EU AI Act: Obligations for High-Risk AI Systems in Practice

Regulation (EU) 2024/1689, the European Artificial Intelligence Act, entered into force on 1 August 2024 and applies in full to high-risk AI systems from 2 August 2026 under Art. 113. The text lists twelve cumulative obligations for providers in Articles 8 to 17 and adds further duties for deployers in Article 26 and for fundamental-rights impact assessments in Article 27. The Act references EUR 35 million or 7 percent of global annual turnover as the upper fine bracket for prohibited practices under Art. 99 and EUR 15 million or 3 percent for breaches concerning high-risk systems. Market surveillance authorities are designated under Art. 70 and have the power to order corrective action, withdrawal, or recall.

This article is written for compliance officers, product leaders, and works councils that must operationalise these duties before the deadline. You will learn how Annex III classification works, which technical documentation Annex IV mandates, what a risk management system under Art. 9 must contain, how human oversight under Art. 14 is designed, and what the conformity assessment route under Art. 43 looks like in practice. CIVAC operates as a Compliance-Plattform und Officer-as-a-Service: you can license the workspace for your internal officers, or you can mandate our officers to take the role. Either way, the obligations under the AI Act become traceable artefacts in a single ledger rather than scattered spreadsheets across product, legal, and engineering teams.

Article 6 of Regulation (EU) 2024/1689 defines two routes into the high-risk category. Route one under Art. 6(1) covers AI systems that are themselves a safety component of a product, or are a product, covered by the Union harmonisation legislation listed in Annex I. Examples include medical devices under Regulation (EU) 2017/745, machinery under Regulation (EU) 2023/1230, in-vitro diagnostics under Regulation (EU) 2017/746, lifts under Directive 2014/33/EU, and toys under Directive 2009/48/EC. Route two under Art. 6(2) covers stand-alone systems in the eight domains of Annex III: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services, law enforcement, migration and border control, and administration of justice and democratic processes.

The classification exercise has three pitfalls. First, the derogation in Art. 6(3) lets providers self-declare that an Annex III system does not pose a significant risk, but this declaration must be documented, registered in the EU database under Art. 49, and remains subject to challenge by market surveillance authorities. Second, general-purpose AI models with systemic risk under Art. 51 carry separate obligations under Chapter V even when not deployed in a high-risk context. Third, downstream modifications by deployers can turn the deployer into a provider under Art. 25(1)(c), shifting the full obligation set. CIVAC tracks the classification decision, the derogation rationale where applied, and the Annex IV documentation in the same workspace used for ISO/IEC 27001:2022 evidence, so the audit trail is consistent. See the compliance officer role page for how this duty is allocated internally.

Article 9 requires a continuous, iterative risk management system that runs across the entire lifecycle of a high-risk AI system. It is not a one-time document and it is not a tick-box exercise. The mandatory steps are: identification and analysis of known and reasonably foreseeable risks that the system can pose to health, safety, or fundamental rights when used in accordance with its intended purpose; estimation and evaluation of risks emerging from intended use and from reasonably foreseeable misuse; evaluation of other risks possibly arising from post-market monitoring data collected under Art. 72; and adoption of appropriate and targeted risk management measures designed to address the risks identified. Residual risks must be judged acceptable when balanced against the intended purpose and communicated to the deployer.

The practical artefacts that auditors and notified bodies expect are a risk register that maps each identified hazard to a control, a test report documenting validation against the specified accuracy, robustness, and cybersecurity targets under Art. 15, and a decision log for residual risk acceptance signed at the level of senior management. For systems deployed in healthcare, education, or recruitment, the risk register must explicitly consider impact on minors, vulnerable groups, and protected characteristics under Union non-discrimination law. CIVAC supplies a risk register template aligned with the ISO/IEC 23894:2023 guidance on AI risk management, pre-mapped to the 93 controls of ISO/IEC 27001:2022 Annex A, and exportable as a Bestellurkunde with the signature of the responsible officer attached. Bestellurkunde, unterschrieben, abgelegt, belegbar. The same template feeds the post-market monitoring loop, closing the cycle Article 9 requires.

Article 10 sets data quality criteria for training, validation, and testing data sets used by high-risk AI systems. Data sets must be relevant, sufficiently representative, and to the best extent possible free of errors and complete in view of the intended purpose. They must have the appropriate statistical properties, including, where applicable, as regards the persons or groups of persons in relation to whom the high-risk AI system is intended to be used. The article requires examination for possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights, or lead to discrimination prohibited under Union law, in particular when data outputs influence inputs for future operations.

