incomplete or misleading information to authorities, and the declaration is the most prominent such document.

Article 83 (formal non-compliance) catches the absence of a declaration or an inadequate one.

The declaration is the legal precondition for CE marking under Article 48. CE marking without a valid declaration is itself a formal non-compliance and a basis for prohibitive market surveillance action.

The declaration must reference any other Union law under which an EU declaration of conformity is required.

For Annex I systems, this typically means the sectoral product safety law (Medical Devices Regulation, Machinery Regulation and others); the same single declaration covers both regimes where possible, with the AI Act compliance statement integrated alongside the sectoral compliance statement.

Where the high-risk AI system processes personal data, the declaration must include an explicit statement of GDPR compliance. This is not a generic privacy notice; it is a substantive compliance statement carrying legal consequences.

Providers should ensure the underlying data protection compliance, including any required DPIA under GDPR Article 35, is in place before the declaration is signed.
The declaration must be kept at the disposal of national competent authorities for ten years after the AI system has been placed on the market or put into service (Article 47(2)). The retention obligation runs alongside the Article 18 ten-year documentation retention.

Where the provider is established outside the EU, the authorised representative under Article 22 keeps a copy of the declaration and makes it available to authorities on request. The authorised representative does not sign the declaration; the provider does. The representative verifies that the declaration exists and is in order before the system is placed on the EU market.

The declaration must be updated where any of its content changes. A change of authorised representative, a change in applied standards, or a substantial modification triggering re-assessment under Article 43(4) all require an updated declaration. Static declarations prepared once and filed are not compliant.

Annex V is short by comparison with Annex IV, but it depends on Annex IV. The declaration cannot be honestly signed without the technical documentation, the risk management file, the conformity assessment record and the post-market monitoring plan in place.

The declaration is the visible tip of the compliance evidence; Annex IV is the underlying structure.

Last reviewed: 15 May 2026.

Annex VI sets out one of the two conformity assessment procedures available under the Act. It is the “Module A” route in EU New Legislative Framework terms: a self-assessment procedure carried out by the provider alone, without the involvement of a notified body.

The procedure is the default route for most Annex III high-risk AI systems under Article 43(2). It is the operationally lighter of the two procedures and the one most operators will use in practice. Annex VI applies from 2 August 2026 for Annex III systems. The Annex is amendable by delegated act under Article 43(5).

The three steps of the internal-control procedure

The conformity assessment procedure based on internal control is the procedure based on points 2, 3 and 4 of Annex VI:

1. The provider verifies that the established quality management system is in compliance with the requirements of Article 17.

The Article 17 quality management system covers strategy for regulatory compliance, design control, technical documentation procedures, examination of the AI system, testing and validation, post-market monitoring, communication with authorities and accountability of management. The provider’s first conformity assessment task is to confirm internally that this system exists and operates as required.

2. The provider examines the information contained in the technical documentation in order to assess the compliance of the AI system with the relevant essential requirements set out in Chapter III Section 2.

The provider reviews its Annex IV technical documentation against the substantive requirements: risk management (Article 9), data governance (Article 10), technical documentation itself (Article 11), record-keeping (Article 12), transparency (Article 13), human oversight (Article 14), and accuracy, robustness and cybersecurity (Article 15). The examination is documentary and analytical, not field-testing of the system.

3. The provider also verifies that the design and development process of the AI system and its post-market monitoring as referred to in Article 72 is consistent with the technical documentation.

The provider confirms that what is documented matches what was actually built and is actually being monitored. This is the integrity check on the link between Annex IV documentation and the operational reality of the system. It catches the most common compliance failure: a technical file describing a different system from the one in production.

The procedure does not require external verification, certification, sample testing, or audit. The provider conducts each step internally and documents the outcome. The conclusion of the procedure is reflected in the EU declaration of conformity under Article 47 and, where applicable, in the technical documentation under Annex IV.

Key compliance points

Internal control is the default for Annex III high-risk systems under Article 43(2). The exception is biometric identification and biometric categorisation systems falling under Annex III area 1, where the provider has not applied harmonised standards or common specifications: in that case, the Annex VII third-party procedure applies. All other Annex III systems can use Annex VI.

Internal control is not available for Annex I systems. Annex I systems follow the conformity assessment procedure of the sectoral product safety legislation, which is typically third-party assessment by a notified body designated under that legislation, with AI Act requirements integrated.

Self-assessment does not mean light-touch compliance. The substantive requirements in Chapter III Section 2 apply in full, the Annex IV documentation is required in full, the EU declaration of conformity carries full legal weight, and the Article 99 fining regime applies in full. What is removed is the notified body as the verifying party, not the obligation.

The procedure presupposes a working quality management system under Article 17. A provider that does not have an Article 17 QMS in place cannot validly carry out the Annex VI procedure. The QMS is the operational backbone of the assessment.

The provider remains exposed to market surveillance scrutiny under Articles 74 to 84. Internal-control conformity does not insulate the provider from challenge. A market surveillance authority that finds the assessment was conducted inadequately can require corrective action under Article 79 and impose fines under Article 99.

The Annex VI procedure carries higher residual risk than Annex VII in operational terms. With no notified body certificate to stand behind, the provider bears the full evidential burden when challenged. The compensating benefit is speed, cost and confidentiality: no external party reviews source code, model weights or training data.

Where harmonised standards under Article 40 or common specifications under Article 41 are available and applied in full, conformity with those standards creates a presumption of conformity with the corresponding Chapter III Section 2 requirements.

The Annex VI procedure becomes an exercise in documenting standards compliance, which is materially simpler than alternative-solution documentation. Operators choosing the Annex VI route should track harmonised standards adoption closely; CEN-CENELEC JTC 21 is the primary source.

