EU AI Act implementation checklist for providers and deployers

Article 3 defines four operator roles, and the same organisation can hold more than one. A provider develops an AI system or has it developed and places it on the market or puts it into service under its own name. A deployer uses an AI system under its authority in a professional context. An importer places on the EU market a system bearing the name of a non-EU provider. A distributor makes a system available without affecting its properties [1].

Crucially, a deployer who substantially modifies a high-risk system, rebrands it, or changes its intended purpose becomes a provider for the modified system under Article 25. Map every AI system in your portfolio against these four roles before doing anything else, because the rest of the checklist depends on the answer.

The Act splits AI systems into four risk tiers. Prohibited practices under Article 5 include subliminal manipulation, exploitation of vulnerable groups, social scoring by public authorities, untargeted scraping of facial images, biometric categorisation by sensitive attributes, real-time remote biometric identification in public spaces (with narrow law-enforcement exceptions) and emotion recognition in workplaces and education [1]. High-risk systems are defined by Article 6 and Annex III, covering eight categories: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential public and private services (including credit scoring), law enforcement, migration and border control, and administration of justice and democratic processes. Limited-risk systems trigger Article 50 transparency duties (chatbots, deepfakes, AI-generated content). Minimal-risk systems carry no specific Act obligations beyond voluntary codes of conduct.

Document the classification decision per system, with the reasoning. The European Commission AI Office is publishing classification guidance, and that document is the authoritative reference, not vendor marketing materials [2].

For every high-risk system, Article 9 requires a written, continuous and iterative risk management system that runs across the entire lifecycle. It must identify and analyse foreseeable risks to health, safety and fundamental rights, estimate and evaluate risks that may emerge in intended use and reasonably foreseeable misuse, evaluate other risks based on post-market monitoring data, and adopt suitable risk management measures.

The RMS document is not a one-off deliverable. It is reviewed and updated systematically, and testing must verify that the chosen measures work in the relevant operational context. Treat it as a living artefact owned by a named accountable person.

Training, validation and testing data must be relevant, sufficiently representative, free of errors and complete in view of the intended purpose. Article 10 requires documented data-governance practices covering: design choices, data collection processes, data preparation operations (annotation, labelling, cleaning, enrichment, aggregation), formulation of assumptions, prior assessment of availability, examination for biases likely to affect health, safety or fundamental rights, and identification of relevant data gaps with mitigation measures.

Where strictly necessary, processing of special categories of personal data is permitted under Article 10(5) to detect and correct bias, with appropriate safeguards. Document every choice; the conformity assessment will not pass without it.

Technical documentation must be drawn up before the system is placed on the market and kept up to date. Annex IV sets out the minimum content: a general description of the system, detailed design and architecture, monitoring and control, validation and test data and procedures, evaluation results including metrics and known limitations, cybersecurity measures, change management procedures, and the EU declaration of conformity.

SMEs and start-ups can use a simplified Annex IV-bis form provided by the AI Office, but the underlying obligations are unchanged. Keep the documentation in a form that the national competent authority can request and read on demand.

High-risk systems must automatically record events ("logs") over their lifetime to a degree appropriate to their intended purpose. Logs must allow identification of situations that may result in the system presenting a risk under Article 79, facilitate post-market monitoring, and enable the deployer's monitoring under Article 26. Article 12(3) imposes specific minimum logging on remote biometric identification systems (period of use, reference database, input data, identifying personnel).

Define a retention period proportionate to the intended purpose and at least six months unless other Union or national law provides differently.

High-risk systems must be designed so deployers can interpret outputs and use them appropriately. They must be accompanied by concise, complete, correct and clear instructions for use that include: the provider's identity, the system's characteristics and intended purpose, level of accuracy and robustness, foreseeable circumstances that may lead to risks, technical capabilities and characteristics relevant to the explanation of outputs, performance regarding specific persons or groups, input-data specifications, human-oversight measures, expected lifetime, and necessary maintenance.

For limited-risk systems, Article 50 imposes additional transparency duties: users must be informed they are interacting with an AI system, AI-generated synthetic content must be machine-readable as such, deepfakes must be disclosed.

