EU AI Act
Compliance Obligations
Structured overview of obligations by actor and risk tier
High-Risk AI Systems
9
obligations
Transparency Obligations
3
obligations
General-Purpose AI Models
6
obligations
High-Risk AI Systems
9 obligations| # | Obligation | Who | Deadline | Articles |
|---|---|---|---|---|
| 1 | Register high-risk AI system in EU database | Provider | Before placing on market | |
| 2 | Conduct conformity assessment and draw up EU declaration of conformity | Provider | Before placing on market | |
| 3 | Establish quality management system (QMS) | Provider | Before placing on market | |
| 4 | Create and maintain technical documentation | Provider | Ongoing | |
| 5 | Implement post-market monitoring system | Provider | After placing on market | |
| 6 | Conduct fundamental rights impact assessment (FRIA) | Deployer (public bodies and certain private operators) | Before deployment | |
| 7 | Implement human oversight measures | Deployer | During deployment | |
| 8 | Inform workers/their representatives about AI use | Deployer | Before deployment | |
| 9 | Notify serious incidents and malfunctions to authorities | Provider | Within 15 days |
Transparency Obligations
3 obligationsGeneral-Purpose AI Models
6 obligations| # | Obligation | Who | Deadline | Articles |
|---|---|---|---|---|
| 1 | Maintain technical documentation (Annex XI) | GPAI Provider | Ongoing | |
| 2 | Publish training data summary | GPAI Provider | Before making model available | |
| 3 | Implement copyright compliance policy | GPAI Provider | Ongoing | |
| 4 | Conduct adversarial testing (red-teaming) for systemic risks | GPAI Provider (systemic risk) | Before and after release | |
| 5 | Report serious incidents to AI Office | GPAI Provider (systemic risk) | Without undue delay | |
| 6 | Ensure adequate cybersecurity for model and infrastructure | GPAI Provider (systemic risk) | Ongoing |
This overview is for informational purposes only. Always consult the official EUR-Lex text and qualified legal counsel for compliance decisions.