Where harmonised standards are not available or are not applied, the Annex VI procedure requires the provider to document the alternative solutions adopted, under Annex IV category 7. The documentation burden is materially higher in this case.

The procedure must be repeated, in substance, where the AI system undergoes a substantial modification under Article 43(4). A substantial modification triggers a fresh conformity assessment, which under Annex VI means a fresh internal review of the QMS, the technical documentation, and the design-monitoring consistency.

Documentation of pre-determined changes under Annex IV category 2 reduces the scope of changes that count as substantial.

Last reviewed: 15 May 2026.

Annex VII sets out the third-party conformity assessment procedure under the Act. It is the “Module H+” route in EU New Legislative Framework terms: assessment by an independent notified body of both the provider’s quality management system and the technical documentation of the AI system.

It is the heavier of the two procedures available under Article 43, and the default route for biometric high-risk systems under Annex III area 1 where harmonised standards have not been applied. The Annex is the operational basis for the notified body relationship, certificate issuance and post-certification surveillance.

Annex VII applies from 2 August 2026, in step with the high-risk obligations. The Annex is amendable by delegated act under Article 43(6).

The four-stage structure of the Annex VII procedure

Stage 1 — Application (point 2)

The provider lodges an application for assessment of its quality management system with a notified body of its choice, designated under Article 31. The application contains:

• The name and address of the provider, and where the application is lodged by an authorised representative, also its name and address.
• The list of AI systems covered under the same quality management system.
• The technical documentation for each AI system covered, in accordance with Annex IV.
• The documentation concerning the quality management system, covering all the elements listed in Article 17.
• A description of the procedures in place to ensure that the quality management system remains adequate and effective.
• A written declaration that the same application has not been lodged with any other notified body.

Stage 2 — Assessment of the quality management system (points 3.1 to 3.3)

The notified body assesses the quality management system to determine whether it meets the requirements of Article 17. The notified body’s audit team must have appropriate experience in AI systems, the technology concerned, and the requirements of the Act.

The assessment includes an audit visit to the provider’s premises and, where appropriate, to facilities of suppliers or subcontractors involved in designing, developing or testing the AI system.

The notified body delivers a quality management system assessment decision to the provider. The decision contains the conclusions of the audit and a reasoned assessment. Where the assessment is positive, an EU quality management system approval is issued.

Stage 3 — Surveillance of the approved quality management system (points 3.4 and 3.5)

The provider undertakes to fulfil the obligations arising from the approved quality management system and to maintain it so that it remains adequate and effective. The provider keeps the notified body that has approved the quality management system informed of any intended changes to it or to the list of AI systems covered.

The notified body evaluates any proposed changes and decides whether the modified quality management system continues to satisfy Article 17, or whether a reassessment is necessary. The notified body notifies the provider of its decision. The notification contains the conclusions of the examination and the reasoned assessment decision.

The notified body periodically carries out audits to make sure that the provider maintains and applies the quality management system, and provides the provider with an audit report.

In the context of those audits, the notified body may carry out additional tests of the AI systems for which an EU technical documentation assessment certificate has been issued.

Stage 4 — Assessment of the technical documentation (point 4)

In addition to the quality management system assessment, the notified body assesses the technical documentation of each AI system covered. For this purpose, the notified body examines the technical documentation to verify the provider’s ability to ensure and check compliance with the requirements set out in Chapter III Section 2.

The examination of the technical documentation includes verification of the elements set out in Annex IV.

Where conformity of the AI system with the requirements set out in Chapter III Section 2 has been verified, the notified body issues an EU technical documentation assessment certificate.

The certificate indicates the name and address of the provider, the conclusions of the examination, the conditions of validity (if any), and the necessary information to identify the AI system.

The certificate is valid for a period not exceeding five years. At the request of the provider, the validity of the certificate may be extended for further periods not exceeding five years each, on the basis of a re-assessment in accordance with the procedures applicable.

Where the notified body finds that the AI system no longer meets the requirements set out in Chapter III Section 2, it must, taking account of the principle of proportionality, suspend or withdraw the certificate issued, or impose restrictions on it, unless compliance is ensured by appropriate corrective action taken by the provider within an appropriate deadline set by the notified body. The notified body must give reasons for its decision.

Changes to the AI system (point 4.5)

The provider keeps the notified body that issued the EU technical documentation assessment certificate informed of any changes to the AI system that could affect its compliance with the requirements or the conditions of validity of the certificate.

The notified body examines such changes and informs the provider whether the approved quality management system or the EU technical documentation assessment certificate still meets the requirements, or whether a re-assessment is necessary. The notified body notifies the provider of its decision.

Where the change is identified as a substantial modification within the meaning of Article 43(4), it requires a new conformity assessment.

Key compliance points

Annex VII is mandatory, not optional, for biometric high-risk AI systems under Annex III area 1 where the provider has not applied harmonised standards or common specifications.

For all other Annex III systems, the provider can choose between Annex VI (internal control) and Annex VII (third-party assessment). Annex VI is the default in practice; Annex VII is chosen where a notified body certificate is commercially or strategically valuable, or where harmonised standards are not yet available.

The procedure has two outputs: an EU quality management system approval (covering the provider as an organisation) and an EU technical documentation assessment certificate (covering each AI system). The two operate together. A provider with an approved QMS can add new systems under that QMS through technical documentation assessment alone, without a fresh QMS audit.

The certificate validity period of five years is the longest in EU product certification. The five-year clock starts at issuance and runs continuously, subject to the surveillance audits in Stage 3 and the obligation to notify changes under point 4.5.

