EU AI Act · Annex IV · Art. 11
EU AI Act Documentation – Complete Guide
The EU AI Act requires providers of high-risk AI to maintain complete technical documentation per Annex IV. This guide shows which documents you need – and how to create them systematically.
Documentation Requirements by Risk Class
High Risk
- Full technical documentation (Annex IV)
- Risk management system documentation
- Quality management system documentation
- EU declaration of conformity
- Operating manual for operators
- Logs and monitoring reports
- Conformity assessment report
Limited Risk
- Documentation of transparency measures
- User information (that AI is being used)
- Labeling of AI-generated content
Minimal Risk
- Internal inventory recommended
- Voluntary codes of conduct may be applied
Annex IV: Contents of Technical Documentation
1
General Description
- Name, version, and description of system
- Purpose and intended use
- Geographic scope
- Interaction with hardware and software
2
System Elements Description
- Methods and procedures for training and validation
- Design specifications and general logic
- Optimization objective and relevance criteria
- System architecture description
3
Training Data Information
- Description of training datasets
- Data preparation procedures
- Bias detection measures
- Data quality criteria
4
Validation and Testing
- Validation protocols and test results
- Performance evaluation metrics
- Test dataset specifications
- Documentation of test scenarios
5
Cybersecurity
- Security measures and protocols
- Known vulnerabilities and countermeasures
- Security test results
6
Lifecycle Documentation
- Version management and change history
- Post-market monitoring plan
- Process for significant changes
Documentation in 5 Steps
1
Identify AI System
Define the system, its purpose, affected persons, and deployment scope.
2
Classify Risk
Classify the system under EU AI Act. Only high-risk systems require full documentation per Annex IV.
3
Build Documentation
Create all documents per Annex IV – systematically, structured, and audit-ready.
4
Assess Conformity
Conduct the conformity assessment (internally or by third parties) and issue the EU declaration of conformity.
5
Maintain & Update
Keep documentation current with significant changes. Continuously add logs and monitoring reports.
Record Retention Requirements
| Technical documentation | 10 years after deployment or distribution |
| EU declaration of conformity | 10 years after deployment or distribution |
| Log files (operators) | At least 6 months |
| Market surveillance reports | At least 5 years |
Frequently Asked Questions
Do I as an operator also need to document?
Yes. Operators must retain log data under Art. 26, document significant changes, and report serious incidents.
In which language must the documentation be?
Documentation must be in the official language of the EU member state in which the system is deployed or made available.
Does Annex IV apply to purchased AI systems?
The obligation to create it lies with the provider. As an operator you must ensure the documentation exists and is available to you when needed.
AI Documentation with SimpleAct
SimpleAct guides you through all EU AI Act documentation requirements – with guided workflows, automatically populated templates, and export as audit-ready PDF reports.
Start documentation now