If your AI system falls under Annex III of the EU AI Act — covering hiring, credit scoring, biometric identification, education, law enforcement, and several other high-risk categories — you are legally required to produce technical documentation before placing your system on the EU market. This is not optional. Per the Digital Omnibus provisional agreement (May 7, 2026), the enforcement deadline for standalone Annex III systems is December 2, 2027.
The documentation requirement lives in Article 11, with the exact content requirements specified in Annex IV. Most engineering teams, when they first read Annex IV, underestimate what's involved. This guide walks through every section, what it actually requires, and how long it takes to produce properly.
Not sure if your system is high-risk? Take the 5-minute risk classification quiz first. If your system qualifies for the Article 6(3) non-high-risk exemption, you need the $49 Exemption Memo — not this one.
Article 11(1) of Regulation (EU) 2024/1689 states that providers of high-risk AI systems shall draw up technical documentation before the system is placed on the market or put into service. This documentation must be kept up-to-date throughout the system's lifecycle and made available to national competent authorities and notified bodies on request.
The documentation is not a one-time filing — it is a living record. Every time you retrain your model on new data, change the system's intended purpose, or update its architecture in a material way, the technical documentation must be updated to reflect the change. Article 18 requires you to retain documentation for 10 years after the system is placed on the market.
Annex IV specifies exactly what technical documentation must contain. There are nine primary sections, though several have multiple subsections that add significant depth.
This section covers the system's intended purpose, the natural persons or categories of persons it is intended to be used on, and how it interacts with hardware or software it is not part of. You must also describe the version of software or firmware and any updates planned. Regulators use this section to establish the scope of everything that follows — vague or generic descriptions will invite scrutiny.
This is the most technically demanding section. It must include a general description of the architecture, the design choices made and their rationale, the main classification choices, the computational resources used, and the data requirements. For deep learning systems, this section needs to describe the architecture in enough detail that a technically competent regulator can assess the design decisions.
This section covers the system's capabilities and limitations, including the foreseeable circumstances under which the system may fail or perform in ways that create risks. You must describe the level of accuracy, robustness and cybersecurity the system achieves, and reference the metrics and thresholds used to measure these properties. Vague statements like "high accuracy" are insufficient — regulators expect specific metrics such as F1 scores, precision, recall, and fairness measures.
Section 4 requires you to justify why the metrics you chose in Section 3 are appropriate for your system's intended purpose and risk profile. For a hiring system, for example, you must explain why demographic parity or equalised odds was chosen as the fairness metric, and what threshold was set for minimum acceptable performance.
This is the data governance section. It must cover the datasets used for training, validation and testing — including their provenance, collection methodology, cleaning procedures, labelling procedures, and bias mitigation steps. Article 10 of the EU AI Act imposes detailed data governance requirements that feed directly into this section. If you used synthetic data, you must describe its generation methodology and how it was validated against real-world distributions.
Article 9 requires providers to implement a risk management system. Section 6 of the technical documentation must describe that system — including the risk identification methodology, the residual risks after mitigation, and how the system was tested against those residual risks. This is not a theoretical risk register; it must document the specific tests performed and their outcomes.
Any changes to the system that were made during development and any planned updates must be documented here. For systems that have gone through multiple training iterations, each iteration that materially changed the system's behaviour must be logged. This section is where the "lifecycle" obligation of Article 11 becomes concrete — it must be updated every time a material change occurs post-deployment.
If you applied harmonised standards — such as ISO/IEC 42001 (AI Management System) or CEN/CENELEC standards published under the AI Act — they must be listed here with their reference numbers. If no harmonised standards were applied, you must state this explicitly and describe the alternative solutions adopted to meet the essential requirements under Annex IV, section 7.
A copy of the Article 47 Declaration of Conformity must be appended to the technical documentation. This is the formal self-certification statement. It cannot be a generic template — it must reference the specific AI system by name, version, and intended purpose, and be signed by an authorised representative of the provider.
Based on the scope of Annex IV, a realistic estimate for a competent engineering and legal team producing the documentation manually is 40–120 hours of work. This breaks down roughly as:
At a blended engineer and legal rate of €150/hour, this is a €6,000–€18,000 internal cost — before external legal review. Engaging a specialist EU AI Act consultancy for a complete documentation package typically costs €30,000–€60,000 for the initial set, plus €15,000–€25,000 annually for updates.
Before you can write any section of the technical documentation, you need to have the following information documented internally:
If any of these are unknown or undocumented in your organisation, the documentation process will surface those gaps — which is, in part, the regulation's intent.
Rather than producing the nine Annex IV sections manually, the EU AI Act Compliance Pack Generator takes your system details as structured inputs and generates all three required documents — Article 11 Technical Documentation, Article 13 Instructions for Use, and Article 47 Declaration of Conformity — as professionally formatted PDFs, delivered in a single ZIP download.
The generation engine uses Claude Opus with prompts engineered against the actual text of Regulation (EU) 2024/1689, mapping every Annex IV subsection to a structured output. Every generated section includes a review label reminding you to verify it with qualified legal counsel before submission to any regulatory authority. The output is a documentation draft structured for compliance — not a final filing.
The complete pack is $197 one-time. No account required. No subscription. You answer approximately 15 questions about your system, pay once, and download the ZIP. If your system later changes materially, you regenerate — for most providers, a single well-documented version covers the December 2, 2027 compliance window.
All 9 Annex IV sections, Article 13 Instructions for Use, and Article 47 Declaration of Conformity — professional PDFs, instant ZIP download.
Generate My Compliance Pack — $197 →One-time fee. No account. No subscription. Art. 11/13/47 deadline: December 2, 2027.
No — you are not required to proactively submit it. You must have it ready to provide to national competent authorities or notified bodies upon request. However, for certain conformity assessment procedures under Article 43, you may need to provide it to a notified body as part of the assessment process.
Yes. Article 11 does not require the documentation to be produced by a third party. However, the regulation expects the documentation to be technically accurate and complete — regulators reviewing it will be assessing whether it genuinely reflects the system's design and operation. Using a generator tool to produce a structured draft, then reviewing it with a qualified compliance professional, is a reasonable approach for SMEs.
Supplying incorrect, incomplete, or misleading information to notified bodies or authorities triggers the third fine tier under Article 99 — up to €7.5 million or 1% of global annual turnover. Non-compliance with technical documentation requirements (missing or inadequate documentation) triggers the second tier: €15 million or 3% of global annual turnover.
Per the Digital Omnibus provisional agreement (May 7, 2026, EU Council + Parliament): standalone Annex III high-risk AI systems have until December 2, 2027. AI systems that are safety components of products under Annex I — such as medical devices, machinery, and toys — have until August 2, 2028. Article 50 transparency obligations (chatbots, AI-generated content disclosure) apply from August 2, 2026 — this deadline was not changed by the Omnibus. The fines under Article 99 are unchanged.
Continue reading
Deadline: August 2, 2026
If your product has a chatbot or generates AI content for EU users, Article 50 applies — separately from the high-risk documentation requirements. Generate your compliance record for $39.
Generate Article 50 Compliance Record — $39 →