Providers should plan re-assessment well before the five-year expiry to avoid gaps in certification.

The notified body’s surveillance audits in Stage 3 are not the same as conformity assessment. They are ongoing checks that the QMS remains effective and that systems certified under it continue to comply. The notified body can require additional testing of certified systems during surveillance.

The Annex VII procedure requires the notified body to have AI-specific competence. Notified bodies designated under sectoral legislation (MDR, IVDR, Machinery Regulation) are not automatically competent for the AI Act; designation must be extended.

The supply of competent notified bodies under the AI Act is constrained as of mid-2026, and capacity is a real bottleneck for providers choosing the Annex VII route or required to use it.

The Annex VII procedure carries higher costs than Annex VI: notified body fees, audit time, site visits, and ongoing surveillance fees. Article 62(3) requires notified body fees for SMEs to be reduced in proportion to development stage, size, market demand and other indicators. The reduction is real but does not eliminate the cost differential.

The Annex VII procedure carries lower residual enforcement risk than Annex VI. The notified body certificate provides a presumption that the system, as certified, meets the requirements.

Market surveillance authorities can still challenge the certified system under Articles 79 to 83, but the procedural path is more constrained: the authority must first engage with the notified body and the certificate before acting against the provider.

The Article 37 procedure on challenge to the competence of notified bodies operates in parallel. Where a notified body issues certificates inadequately, the Commission can require the notifying authority to review the designation. This is the mechanism that disciplines the third-party certification market over time.
Substantial modifications under Article 43(4) trigger a fresh conformity assessment.

Under Annex VII, this means re-engaging the notified body for fresh technical documentation assessment, and potentially fresh QMS audit where the modification affects the QMS. The cost and time implications of substantial modifications are higher under Annex VII than under Annex VI.

For Annex I systems, the conformity assessment procedure is the sectoral procedure under the relevant product legislation, with AI Act requirements integrated. Annex VII does not apply directly to Annex I systems, although the structure of the Annex VII procedure closely tracks the Module H+ procedure used under most NLF sectoral legislation, and providers familiar with sectoral conformity assessment will recognise the architecture.

Last reviewed: 15 May 2026.

Annex VIII is the content list for registration of high-risk AI systems in the EU database established under Article 71. Article 49 imposes the obligation; Annex VIII specifies what goes in.

The registration is the public-facing compliance signal for Annex III high-risk systems, and the operational link between the provider’s compliance evidence and the supervisory machinery of the Act.

Annex VIII applies from 2 August 2026 in step with the high-risk obligations. The Annex is structured in three sections, each covering a different registration scenario: provider registration of an Annex III system (Section A), registration by a provider that has classified its Annex III system as not high-risk under Article 6(3) (Section B), and registration by a deployer that is a public authority or acting on behalf of one (Section C).

Section A — Information to be submitted by providers of high-risk AI systems in accordance with Article 49(1)

Where a provider places an Annex III high-risk AI system on the market or puts it into service, the following information is submitted to the EU database:

• Name, address and contact details of the provider.
• Where submission is by another person on behalf of the provider, name, address and contact details of that person.
• Name, address and contact details of the authorised representative, where applicable.
• Trade name of the AI system and any additional unambiguous reference allowing its identification and traceability.
• Description of the intended purpose of the AI system and of the components and functions supported through this AI system.
• A basic and concise description of the information used by the system (data, inputs) and its operating logic.
• Status of the AI system (on the market, or in service; no longer placed on the market or in service; recalled).
• Type, number and expiry date of the certificate issued by the notified body and the name or identification number of that notified body, where applicable.
• A scanned copy of the certificate referred to above, where applicable.
• Member States in which the AI system has been placed on the market, put into service, or made available in the Union.
• A copy of the EU declaration of conformity referred to in Article 47.
• Electronic instructions for use; this information is not to be provided for high-risk AI systems used in the areas of law enforcement, migration, asylum and border control management referred to in Annex III, points 1, 6 and 7.
• A URL for additional information (optional).

Section B — Information to be submitted by providers in accordance with Article 49(2)

Where a provider has concluded under Article 6(3) that its Annex III system is not in fact high-risk and registers under Article 49(2), the following information is submitted:

• Name, address and contact details of the provider.
• Where submission is by another person on behalf of the provider, name, address and contact details of that person.
• Name, address and contact details of the authorised representative, where applicable.
• Trade name of the AI system and any additional unambiguous reference allowing its identification and traceability.
• Description of the intended purpose of the AI system.
• The grounds on which the AI system is considered not to be high-risk under Article 6(3).
• A short summary of the grounds on which the AI system is considered not to be high-risk under Article 6(3).
• Status of the AI system (on the market, or in service; no longer placed on the market or in service; recalled).
• Member States in which the AI system has been placed on the market, put into service or made available in the Union.

Section C — Information to be submitted by deployers of high-risk AI systems in accordance with Article 49(3)

Where the deployer is a public authority, agency or body, or a private entity acting on behalf of a public authority, deploying an Annex III high-risk AI system, the following information is submitted:

• Name, address and contact details of the deployer.
• Name, address and contact details of any person submitting information on behalf of the deployer.
• The URL of the entry of the AI system in the EU database by its provider.
• A summary of the findings of the fundamental rights impact assessment conducted in accordance with Article 27.
• A summary of the data protection impact assessment carried out in accordance with Article 35 of Regulation (EU) 2016/679 or Article 27 of Directive (EU) 2016/680 as specified in Article 26(8) of the AI Act, where applicable.

Key compliance points

Registration under Article 49 is a precondition to placing the system on the market or putting it into service. The registration must exist at the point of market entry.