Where strictly necessary for the purposes of ensuring bias detection and correction, providers of high-risk AI systems may exceptionally process special categories of personal data under Art. 9(2)(g) GDPR, subject to technical limitations on re-use and state-of-the-art security and privacy-preserving measures. Operationally this means three deliverables. First, a data sheet per data set covering provenance, collection method, scope, characteristics, labelling, and pre-processing steps. Second, a bias assessment report listing the protected characteristics examined, the methods used, the results, and the corrective measures applied. Third, a data governance policy approved at board level. The Bundesamt für Sicherheit in der Informationstechnik (BSI) and the European Data Protection Board have both signalled that data sheets will be a primary inspection target. CIVAC links each data sheet to the corresponding DPIA under Art. 35 GDPR, so that data protection and AI Act evidence are joined rather than parallel. The data protection officer role remains in scope where personal data is processed.

Annex IV lists the contents of the technical documentation that must be drawn up before the system is placed on the market and kept up to date. The list runs from a general description of the AI system, through detailed information on the elements of the AI system and the process for its development, to a description of the post-market monitoring plan. Specific entries cover the methods and steps performed for the development, the design specifications of the system, the system architecture, the data sheets describing the training methodologies and techniques, the data sets used, the human oversight measures, and pre-determined changes to the system and its performance. For SMEs and start-ups, Art. 11(1) permits a simplified format published by the Commission. The documentation must remain available to national competent authorities for ten years after the system has been placed on the market under Art. 18.

Article 12 requires automatic recording of events, that is logs, over the lifetime of the system. Logs must enable identification of situations that may result in the AI system presenting a risk under Art. 79(1), facilitate post-market monitoring under Art. 72, and monitor the operation of remote biometric identification systems. Article 13 adds a transparency duty: systems must be sufficiently transparent to enable deployers to interpret outputs and use them appropriately, supported by instructions for use that cover identity of the provider, characteristics, capabilities, limitations, performance regarding specific groups, and human oversight measures. CIVAC stores these artefacts in the same workspace as NIS-2 and ISO 27001 evidence, with a single retention clock and audit-ready exports. Der Prüfer ruft an, der Nachweis liegt bereit.

Article 14 requires high-risk AI systems to be designed and developed in such a way that they can be effectively overseen by natural persons during the period they are in use. Oversight measures must be commensurate with the risks, level of autonomy, and context of use. The article lists the minimum capabilities that human overseers must be able to exercise: properly understand the relevant capacities and limitations of the system and duly monitor its operation; remain aware of the possible tendency of automatically relying on output, the so-called automation bias, in particular for systems used to provide information or recommendations for decisions to be taken by natural persons; correctly interpret the outputs of the system; decide, in any particular situation, not to use the system or otherwise disregard, override, or reverse the output; and intervene in the operation of the system or interrupt it through a stop button or similar procedure that allows the system to halt in a safe state.

For remote biometric identification systems in real time used for law enforcement, Art. 14(5) adds a four-eyes principle: no action or decision may be taken on the basis of the identification unless that identification has been separately verified and confirmed by at least two natural persons with the necessary competence, training, and authority. Operationally, providers must produce role descriptions for overseers, training records, and a procedure for handling override events. CIVAC ties these records to the personnel files maintained for ISO/IEC 27001:2022 control A.6 and produces evidence of training completion on demand. Lizenzieren Sie den Workspace für Ihre internen Beauftragten oder lassen Sie unsere Beauftragten bestellen.

Article 43 sets out two conformity assessment routes for high-risk AI systems. Annex III systems other than those in point 1 (biometrics) follow the internal control procedure of Annex VI (module A): the provider verifies that the quality management system under Art. 17, the technical documentation, and the design and development process conform to the requirements of Title III, Chapter 2. For Annex III point 1 biometric systems, the provider chooses between Annex VI and the Annex VII procedure (assessment of the quality management system and the technical documentation, requiring a notified body designated under Art. 28). For high-risk AI systems covered by Annex I Union harmonisation legislation, the AI Act requirements are integrated into the existing sectoral conformity assessment, for example the MDR or the Machinery Regulation procedure, so no parallel CE process is created.

