EU AI Act Guide
Free, plain-language explanations of every key article in the EU AI Act. Who it applies to, what you need to do, and when enforcement begins.
All 113 articles and 13 annexes fully covered. The binding text is the consolidated act on EUR-Lex (OJ:L_202401689).
Start here
Three foundational articles that define the framework of the AI Act.
Article 1
Subject matter
What the EU AI Act covers: aims of the Regulation and Article 1(2) harmonised rule areas—prohibitions, high-risk, transparency, GPAI, governance, and innovation support—with examples and links to Articles 2, 3, 5, 6, 50, 51, and 113.
Article 2
Scope
Who and what the EU AI Act covers: Article 2 territorial and actor hooks, partial application (Annex I Section B), exclusions (military, R&D, FOSS, personal use), and links to Articles 1, 3, 5, 6, 50, 51, and 113—with an official-style excerpt.
Article 3
Definitions
EU AI Act Article 3: 68 definitions (AI system, provider, deployer, operator, market terms, conformity, data, biometrics, GPAI, etc.), excerpt (1)–(25) with EUR-Lex for 26–68, FAQ, and links to Articles 1, 2, 5, 6, 50, 51, and 113.
All Articles & Annexes
Article 1: Subject matter
What the EU AI Act covers: aims of the Regulation and Article 1(2) harmonised rule areas—prohibitions, high-risk, transparency, GPAI, governance, and innovation support—with examples and links to Articles 2, 3, 5, 6, 50, 51, and 113.
Article 2: Scope
Who and what the EU AI Act covers: Article 2 territorial and actor hooks, partial application (Annex I Section B), exclusions (military, R&D, FOSS, personal use), and links to Articles 1, 3, 5, 6, 50, 51, and 113—with an official-style excerpt.
Article 3: Definitions
EU AI Act Article 3: 68 definitions (AI system, provider, deployer, operator, market terms, conformity, data, biometrics, GPAI, etc.), excerpt (1)–(25) with EUR-Lex for 26–68, FAQ, and links to Articles 1, 2, 5, 6, 50, 51, and 113.
Article 4: AI literacy
EU AI Act Article 4 explained: AI literacy duties for providers and deployers, link to Article 3(56), examples, checklist, and EUR-Lex excerpt.
Article 5: Prohibited AI Practices
Eight EU AI Act prohibitions (Art. 5(1)(a)–(h)): how they connect to the rest of the Act, red-flag scenarios, (h) safeguards, Article 99 penalties, EUR-Lex excerpt of (a)–(d), and checklist.
Article 6: Classification Rules for High-Risk Systems
Annex I vs Annex III high-risk routes, Article 6(3) carve-outs and profiling, Article 6(4) documentation and Article 49(2) registration, links to Articles 5–7, 49, 72, 97, 113, and EUR-Lex excerpt of Article 6(1)–(3).
Article 7: Amendments to Annex III
Article 7: Commission delegated acts to add, change, or remove Annex III high-risk use-cases; Article 97; criteria in (2)–(3) on EUR-Lex; links to Articles 5, 6, 8, 9, 49, 97, 113 and Annex III.
Article 8: Compliance with the requirements
Article 8: umbrella rule for Chapter III Section 2 high-risk requirements, state of the art, Article 9 risk management, Annex I product-law integration—excerpt of (1)–(2), EUR-Lex, links to Articles 6–15, 43, 113, Annex I and IV.
Article 9: Risk Management System
Article 9: lifecycle risk management for high-risk AI—continuous process, testing metrics, residual risk, post-market feedback; EUR-Lex excerpt of (1)–(2) intro; links to Articles 6–8, 10–11, 72, Annex III–IV.
Article 10: Data and Data Governance
Article 10: training, validation, and testing data governance for high-risk AI—Article 10(2) practices, representativeness, bias, Article 10(5) sensitive data; EUR-Lex excerpt of (1)(3); links to Articles 6–9, 11–12, 15, Annex III–IV.
Article 11: Technical Documentation
Article 11: technical documentation before market, Annex IV minimum, SME simplified form, Article 11(2) Annex I bundles, Article 97 Annex IV updates—excerpt and EUR-Lex; links to Articles 8–10, 12–15, 49, 72, 97, 113.
