SimpleAct Logo
EU AI Act · Art. 8–15 · Annex III

High Risk AI Checklist under EU AI Act

⚠️ Deadline: August 2, 2026

Do you operate a high-risk AI system under the EU AI Act? This checklist summarizes all obligations from Articles 8 to 15 – from risk management to CE marking.

Start compliance
40+
Checkpoints for high-risk AI
8
EU AI Act articles
2026
Compliance deadline
Art. 9

Risk Management System

  • Written risk management system established
  • Risks identified, analyzed, and evaluated
  • Risk mitigation measures defined
  • Continuous monitoring over entire lifecycle
  • Residual risks after measures evaluated
  • Risk acceptance criteria established
Art. 10

Data and Data Governance

  • Training data checked for suitability
  • Data quality and relevance ensured
  • Datasets examined for biases
  • Data management procedures documented
  • GDPR compliance demonstrated
  • Data sources and provenance documented
Art. 11

Technical Documentation

  • General system description created
  • Purpose and intended use documented
  • Performance metrics and accuracy described
  • Technical specifications per Annex IV fulfilled
  • Description of training processes available
  • Documentation completed before deployment
  • Documentation kept current (for significant changes)
Art. 12

Record-keeping (Logging)

  • Automatic logging of relevant events implemented
  • Logging throughout entire operational period
  • Logs stored securely and protected from manipulation
  • Retention periods for log data defined
Art. 13

Transparency and User Information

  • Operating instructions for operators created
  • Capabilities and limitations of system communicated
  • Impact on fundamental rights communicated
  • Information on human oversight provided
Art. 14

Human Oversight

  • Human oversight measures implemented
  • Stop functions (Human Override) available
  • Oversight personnel sufficiently qualified
  • Processes for intervention and correction defined
Art. 15

Accuracy, Robustness, and Cybersecurity

  • Appropriate accuracy level achieved and documented
  • Robustness against errors and unexpected inputs tested
  • Resilience against adversarial attacks assessed
  • Cybersecurity measures implemented
  • Fallback processes for system failure defined
Art. 16–18

Conformity Assessment & Registration

  • Conformity assessment procedure conducted
  • EU declaration of conformity issued
  • CE marking affixed (where applicable)
  • System registered in EU database (EUID)
  • Contact point for authorities designated

Frequently Asked Questions

Does this checklist apply to all high-risk AI systems?

Yes, all AI systems listed in Annex III as well as AI as safety components in products under EU directives are subject to these obligations.

Who must fulfill the checklist – provider or operator?

Most obligations (Art. 8–15) fall on the provider. As an operator you have additional obligations under Art. 26, particularly monitoring and reporting obligations.

What happens with missing documentation?

Authorities can deny market access or take the system out of operation. Fines of up to €15M or 3% of annual turnover are possible.

Complete All Items with SimpleAct

SimpleAct digitalizes this checklist: structured documentation, automatic verification, and exportable audit reports for authorities and certification bodies.

Start compliance

Related Topics

EU AI Act ComplianceAI Risk ClassificationAI Inventory TemplateAI Act Documentation
Arturs Nikitins
Hochrisiko-KI Checkliste – EU AI Act Pflichten für High-Risk AI | SimpleAct | SimpleAct