Late registration is independently a formal non-compliance under Article 83 and fineable under Article 99 Tier 3.

Section A applies to most providers of Annex III high-risk systems.

Section B applies to the subset claiming the Article 6(3) exception.

Section C applies only to deployers that are public authorities or acting on their behalf.

Private commercial deployers do not register under Annex VIII at all; their compliance burden runs through other Articles (Article 26 obligations, Article 27 fundamental rights impact assessment where required, Article 86 right to explanation).

The Section A registration is broadly public. The Section B registration is also public, including the grounds for the Article 6(3) classification.

This is the database mechanism through which market surveillance authorities, civil society, customers and journalists can identify and challenge over-broad use of the exception under Article 80.

Providers using Article 6(3) should expect their reasoning to be visible and to be tested.

For systems used in law enforcement, migration, asylum, border control, and judicial and democratic processes (Annex III points 1, 6, 7 and 8), registration is in the non-public part of the database. The provider still submits Annex VIII information; only visibility is restricted. The technical content of the registration obligation is the same.

The Annex VIII Section A entry references and depends on the Annex IV technical documentation and the Annex V EU declaration of conformity.

The registration is the public surface of those underlying documents.

Inconsistencies between the registration and the underlying file are detectable and are independently fineable under Article 99 Tier 3 (incorrect or misleading information).

The Section C deployer registration depends on the Article 27 fundamental rights impact assessment having been completed.

Deployers cannot register before the FRIA is in place. This creates a sequencing constraint: deployer FRIA → deployer registration → first use of the system.

The Section C registration is linked to the provider’s Section A registration via the URL of the provider’s database entry. The two registrations are not independent; they form a linked record for each deployed instance of an Annex III system used by a public authority.

Registration entries must be kept up to date. Changes to the provider, the authorised representative, the trade name, the Member States in which the system is made available, or the status of the system require updates to the registration.

The Commission as data controller under Article 71 is the addressee for accuracy and access matters.

The Annex applies independently of conformity assessment route. Both Annex VI (internal control) and Annex VII (notified body) providers register the same information under Annex VIII Section A.

Annex VII providers additionally provide notified body details and a copy of the certificate; Annex VI providers leave those fields blank or marked as not applicable.

For Annex I systems (AI systems embedded in regulated products), Annex VIII registration does not apply. Those systems are registered under their sectoral regimes. The split between Annex III (EU database registration) and Annex I (sectoral registration) is the single most important structural feature of the registration regime.

Last reviewed: 15 May 2026.

Annex IX is the content list for registration of real-world testing of Annex III high-risk AI systems in the EU database under Article 71.

Article 60 authorises such testing outside a regulatory sandbox, subject to a real-world testing plan approved by the market surveillance authority. Annex IX specifies the registration information that supports supervisory oversight of the testing while it is in progress.

The registration is the operational mechanism that gives authorities visibility of pre-market AI testing on real users and the procedural basis on which testing can be suspended if risks materialise.

Annex IX applies from 2 August 2026 in step with Article 60.

The required content

The following information relating to testing in real-world conditions in accordance with Article 60 is submitted to the EU database before testing begins:

• A Union-wide unique single identification number of the testing in real-world conditions.
• Name and contact details of the provider or prospective provider and of the deployers involved in the testing in real-world conditions.
• A brief description of the AI system, its intended purpose, and other information necessary for the identification of the system.
• A summary of the main characteristics of the plan for testing in real-world conditions.
• Information on the suspension or termination of the testing in real-world conditions.

The registration entry must be updated where information changes during the course of testing, including in particular where testing is suspended or terminated.

Key compliance points

Registration under Annex IX is a precondition for starting real-world testing under Article 60.

The Article 60 procedure requires (i) a real-world testing plan approved by the market surveillance authority of the Member State where testing will take place, (ii) registration in the EU database before testing begins, and (iii) informed consent from participants under Article 61. All three must be in place before the first test interaction.

Annex IX registration is distinct from Annex VIII registration. Annex VIII covers systems placed on the market or put into service; Annex IX covers pre-market testing of systems that are not yet placed on the market.

A system being tested under Article 60 is not yet subject to Annex VIII. Once placed on the market following successful testing, the Annex VIII registration applies.

The “Union-wide unique single identification number” is issued through the EU database and accompanies the testing throughout its duration.

The identifier is the operational link between the testing plan, the registration entry, the Annex IX information, and any Article 73 serious incident reporting arising during testing.

Testing under Article 60 is time-limited: six months, extendable once by a further six months. The registration must reflect the duration and any extension. Continuing testing beyond the registered duration is a formal non-compliance under Article 83.
Suspension or termination of testing must be reflected in the registration without delay. This is the supervisory mechanism through which authorities track risk events and corrective action during the testing period.

Article 60(4) requires the provider to suspend testing immediately where necessary to protect health, safety or fundamental rights, and the registration entry is updated accordingly.

The Annex IX registration is in the public part of the EU database for most testing scenarios. For testing in the law enforcement, migration, asylum, border control, and judicial and democratic process areas, registration is in the non-public part, accessible only to the Commission and national market surveillance authorities.

The Article 61 informed consent of testing participants is a separate obligation, not satisfied by registration. The registration covers the system and the testing plan; the consent covers the individual participants. Both are required.

Real-world testing under Article 60 is not available for systems classified under Article 6(3) as not high-risk.

The Article 60 procedure operates only where the system is, or would be, high-risk under Article 6(2). Providers that have invoked Article 6(3) cannot use Article 60 for the same system without first abandoning the Article 6(3) classification.