Article 12: Record-keeping
Article 12: automatic lifetime logs for high-risk AI, traceability for Article 79/72/26(5), Annex III point 1(a) minimum fields, links to Articles 11–14, 72, 79—excerpt (1)–(3) and EUR-Lex.
Article 13: Transparency and provision of information to deployers
Article 13: deployer transparency, instructions for use, minimum IFU content in (3) on EUR-Lex, distinction from Article 50; links to Articles 4, 8, 11–12, 14–16, 26, 50, 113.
Article 14: Human oversight
Article 14: effective human oversight design, commensurate measures, automation bias, stop controls, Annex III point 1(a) two-person verification—excerpt (1)–(3), EUR-Lex for (4)–(5); links to Articles 9, 12–13, 26–27, 113.
Article 15: Accuracy, robustness and cybersecurity
Article 15: appropriate accuracy, robustness, cybersecurity, IFU metric declarations, Commission benchmarks, feedback loops and AI-specific threats—excerpt (1)–(3), EUR-Lex; links to Articles 8–14, 16, 113.
Article 16: Obligations of Providers of High-Risk AI Systems
EU AI Act Article 16: master obligation list for high-risk AI providers—routing table to Articles 9–15, 17, 43, 47–49, 72, examples, compliance checklist, and FAQ.
Article 17: Quality Management System for High-Risk AI
EU AI Act Article 17: quality management system for high-risk AI providers—12 required elements, sectoral QMS integration, proportionality for SMEs, conformity assessment link, and checklist.
Article 18: Documentation Keeping
EU AI Act Article 18: 10-year documentation retention for high-risk AI—technical docs, QMS records, logs, EU declaration, and compliance checklist.
Article 19: Automatically Generated Logs
EU AI Act Article 19: log retention for high-risk AI—6-month minimum, purpose-appropriate periods, GDPR coordination, and checklist.
Article 20: Corrective Actions and Duty of Information
EU AI Act Article 20: provider corrective action duty—immediate correction, withdrawal, recall, authority notification, and checklist.
Article 21: Cooperation with Competent Authorities
EU AI Act Article 21: provider cooperation duty with authorities—reasoned requests, documentation in EU languages, log access, and checklist.
Article 22: Authorised Representatives for High-Risk AI Providers
EU AI Act Article 22: authorised representative for third-country high-risk AI providers—mandate scope, documentation custody, authority cooperation, and checklist.
Article 23: Obligations of Importers
EU AI Act Article 23: importer gate-keeping duties for high-risk AI—conformity checks, CE marking, documentation, representative verification, and checklist.
Article 24: Obligations of Distributors
EU AI Act Article 24: distributor verification duties for high-risk AI—CE marking, declaration, provider/importer compliance checks, and checklist.
Article 25: Responsibilities Along the AI Value Chain
EU AI Act Article 25: re-qualification as provider—when deployers, distributors, and importers become providers through re-branding, substantial modification, or purpose change. Triggers, implications, and checklist.
Article 26: Obligations of Deployers of High-Risk AI Systems
EU AI Act Article 26: deployer duties for high-risk AI—instructions, human oversight, input data, log retention (6 months), DPIA, FRIA (Article 27), incident reporting (Article 73), EU database, and Article 25 re-qualification as provider. Official excerpt (1)–(3) and EUR-Lex.
Article 27: Fundamental Rights Impact Assessment
When and how to conduct a Fundamental Rights Impact Assessment (FRIA) before deploying high-risk AI systems.
Article 28: Notifying Authorities
EU AI Act Article 28: Member State notifying authorities for conformity assessment body designation.
Article 29: Application for Notification
EU AI Act Article 29: conformity assessment body application process for notified body status.
Article 30: Notified Body Requirements
EU AI Act Article 30: exhaustive requirements for conformity assessment bodies—independence, AI expertise, staff, insurance.
Article 31: Presumption of Conformity for Notified Bodies
EU AI Act Article 31: harmonised standards create presumption of conformity with notified body requirements.
Article 32: Subcontracting by Notified Bodies
EU AI Act Article 32: notified body subcontracting and subsidiary rules—provider consent, Article 30 compliance.
Article 33: Notification to Commission
EU AI Act Article 33: formal notification process via NANDO—Commission and Member State review.