After successful assessment, the provider draws up an EU declaration of conformity under Art. 47 stating that the high-risk AI system meets the requirements of Title III, Chapter 2, affixes the CE marking under Art. 48 visibly, legibly, and indelibly, and registers the system in the EU database under Art. 49 before placing it on the market or putting it into service. The declaration must be kept at the disposal of national competent authorities for ten years. Notified bodies are designated by Member States under Art. 28 and listed in the NANDO database, with the first wave of designations expected through 2026. CIVAC tracks the declaration text, the CE evidence file, and the registration receipt in one location so that market surveillance requests under Art. 74 can be answered within the statutory deadlines.

Deployers, that is natural or legal persons using a high-risk AI system under their authority, have their own set of duties under Art. 26 and, for certain use cases, under Art. 27. They must take appropriate technical and organisational measures to ensure they use the system in accordance with the instructions for use accompanying it, assign human oversight to natural persons who have the necessary competence, training, and authority as well as the necessary support, ensure that input data is relevant and sufficiently representative in view of the intended purpose of the high-risk AI system, monitor the operation of the high-risk AI system on the basis of the instructions for use, keep the logs automatically generated by the system for a period appropriate to the intended purpose and at least six months, and inform workers and their representatives before putting the system into service in the workplace under Art. 26(7).

Where the deployer is a public authority or a body governed by public law, or a private operator providing public services, and in the cases listed in Annex III points 5(b) and 5(c) covering creditworthiness and life or health insurance pricing, Art. 27 requires a fundamental rights impact assessment, the FRIA, before the first use. The FRIA describes processes, period and frequency of use, categories of natural persons likely to be affected, specific risks of harm, measures of human oversight, and measures to be taken in case of materialisation of risks. The output is notified to the market surveillance authority. CIVAC provides a FRIA template aligned with the EDPB guidance on DPIAs so that deployers in regulated sectors can complete both assessments in one workflow.

Article 72 requires providers to establish and document a post-market monitoring system proportionate to the nature of the AI technologies and the risks of the high-risk AI system. The system actively and systematically collects, documents, and analyses relevant data on the performance of high-risk AI systems throughout their lifetime, which may be provided by deployers or which may be collected through other sources. The analysis allows the provider to continuously evaluate compliance with the requirements of Title III, Chapter 2 and to identify any need for immediate corrective or preventive actions. The plan must be part of the technical documentation under Annex IV and follow the template the Commission will adopt under Art. 72(3).

Article 73 governs serious incident reporting. Providers must report serious incidents, defined in Art. 3(49) as incidents or malfunctions leading to death or serious damage to health, serious and irreversible disruption of critical infrastructure, infringement of fundamental rights, or serious damage to property or the environment, to the market surveillance authority of the Member State where the incident occurred. The reporting deadline is no later than 15 days after the provider becomes aware of the incident, reduced to two days for incidents involving critical infrastructure, and to ten days for events resulting in death. Frist läuft ab Kenntnis. CIVAC integrates the AI Act incident pipeline with the NIS-2 24-hour early warning and 72-hour follow-up channel, the GDPR 72-hour data breach notification under Art. 33, and the ISO 27001 incident management process, so that one event triggers one coordinated response across regulatory regimes.

The twelve provider obligations and four deployer obligations of the AI Act cannot be discharged with a checklist. They require a working operating model: roles assigned, evidence collected, deadlines tracked, and a single source of truth that holds the technical documentation, the risk management records, the logs, the conformity assessment, the EU declaration, the post-market monitoring data, and the incident reports together. CIVAC is built for exactly this. The platform combines a Compliance-Plattform und Officer-as-a-Service with 25 officer roles live, 37 audit-ready templates, 93 controls mapped to ISO/IEC 27001:2022, EU data residency, and the 24-hour and 72-hour reporting paths required by NIS-2 and the AI Act. Each artefact carries an owner, a deadline, and a version history, and the export format matches what notified bodies and market surveillance authorities ask for.

Two delivery models are available. License the workspace for your internal officers, where your compliance, data protection, and information security teams use CIVAC as their single ledger. Or mandate our officers, where CIVAC employees are formally appointed as your external compliance officer, data protection officer, or information security officer, with Bestellurkunde, Berichtslinie, and documented reporting. Both routes leave you with the same artefact: an audit-fest, dokumentiert, paragraph-fest evidence base ready for market surveillance and notified bodies. Andere führen Compliance wie einen Aktenschrank. Wir führen sie wie Software. Aus dem Lesen einen Auftrag machen. Write to info@civac.de or use the contact form. See the FAQ for delivery details and onboarding timelines.