The interaction between Article 60 testing and the conformity assessment procedures under Annexes VI and VII is one-directional: Article 60 testing precedes conformity assessment and is not a substitute for it.

Successful testing produces evidence that feeds into the Annex IV technical documentation and supports the conformity assessment, but it does not itself constitute conformity assessment.

Real-world testing in a sandbox under Article 57 follows a different procedural framework and is not registered under Annex IX. The sandbox framework includes its own supervisory mechanism through the competent authority running the sandbox.

Last reviewed: 15 May 2026.

Annex X is the closed list of Union legislative acts establishing the EU’s large-scale IT systems in the area of freedom, security and justice (the “AFSJ”). These are the centralised information systems operated by eu-LISA (the European Union Agency for the Operational Management of Large-Scale IT Systems) and used by Member State authorities for border management, visa processing, asylum, police and judicial cooperation.

The Annex does not impose obligations of its own. Its function is to identify the systems to which the special transitional rule in Article 111(1) applies: AI systems that are components of these large-scale IT systems and were already placed on the market or put into service before 2 August 2027 must be brought into compliance by 31 December 2030, rather than by the standard transitional dates.

The Annex applies for the purposes of Article 111(1) from the entry into force of the Act on 1 August 2024.

The listed legislative acts

The Annex lists the Union legislative acts establishing the following large-scale IT systems:

• Schengen Information System (SIS) — Regulations (EU) 2018/1860, 2018/1861 and 2018/1862. The SIS supports border control, police and judicial cooperation by enabling Member State authorities to issue alerts on persons and objects across the Schengen area.
• Visa Information System (VIS) — Regulation (EC) 767/2008 and Council Decision 2008/633/JHA, as amended. The VIS supports the common visa policy by enabling Member State consular and border authorities to exchange visa data.
• Eurodac — Regulation (EU) 603/2013, subsequently replaced by Regulation (EU) 2024/1358 as part of the EU’s 2024 Pact on Migration and Asylum. Eurodac compares fingerprint and biometric data of asylum applicants and third-country nationals across the Union.
• Entry/Exit System (EES) — Regulation (EU) 2017/2226. The EES records entries and exits of third-country nationals crossing the external borders of the Schengen area.
• European Travel Information and Authorisation System (ETIAS) — Regulation (EU) 2018/1240. ETIAS authorises visa-exempt third-country nationals to travel to the Schengen area.
• European Criminal Records Information System for Third-Country Nationals (ECRIS-TCN) — Regulation (EU) 2019/816. ECRIS-TCN enables Member State authorities to identify which other Member States hold criminal record information on third-country nationals.
• Interoperability framework for EU information systems — Regulations (EU) 2019/817 (borders and visa) and (EU) 2019/818 (police and judicial cooperation, asylum and migration). These regulations establish the technical framework enabling the listed systems to interoperate through the Common Identity Repository, the Multiple-Identity Detector, the European Search Portal and the shared Biometric Matching Service.

Key compliance points

Annex X is purely cross-referential. It identifies which underlying Union regimes are caught by the Article 111(1) transitional rule. It does not, by itself, impose any obligation on operators of AI systems. The Article 111(1) transitional rule is the operative provision.

Where an AI system is a component of one of the large-scale IT systems established by an Annex X act, and the system was placed on the market or put into service before 2 August 2027, the provider and the deployer have until 31 December 2030 to bring the system into AI Act compliance. This is the most generous transitional window in the Act.

The transitional rule does not apply to AI components added after 2 August 2027. New AI components of Annex X systems, or AI components added through substantial modification of an existing system after that date, fall within the standard application dates (2 August 2026 for Annex III systems, 2 August 2027 for Annex I systems).

The transitional rule does not exempt operators from the Article 5 prohibitions. Prohibited practices apply from 2 February 2025 regardless of when the system was placed on the market or whether it is a component of an Annex X system.

A legacy AI component performing a prohibited practice within an Annex X system was unlawful from 2 February 2025 and the December 2030 transition date does not save it.

The transitional rule operates alongside, not instead of, the sectoral legal framework governing each Annex X system. The underlying Regulations and Decisions listed in Annex X impose their own data protection, security, and operational requirements, including independent fundamental rights protections.

AI Act compliance under the December 2030 timetable is additional to ongoing compliance under the sectoral regime.

The operators of Annex X systems are typically Member State authorities, eu-LISA (as the operational manager), and a layer of private contractors providing AI components, biometric matching services, decision-support tools, risk assessment systems, and identity verification systems.

The Article 111(1) transitional rule applies to the provider of the AI component; the corresponding obligations under Article 26 (deployers) apply to the Member State authority or EU institution using it.

Most AI components of Annex X systems will be classified as Annex III high-risk under the migration, asylum and border control management category (Annex III point 7) or the law enforcement category (Annex III point 6). Registration of these systems is in the non-public part of the EU database under Article 71, with limited public visibility.

The European Data Protection Supervisor has supervisory jurisdiction over the processing of personal data by EU institutions and bodies in the context of Annex X systems, alongside national data protection authorities for Member State processing. The EDPS is also the market surveillance authority under the AI Act for AI systems used by Union institutions, bodies, offices and agencies, including any AI components of Annex X systems operated at EU level.

The Eurodac regime in particular is in transition. The replacement Regulation (EU) 2024/1358 forms part of the 2024 Pact on Migration and Asylum and applies from 12 June 2026. The transition between the old and new Eurodac regimes will run in parallel with the AI Act transitional rules under Article 111(1), and operators of AI components of Eurodac will face overlapping change management obligations.

Last reviewed: 15 May 2026.