Article 34: Changes to Notifications
EU AI Act Article 34: managing scope changes, suspensions, and withdrawals of notified body notifications.
Article 35: NANDO Identification Numbers
EU AI Act Article 35: Commission assigns identification numbers and publishes notified body lists.
Article 36: Operational Obligations of Notified Bodies
EU AI Act Article 36: day-to-day duties—conformity assessment, corrective actions, certificate management, reporting.
Article 37: Challenge to Notified Body Competence
EU AI Act Article 37: Commission or Member State challenge mechanism for notified body competence.
Article 38: Coordination of Notified Bodies
EU AI Act Article 38: Commission-facilitated coordination group for harmonised conformity assessment.
Article 39: Third-Country Conformity Assessment Bodies
EU AI Act Article 39: third-country body acceptance through mutual recognition agreements.
Article 40: Harmonised Standards
EU AI Act Article 40: presumption of conformity through harmonised standards—CEN/CENELEC AI standards.
Article 41: Common Specifications
EU AI Act Article 41: Commission fallback when harmonised standards are absent—implementing acts, opt-out.
Article 42: Presumption of Conformity with Certain Requirements
EU AI Act Article 42: targeted presumptions—context-appropriate data (Art. 10(4)) and accessibility (Art. 13(2)).
Article 43: Conformity Assessment for High-Risk AI Systems
EU AI Act Article 43: conformity assessment for high-risk AI—internal control (Annex VI) vs notified body (Annex VII), biometric ID exception, integrated product-law assessment, decision tree, and checklist.
Article 44: Certificates Issued by Notified Bodies
EU AI Act Article 44: notified body certificates for high-risk AI—5-year validity, renewal, suspension, withdrawal, and checklist.
Article 45: Information Obligations of Notified Bodies
EU AI Act Article 45: notified body reporting duties—certificate decisions, notifying authority, peer notification, and checklist.
Article 46: Derogation from Conformity Assessment Procedure
EU AI Act Article 46: emergency derogation from conformity assessment—exceptional grounds, temporary deployment, and checklist.
Article 47: EU Declaration of Conformity
EU AI Act Article 47: EU declaration of conformity for high-risk AI—Annex V content, machine-readable format, 10-year retention, translation, dual-regulation, and checklist.
Article 48: CE Marking for High-Risk AI Systems
EU AI Act Article 48: CE marking for high-risk AI—placement rules, digital-only systems, notified body ID, Regulation 765/2008, and compliance checklist.
Article 49: EU Database Registration
Registration requirements for high-risk AI systems in the EU public database — provider and deployer duties, Annex VIII data, and public transparency.
Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems
EU AI Act Article 50: transparency obligations for chatbots (AI interaction disclosure), deepfakes (synthetic media labelling), emotion recognition and biometric categorisation notices—four paragraphs covering providers and deployers, artistic exceptions, official excerpt (1)–(2) and EUR-Lex.
Article 51: Classification of GPAI Models with Systemic Risk
EU AI Act Article 51: when a GPAI model has systemic risk—high-impact capabilities, 10^25 FLOPs compute threshold (Annex XIII), Commission designation, scientific panel alerts, rebuttal rights, and what triggers Articles 55 and Annex XI Section 2. Official excerpt (1)–(2) and EUR-Lex.
Article 52: Procedure for Systemic Risk Classification of GPAI Models
EU AI Act Article 52: procedural rules for systemic-risk classification—provider notification to the AI Office, own-initiative designation, rebuttal rights, publication of the systemic-risk model list, and re-classification. Links to Articles 51, 55, Annex XI Section 2, and Annex XIII.
Article 53: Obligations for Providers of General-Purpose AI Models
EU AI Act Article 53: four baseline GPAI provider obligations—Annex XI technical documentation (1)(a), downstream information / Annex XII (1)(b), copyright compliance policy and TDM opt-outs (1)(c), public training content summary (1)(d). Narrow open-source exception (2). Official excerpt (1)(a)–(d) and EUR-Lex.
Article 54: Authorised Representatives for GPAI Providers
EU AI Act Article 54: authorised representative for third-country GPAI providers—mandate requirements, AI Office cooperation, Annex XI/XII documentation, and checklist.