High-risk systems must be designed to be effectively overseen by natural persons during use. Oversight measures must allow the assigned person to: understand the relevant capacities and limitations of the system, remain aware of automation bias, correctly interpret output, decide not to use the system or otherwise disregard, override or reverse output, and intervene to interrupt operation through a stop button or similar procedure.

For remote biometric identification under Annex III(1)(a), no action or decision can be taken on the basis of identification unless verified and confirmed by at least two natural persons with the necessary competence, training and authority.

Article 15 requires that high-risk systems achieve, in the light of their intended purpose, an appropriate level of accuracy, robustness and cybersecurity, and that they perform consistently throughout their lifecycle. Accuracy levels and relevant metrics must be declared in the instructions for use.

Robustness must address feedback loops, errors and inconsistencies. Cybersecurity must be resilient to attempts to alter use, behaviour or performance, including data poisoning, model poisoning, adversarial examples, model evasion and confidentiality attacks. The AI Office is co-developing technical specifications with ENISA [3].

Before placing a high-risk system on the market, the provider must complete a conformity assessment. Most Annex III systems can use internal control under Annex VI. Annex III(1) biometric systems must use the notified-body procedure under Annex VII unless the provider has applied harmonised standards. Successful assessment results in: an EU declaration of conformity (Article 47), affixing of the CE marking (Article 48), and registration of the system in the EU database (Article 49) before being placed on service. Public-authority deployers also register their use under Article 49(1a).

Provider obligations are set out in Articles 16 to 26 and cover quality management, document keeping, automatically generated log keeping, corrective actions, cooperation with authorities and accessibility.

Providers must establish a documented post-market monitoring system proportionate to the nature of the AI technologies and the high-risk system's risks. The plan is part of the technical documentation. Data is actively and systematically collected, documented and analysed throughout the system's lifetime, and the provider evaluates continued compliance with the Act's requirements.

Article 73 requires reporting of serious incidents to the market surveillance authority of the Member State where the incident occurred, immediately after the provider has established a causal link or reasonable likelihood of one, and not later than 15 days after becoming aware. Death or serious harm triggers a 10-day deadline. Widespread infringement or critical-infrastructure disruption triggers a 2-day deadline.

Before deploying a high-risk system listed in Annex III (with limited exceptions), bodies governed by public law and private operators providing public services, plus deployers of credit-scoring or life and health insurance risk-assessment systems, must perform a Fundamental Rights Impact Assessment. The FRIA must describe: the deployment process, the period and frequency of use, categories of natural persons likely to be affected, specific harms reasonably likely to result, the human-oversight measures, and the measures to be taken if those risks materialise.

The FRIA result is notified to the market surveillance authority via a template the AI Office publishes. A new FRIA is required if any element changes materially.

• 1 August 2024 - Regulation enters into force.
• 2 February 2025 - Article 5 prohibited practices apply, AI literacy duty (Article 4) applies to providers and deployers.
• 2 August 2025 - General-purpose AI model obligations (Articles 51-55), governance structure, penalties, notifying authorities and notified bodies framework apply.
• 2 August 2026 - Bulk of obligations apply, including Article 6(2) and Annex III high-risk systems, Article 26 deployer obligations, Article 27 FRIA, Article 49 EU database registration.
• 2 August 2027 - Obligations apply to high-risk AI systems that are safety components of products covered by Annex I sectoral legislation.

Sanctions are tiered. Non-compliance with the Article 5 prohibitions carries fines up to EUR 35 million or 7% of total worldwide annual turnover, whichever is higher. Non-compliance with most other operator obligations (Articles 16-26 for providers, Article 26 for deployers, Articles 31, 33, 34 for notified bodies) carries fines up to EUR 15 million or 3% of turnover. Supplying incorrect, incomplete or misleading information to authorities carries fines up to EUR 7.5 million or 1% of turnover. SME and start-up caps are calculated against the lower of the two figures.

General-purpose AI model providers face a separate regime under Article 101 with caps of EUR 15 million or 3% of turnover.