Annex XI is the content list for the technical documentation that every provider of a general-purpose AI model must draw up and keep up to date under Article 53(1)(a). Where Annex IV does this job for high-risk AI systems, Annex XI does it for GPAI models.

The documentation is the operative basis on which the AI Office assesses compliance with Chapter V; it is the file that providers must make available to the AI Office and national competent authorities on request under Article 91.

Annex XI applies from 2 August 2025 in step with Chapter V. Providers of GPAI models placed on the market before that date have until 2 August 2027 to bring documentation into compliance under Article 111(3).

The Annex is structured in two sections: Section 1 covers the documentation that every GPAI provider must hold, while Section 2 covers the additional information required where the AI Office or a national competent authority requests it.

Section 1 — Information to be drawn up by all providers of general-purpose AI models

The technical documentation must contain, as appropriate to the size and risk profile of the model, at least the following information:

1. General description of the GPAI model, including:

• The tasks that the model is intended to perform and the type and nature of AI systems in which it can be integrated.
• The acceptable use policies applicable.
• The date of release and methods of distribution.
• The architecture and number of parameters.
• The modality (e.g. text, image) and format of inputs and outputs.
  The licence.

2. Detailed description of the elements of the model and relevant information about the process for its development, including:

• The technical means (e.g. instructions for use, infrastructure, tools) required for the GPAI model to be integrated in AI systems.
• The design specifications of the model and training process, including training methodologies and techniques, the key design choices including the rationale and assumptions made, what the model is designed to optimise for and the relevance of the different parameters, as applicable.
• Information on the data used for training, testing and validation, where applicable, including the type and provenance of data and curation methodologies (e.g. cleaning, filtering), the number of data points, their scope and main characteristics, how the data was obtained and selected, as well as all other measures to detect the unsuitability of data sources and methods to detect identifiable biases, where applicable.
• The computational resources used to train the model (e.g. number of floating point operations), training time, and other relevant details related to the training.
• Known or estimated energy consumption of the model.
• Where the energy consumption is unknown, the energy consumption may be based on information about computational resources used.

Section 2 — Additional information to be provided by providers of general-purpose AI models with systemic risk

In addition to the Section 1 information, providers of GPAI models with systemic risk under Article 51 must include:

• A detailed description of the evaluation strategies, including evaluation results, on the basis of available public evaluation protocols and tools or otherwise of other evaluation methodologies.
• Evaluation strategies must include evaluation criteria, metrics and the methodology on the identification of limitations.
• Where applicable, a detailed description of the measures put in place for the purpose of conducting internal and/or external adversarial testing (e.g. red teaming), model adaptations, including alignment and fine-tuning.
• Where applicable, a detailed description of the system architecture explaining how software components build upon or feed into each other and integrate into the overall processing.

Key compliance points

Annex XI is the GPAI counterpart to Annex IV. The two regimes are structurally similar but cover different objects: Annex IV documents a high-risk AI system; Annex XI documents a GPAI model.

Where a high-risk AI system integrates a GPAI model, the downstream provider’s Annex IV documentation depends on the upstream provider’s Annex XI documentation and the Annex XII downstream information.

Section 1 is the floor. Every GPAI provider placing a model on the EU market must hold the Section 1 documentation, regardless of model size, capability or systemic risk classification. The “as appropriate to the size and risk profile” qualifier permits proportional scaling of detail but does not permit omission of categories.

Section 2 is additional, not alternative. Providers of GPAI models with systemic risk under Article 51 must hold the Section 1 and Section 2 documentation together. Section 2 covers evaluation, adversarial testing and architecture in a way Section 1 does not.

The free and open-source carve-out in Article 53(2) disapplies the Annex XI documentation obligation for GPAI models released under a genuinely free and open-source licence with publicly available weights, architecture and usage information, provided the model is not classified as systemic risk. Open-weight releases without architectural disclosure do not qualify for the carve-out and remain subject to Annex XI in full. Models with systemic risk are subject to Annex XI regardless of licence.

The documentation must be kept up to date and made available to the AI Office and national competent authorities on request under Article 91. The AI Office can require documentation, evaluations and information at any point under Articles 91 and 92.

Failure to provide documentation is an independently fineable infringement under Article 101 (up to 3% of worldwide annual turnover or €15 million, whichever is higher).

The information on training data in Section 1, category 2 is the most operationally and legally sensitive element of the Annex. It includes type and provenance, curation methodologies, scope and characteristics, sourcing, and measures to detect unsuitability and bias.

This sits alongside the public training-data summary obligation under Article 53(1)(d), but is separate: Annex XI training data information is for authorities; the Article 53(1)(d) summary is for the public.

The energy consumption requirement in Section 1, category 2 is the first binding sustainability disclosure in a Union AI law. Reporting must cover known or estimated energy consumption, with computational resources as a permitted proxy where direct measurement is not available. The metric is not standardised in the Annex; the AI Office’s templates and the Code of Practice fill this gap operationally.

The evaluation strategies and adversarial testing requirements in Section 2 are the operational link to Article 55 obligations for systemic risk providers (model evaluation, adversarial testing, systemic risk assessment, cybersecurity). The Annex XI documentation evidences compliance with the Article 55 substantive obligations.

Without working Section 2 documentation, Article 55 cannot be demonstrated.

The Code of Practice on GPAI under Article 56 is the operative reference document for what “sufficient” Annex XI documentation looks like in practice. Compliance with an approved code creates a presumption of conformity with the corresponding Chapter V obligations, including documentation. As of mid-2026 the Code is the de facto standard against which the AI Office assesses GPAI documentation.
Annex XI documentation is private as between the provider and authorities.