Article 55: Obligations for Providers of GPAI Models with Systemic Risk
EU AI Act Article 55: four additional obligations for systemic-risk GPAI models—model evaluation, adversarial testing (red teaming), systemic risk mitigation, serious incident reporting, cybersecurity. Codes of practice compliance pathway.
Article 56: Codes of Practice for GPAI Models
EU AI Act Article 56: codes of practice for GPAI model providers—compliance pathway for Articles 53/55, AI Office facilitation, what codes cover, alternative compliance, and harmonised standard hierarchy.
Article 57: AI Regulatory Sandboxes
EU AI Act Article 57: Member States must establish regulatory sandboxes for AI innovation by August 2026.
Article 58: Sandbox Arrangements & Functioning
EU AI Act Article 58: operational details for AI sandboxes—plans, safeguards, exit criteria.
Article 59: Personal Data in AI Sandboxes
EU AI Act Article 59: conditions for personal data processing in sandboxes for public interest AI—strict GDPR safeguards.
Article 60: Real-World Testing of High-Risk AI
EU AI Act Article 60: real-world testing outside sandboxes—testing plans, informed consent, authority approval.
Article 61: Informed Consent for Real-World Testing
EU AI Act Article 61: informed consent requirements for real-world AI testing—freely given, specific, right to withdraw.
Article 62: SME & Start-Up Support Measures
EU AI Act Article 62: Member State obligations for SME/start-up support—sandbox priority, training, reduced fees.
Article 63: Reduced Fines for SMEs & Start-Ups
EU AI Act Article 63: lower penalty caps for SMEs and start-ups—proportionality in enforcement.
Article 64: European AI Board
EU AI Act Article 64: AI Board composition, role, and advisory mandate—Member State coordination.
Article 65: Tasks of the AI Board
EU AI Act Article 65: AI Board tasks—standards advice, enforcement coordination, sandbox best practices.
Article 66: Advisory Forum
EU AI Act Article 66: multi-stakeholder advisory forum—industry, civil society, academia advising Board and Commission.
Article 67: Scientific Panel of Independent Experts
EU AI Act Article 67: independent expert panel for GPAI evaluation, systemic risk, and AI Office technical support.
Article 68: Member State Access to Expert Pool
EU AI Act Article 68: Member States can access Union-level technical expertise for enforcement.
Article 69: AI Office
EU AI Act Article 69: Commission AI Office—GPAI enforcement arm, Board coordination, international cooperation.
Article 70: National Competent Authority Designation
EU AI Act Article 70: Member States designate and resource competent authorities—single point of contact.
Article 71: Commission Guidance
EU AI Act Article 71: Commission non-binding guidance on practical implementation—SME-accessible.
Article 72: Post-Market Monitoring
Requirements for ongoing monitoring of AI system performance and compliance after market placement.
Article 73: Reporting of Serious Incidents
EU AI Act Article 73: serious incident reporting for high-risk AI—2-day and 15-day deadlines, report contents, deployer cooperation, QMS integration, and compliance checklist.
Article 74: Market Surveillance and Control of AI Systems
EU AI Act Article 74: market surveillance framework—authority powers, documentation access, GPAI vs national enforcement, and checklist.
Article 75: Mutual Assistance & GPAI Market Surveillance
EU AI Act Article 75: mutual assistance between authorities and AI Office for GPAI surveillance—cross-border cooperation and checklist.
Article 76: Supervision of Real-World Testing
EU AI Act Article 76: authority supervision of real-world AI testing—testing plan access, observation, suspension powers, and checklist.
Article 77: Powers of Authorities Protecting Fundamental Rights
EU AI Act Article 77: fundamental rights authorities' powers—documentation access, DPA coordination, equality bodies, and checklist.
Article 78: Confidentiality
EU AI Act Article 78: confidentiality obligations—trade secrets, IP protection, source code safeguards, and checklist.
Article 79: National Procedure for AI Systems Presenting a Risk
EU AI Act Article 79: national enforcement for risky AI—corrective action, withdrawal, recall, Commission notification, and checklist.
Article 80: Challenging Non-High-Risk Classification
EU AI Act Article 80: authority procedure to challenge provider non-high-risk classification under Annex III—evaluation, corrective action, and enforcement.
