EU AI Act Overview
The EU AI Act is a landmark regulation that establishes a common regulatory and legal framework for AI in the European Union. Prohibited practices have applied since February 2025 and GPAI model obligations since August 2025. Under the Digital Omnibus adopted by the EU Parliament and Council in June 2026, high-risk obligations for Annex III systems were deferred to December 2, 2027 and for Annex I embedded products to August 2, 2028, while Article 50 transparency obligations still apply from August 2, 2026. Systems already on the market before that date have until December 2, 2026 to comply with the synthetic-content marking duty.
Key Provisions
Key provisions and requirements of EU AI Act.
Article 9
Risk Management System
Requires high-risk AI systems to have a risk management system throughout their lifecycle.
Key Requirements
- Identification and analysis of potential risks to health, safety, or rights
- Estimation and evaluation of risks
- Adoption of risk management measures
- Consideration of vulnerable groups
Article 10
Data and Data Governance
High-risk AI systems must be developed using high-quality data sets for training, validation and testing.
Key Requirements
- Data collection process consideration
- Management of potential bias and data gaps
- Ensuring relevance, representativeness and accuracy
- Contextual consideration of usage
Article 11
Technical Documentation
Detailed technical documentation must be prepared and kept up-to-date before launching high-risk systems.
Key Requirements
- Demonstrating that the AI system fulfills legal requirements
- Providing clear information for compliance verification by authorities
- Inclusion of key system elements
- Simplified forms for SMEs
Article 12
Record-Keeping
High-risk AI systems must be capable of automatically recording events throughout their lifetime.
Key Requirements
- Ensuring traceability of system operations
- Recording periods of use, databases checked and matched data
- Identifying who verified the results
- Ensuring accountability and safety
Article 13
Transparency and Provision of Information to Deployers
High-risk AI systems must be designed transparently so that users can properly understand and use them.
Key Requirements
- Providing clear instructions for use
- Explaining system capabilities and limitations
- Describing potential risks
- Explaining how to interpret outputs
Article 14
Human Oversight
High-risk AI systems must be designed so that humans can oversee them effectively.
Key Requirements
- Preventing or minimizing risks to health, safety or fundamental rights
- Understanding system capabilities and limitations
- Detecting and addressing issues
- Preventing overreliance on the system
Article 15
Accuracy, Robustness and Cybersecurity
High-risk AI systems must be designed to be accurate, robust and secure.
Key Requirements
- Consistent performance throughout the lifecycle
- Resilience against errors and faults
- Backup plans in place
- Reducing the risk of biased outputs
- Preventing exploitation of vulnerabilities by unauthorized third parties
Article 16
Obligations of Providers of High-Risk AI Systems
Companies that provide high-risk AI systems must follow specific rules.
Key Requirements
- Ensuring the AI system meets the required standards
- Displaying contact information on the product
- Maintaining a quality management system
- Verifying regulatory compliance
- Affixing the CE marking
Article 17
Quality Management System
Providers of high-risk AI systems must put a quality management system in place.
Key Requirements
- Regulatory compliance strategy
- Design and development procedures
- Testing and validation processes
- Technical specifications
- Data management systems
- Risk management
- Post-market monitoring
- Incident reporting
- Accountability framework