Unlike Annex VIII registration, which is broadly public, Annex XI documentation is not published. The public-facing GPAI compliance signal is the Article 53(1)(d) training-data summary, not the Annex XI file. Confidentiality protection under Article 78 covers the Annex XI content, including model weights, training data and trade secrets.

Last reviewed: 15 May 2026.

Annex XII is the downstream-facing counterpart to Annex XI. Article 53(1)(a) requires the GPAI provider to draw up technical documentation for itself and for authorities (Annex XI), whereas Article 53(1)(b) requires the GPAI provider to draw up and make available to downstream providers the information they need to integrate the model lawfully and to comply with their own obligations under the Act. Annex XII specifies that information.

The Annex is the operational mechanism through which the AI Act allocates compliance burden across the GPAI value chain: upstream model providers carry the obligation to inform; downstream system providers rely on that information to discharge their own Chapter III obligations.

Annex XII applies from 2 August 2025 in step with Chapter V, with the legacy carve-out under Article 111(3) for models placed on the market before that date (compliance required by 2 August 2027).

The required content

The information drawn up and kept up to date by providers of GPAI models for providers of AI systems that intend to integrate the GPAI model into their AI system must contain at least the following:

1. A general description of the GPAI model, including:

• The tasks that the model is intended to perform and the type and nature of AI systems into which it can be integrated.
• The acceptable use policies applicable.
• The date of release and methods of distribution.
• How the model interacts, or can be used to interact, with hardware or software that is not part of the model itself, where applicable.
• The versions of relevant software related to the use of the GPAI model, where applicable.
• The architecture and number of parameters.
• The modality (e.g. text, image) and format of inputs and outputs.
• The licence for the model.

2. A description of the elements of the model and of the process for its development, including:

• The technical means (e.g. instructions of use, infrastructure, tools) required for the GPAI model to be integrated into AI systems.
• The modality (e.g. text, image, and so on) and format of the inputs and outputs and their maximum size (e.g. context window length and so on).
• Information on the data used for training, testing and validation, where applicable, including the type and provenance of data and curation methodologies.

The information must be kept up to date and made available to downstream providers in a format that enables them to discharge their own obligations under the Act, in particular the high-risk system obligations in Chapter III where applicable.

Key compliance points

Annex XII is the structural link between Chapter V (upstream GPAI providers) and Chapter III (downstream system providers). Without Annex XII information, a downstream provider integrating a GPAI model into an Annex III high-risk system cannot draw up complete Annex IV technical documentation, cannot conduct risk management under Article 9, cannot meet data governance requirements under Article 10 to the extent these depend on upstream choices, and cannot demonstrate transparency to its own deployers under Article 13.

Annex XII applies to every GPAI provider placing a model on the EU market, regardless of model size or systemic-risk classification.

Unlike Annex XI, Annex XII does not have a Section 2 layer for systemic-risk models; the same content categories apply across the GPAI regime.

The free and open-source carve-out under Article 53(2) disapplies the Annex XII obligation for GPAI models released under a genuinely free and open-source licence with publicly available weights, architecture and usage information, provided the model is not classified as systemic risk. The carve-out reflects the assumption that fully open releases make the relevant information available to downstream providers by default.

Open-weight releases without architectural disclosure do not qualify and remain subject to Annex XII in full.

The overlap between Annex XI and Annex XII is substantial but not complete. Both Annexes require a general description of the model, information on architecture and parameters, modality and format, and information on training data. Annex XI is more detailed on the development process (design choices, training methodologies, computational resources, energy consumption, evaluation for systemic-risk providers). Annex XII is more focused on the integration interface (technical means for integration, input/output maximum size, software versioning for interoperability).

Providers should not produce a single document and treat it as discharging both obligations, since the audiences and purposes differ.

The “kept up to date” obligation is operational. Model updates, new versions, changes to acceptable use policies, changes to licence terms, and changes to integration requirements all trigger updates to the Annex XII information.

Downstream providers depend on this. Stale Annex XII information passes a compliance gap directly down the value chain.

The information must be provided in a format that downstream providers can use. The Annex does not prescribe a specific format, but the practical question is whether the downstream provider can complete its Annex IV documentation, its risk management file, and its EU declaration of conformity using the Annex XII information supplied. Format choices that obstruct downstream compliance are themselves a compliance failure for the upstream provider.

Annex XII information is the upstream provider’s contribution to the Article 25 value chain allocation. Where a downstream entity substantially modifies a GPAI model and becomes a provider in its own right under Article 25, the original GPAI provider must continue to supply the Annex XII information necessary for the new provider to comply. Article 25(4) makes this explicit: the third party that has provided AI tools, services, components, or processes that are used or integrated must provide the necessary information by written agreement, except for free and open-source components.

The downstream provider is entitled to rely on the Annex XII information in discharging its own obligations, but reliance is not unconditional. The downstream provider must verify that the information addresses its intended use of the model. Where the intended downstream use is outside the scope of the upstream Annex XII information, the downstream provider must address the gap independently or obtain supplementary information from the upstream provider.

Annex XII does not require disclosure of model weights, source code, or training data themselves. The information is descriptive, not source.

Confidentiality of weights, training data and trade secrets is preserved under Article 78. Downstream providers receive the information they need to integrate and comply, not the model itself.

The interaction between Annex XII and the Article 53(1)(c) copyright policy is operational. The GPAI provider’s copyright policy must be in place; Annex XII does not require disclosure of the policy to downstream providers, but downstream providers integrating the model into systems that generate or process content benefit from understanding the policy to manage their own copyright exposure.

Last reviewed: 15 May 2026.