Article 81: Union Safeguard Procedure
EU AI Act Article 81: Union-level review of national enforcement actions—Commission evaluation, cross-border harmonisation.
Article 82: Compliant AI Systems Presenting a Risk
EU AI Act Article 82: 'compliant but risky' safety net—corrective measures for CE-marked systems that still present health, safety, or rights risks.
Article 83: Formal Non-Compliance
EU AI Act Article 83: formal non-compliance procedure—missing CE marking, declaration of conformity, EU database registration, or authorised representative.
Article 84: Union AI Testing Support Structures
EU AI Act Article 84: Commission-designated testing structures providing technical expertise, benchmarks, and support for market surveillance.
Article 85: Right to Explanation of AI Decisions
EU AI Act Article 85: right to clear, meaningful explanation of high-risk AI role in individual decisions—deployer duty, GDPR coordination.
Article 86: Right to Lodge a Complaint
EU AI Act Article 86: right for any person to lodge a complaint with a market surveillance authority about AI Act infringements.
Article 87: Whistleblower Protection
EU AI Act Article 87: whistleblowing channels for AI Act infringements—Directive 2019/1937 protections.
Article 88: National Competent Authorities
EU AI Act Article 88: Member State governance—designating notifying and market surveillance authorities.
Article 89: EDPS Supervision of Union Institutions
EU AI Act Article 89: EDPS as market surveillance authority for EU institutions acting as AI providers/deployers.
Article 90: National Penalty Frameworks
EU AI Act Article 90: Member States lay down effective, proportionate, dissuasive penalty rules.
Article 91: Penalty Calculation Criteria
EU AI Act Article 91: factors for calculating fines—gravity, cooperation, mitigation, previous infringements.
Article 92: Access to Data and Documentation
EU AI Act Article 92: authority access to training data and documentation for enforcement.
Article 93: AI Office Power to Request Measures
EU AI Act Article 93: AI Office enforcement powers over GPAI model providers—requests, deadlines, escalation.
Article 94: Procedural Rights of GPAI Providers
EU AI Act Article 94: due process for GPAI providers—right to be heard, file access, defence rights.
Article 95: Codes of Conduct
Voluntary codes of conduct for minimal-risk AI systems and non-high-risk systems.
Article 96: Right to Effective Judicial Remedy
EU AI Act Article 96: judicial review of market surveillance authority decisions—effective remedy, factual and legal assessment.
Article 97: Exercise of the Delegation
EU AI Act Article 97: delegated acts procedure—Commission powers, Parliament/Council oversight, 2-month objection period, and monitoring checklist.
Article 98: Fines for EU Institutions
EU AI Act Article 98: EDPS-imposed fines on Union institutions—up to EUR 1.5M for prohibited practices, EUR 750K for other infringements.
Article 99: Penalties for AI Act Infringements
EU AI Act Article 99: three fine tiers (EUR 35M/7%, EUR 15M/3%, EUR 7.5M/1%), SME caps, criteria for setting amounts, GDPR parallel enforcement, official excerpt, and compliance checklist.
Article 100: GPAI Model Fines & Penalties
EU AI Act Article 100: AI Office fines for GPAI model providers—up to EUR 15M or 3% turnover for transparency violations, systemic risk non-compliance.
Article 101: Fines for Providers of General-Purpose AI Models
EU AI Act Article 101: dedicated GPAI fine regime—EUR 15M/3% and EUR 7.5M/1% tiers, AI Office enforcement, relationship to Article 99, application from August 2026, and FAQ.
Article 102: Amendment — Aviation Security
EU AI Act Article 102: amends Reg. 300/2008—AI in aviation security equipment must comply with both regimes.
Article 103: Amendment — Agricultural Vehicles
EU AI Act Article 103: amends Reg. 167/2013—AI in agricultural vehicles must meet AI Act requirements.
Article 104: Amendment — Two/Three-Wheel Vehicles
EU AI Act Article 104: amends Reg. 168/2013—AI in motorcycles and similar vehicles.
Article 105: Amendment — Marine Equipment
EU AI Act Article 105: amends Dir. 2014/90/EU—AI in marine navigation, collision avoidance.