Annex XIII is the operative criteria list for designating a general-purpose AI model as carrying systemic risk under Article 51. Article 51 imposes the classification, while Annex XIII supplies the substantive criteria the Commission applies, both in assessing whether a model meets the high-impact-capabilities threshold and in deciding on its own initiative or following a Scientific Panel alert that a model should be designated as systemic risk.

The Annex sits in the operative core of the GPAI regime, alongside the 10²⁵ FLOPs presumption in Article 51(2): the FLOPs presumption operates as the primary quantitative trigger, while Annex XIII supplies the qualitative criteria that determine whether the presumption is rebutted, whether a sub-threshold model should nonetheless be designated, and how systemic risk is assessed over time.

Annex XIII applies from 2 August 2025 in step with Chapter V. The Annex is amendable by delegated act under Article 51(3).

The seven criteria for designation

For the purpose of determining that a general-purpose AI model has capabilities or an impact equivalent to those of high-impact capabilities under Article 51(1)(a), the Commission takes into account the following criteria:

• The number of parameters of the model.
• The quality or size of the dataset, for example measured through tokens.
• The amount of computation used for training the model, measured in floating point operations or indicated by a combination of other variables such as estimated cost of training, estimated time required for training, or estimated energy consumption for training.
• The input and output modalities of the model, such as text-to-text (large language models), text-to-image, multi-modality, and state-of-the-art thresholds for determining high-impact capabilities for each modality, and the specific type of inputs and outputs (e.g. biological sequences).
• The benchmarks and evaluations of capabilities of the model, including considering the number of tasks without additional training, adaptability to learn new, distinct tasks, its level of autonomy and scalability, and the tools to which it has access.
• Whether the model has a high impact on the internal market due to its reach, which is presumed when it has been made available to at least 10,000 registered business users established in the Union.
• The number of registered end-users.

The Commission may also take into account other criteria depending on the specific characteristics of the GPAI models concerned. The Annex is not exhaustive.

Key compliance points

Annex XIII operates in conjunction with Article 51, not separately. Article 51(2) sets a presumption: a model trained using a cumulative amount of computation greater than 10²⁵ FLOPs is presumed to have high-impact capabilities and is therefore presumed to be a GPAI model with systemic risk.

Annex XIII supplies the criteria that determine whether that presumption is correct in any individual case, whether the presumption is rebutted by the provider under Article 52, and whether a model below the FLOPs threshold should nonetheless be designated as systemic risk by the Commission.

The 10²⁵ FLOPs threshold is itself a moving target. The Commission can amend the threshold by delegated act under Article 51(3) on the basis of evolving technological developments, including improvements in algorithmic efficiency and increases in hardware performance.

The Annex XIII criteria are the framework against which any future amendment is assessed.
The criteria are cumulative and weighted, not individual triggers. No single criterion in Annex XIII automatically designates a model as systemic risk.

The Commission’s assessment is holistic: a model with very high parameter count but limited modality breadth and modest benchmark performance may not be designated; a model with moderate parameter count but exceptional capability profile, high adaptability, and broad reach may be.

The reach criterion (10,000 registered business users established in the Union) is the only criterion in the Annex that operates as a quantitative presumption in its own right. A GPAI model meeting this threshold is presumed to have a high impact on the internal market for the purposes of the high-impact-capabilities assessment. Providers nearing the threshold should track EU-business-user count as a compliance-relevant metric, not only as a commercial one.

The Article 52 rebuttal route allows providers meeting the FLOPs threshold to submit arguments that their model does not have systemic risk. The arguments must engage with the Annex XIII criteria. A provider arguing that its 10²⁵-FLOPs model is not in fact high-impact must demonstrate that, on the Annex XIII criteria considered together, the model does not display the capability profile, reach, or impact that the presumption assumes.

The bar is high but not unattainable. tThe Commission has signalled it will entertain serious rebuttal arguments.The Article 52 own-initiative route allows the Commission to designate as systemic risk a model that does not meet the FLOPs threshold but does meet the Annex XIII criteria. This is the safety valve for capability advances that outpace the FLOPs measure. The Scientific Panel under Article 68 can issue qualified alerts under Article 90 triggering Commission consideration of designation.

Providers below the FLOPs threshold are not outside the regime by virtue of that fact alone; they remain assessable against Annex XIII.

The benchmarks and evaluations criterion is the most operationally significant in practice. As of mid-2026 there is no Union-standardised benchmark suite for systemic-risk assessment; the Commission relies on a combination of public benchmark results (MMLU, HumanEval, MATH, ARC-AGI, and others), capability evaluations conducted by the AI Office and the Scientific Panel, and provider-supplied evaluation data under Annex XI Section 2. This is a moving methodological frontier and Annex XIII designations should be tracked against the evolving evaluation toolset.

The modality criterion captures the developing concern over modality-specific risks. Multi-modal models, models with biological sequence inputs and outputs, and models with agentic tool-use capabilities are all flagged as potentially relevant to designation regardless of pure parameter or compute count. The Annex deliberately leaves room for the Commission to factor in modality-specific risk profiles that the FLOPs measure alone does not capture.

A model designated as systemic risk under Annex XIII / Article 51 is subject to the full Section 3 obligations under Article 55: model evaluation under standardised protocols, systemic risk assessment and mitigation, serious incident reporting, and cybersecurity protection. The Annex XIII designation is the gateway to a materially heavier compliance regime, with documentation obligations under Annex XI Section 2 in addition to Section 1, and enforcement under Articles 88 to 94 with fines up to 3% of worldwide turnover or €15 million under Article 101.

Last reviewed: 15 May 2026.