Article 106: Amendment — Railway Interoperability
EU AI Act Article 106: amends Dir. 2016/797—AI in railway signalling, traffic management.
Article 107: Amendment — Motor Vehicles
EU AI Act Article 107: amends Reg. 2018/858—AI in autonomous driving, ADAS, driver monitoring.
Article 108: Amendment — Civil Aviation (EASA)
EU AI Act Article 108: amends Reg. 2018/1139—AI in aviation systems, ATM, drones, EASA certification.
Article 109: Amendment — Vehicle General Safety
EU AI Act Article 109: amends Reg. 2019/2144—mandatory ADAS, automated driving, VRU detection.
Article 110: Grandfathering for Annex X IT Systems
EU AI Act Article 110: transitional exemption for AI in existing large-scale EU IT systems (SIS, VIS, Eurodac).
Article 111: Transitional Provisions for Legacy AI Systems and GPAI Models
EU AI Act Article 111: transitional provisions for AI systems and GPAI models already on the market—significant design change, 2027 GPAI deadline, 2030 product-law deadline, and checklist.
Article 112: Evaluation and Review
EU AI Act Article 112: Commission periodic review every 4 years—Annex III, enforcement, governance.
Article 113: Entry into Force and Application Dates
EU AI Act Article 113: complete timeline—Feb 2025 (prohibitions), Aug 2025 (GPAI), Aug 2026 (high-risk, transparency, deployers), Aug 2027 (product-law AI). Official excerpt, quick-reference table, and FAQ.
Annex I: Union Harmonisation Legislation — Product Law List
EU AI Act Annex I: Union harmonisation legislation list—MDR, Machinery Regulation, Toy Safety, and more. When AI safety components trigger Article 6(1) high-risk classification, integrated conformity, and August 2027 timeline.
Annex II: Product Safety Laws for High-Risk AI Classification
EU AI Act Annex II: Union harmonisation legislation list for Article 6(2) high-risk classification—toy safety, machinery, pressure equipment, ATEX, and more.
Annex III: High-Risk AI System Areas
Complete guide to the 8 high-risk areas defined in Annex III, from biometrics to democratic processes.
Annex IV: Technical Documentation for High-Risk AI Systems
EU AI Act Annex IV: minimum content of technical documentation for high-risk AI systems—8 heading areas (description, development, monitoring, risk, changes, standards, conformity, post-market), Annex IV vs Annex XI, checklist, and FAQ.
Annex V: EU Declaration of Conformity — Content Requirements
EU AI Act Annex V: content requirements for the EU declaration of conformity—8 required elements, combined declarations, machine-readable format, and checklist.
Annex VI: Internal Control Conformity Assessment Procedure
EU AI Act Annex VI: internal control conformity assessment—self-assessment steps, QMS and technical documentation verification, when Annex VI vs Annex VII applies, and checklist.
Annex VII: Notified Body Conformity Assessment Procedure
EU AI Act Annex VII: notified body conformity assessment—QMS audit, technical documentation review, certification, surveillance, biometric ID requirement, and timeline.
Annex VIII: Registration Information for the EU Database
EU AI Act Annex VIII: information for EU database registration of high-risk AI—Section A (providers), Section B (public authority deployers), fields, and compliance checklist.
Annex IX: Integrated Notified Body Assessment Legislation
EU AI Act Annex IX: Union legislation requiring integrated notified body assessment—MDR, IVDR, Annex IX vs Annex I, and checklist.
Annex X: Large-Scale EU IT Systems
EU AI Act Annex X: large-scale EU IT systems (SIS, VIS, Eurodac, ETIAS)—high-risk classification, 2030 deadline, eu-LISA, and checklist.
Annex XI: Technical Documentation for Providers of General-Purpose AI Models
EU AI Act Annex XI: complete guide to GPAI model technical documentation—Section 1 baseline (architecture, data, compute, energy) for all providers and Section 2 systemic-risk extras (evaluation, red teaming, architecture). Official wording, checklist, FAQ, and links to Articles 51–56.
Annex XII: Transparency Information for GPAI Model Providers
EU AI Act Annex XII: transparency information for downstream providers—capabilities, limitations, integration instructions, risk info. Annex XII vs Annex XI, checklist, and FAQ.
Annex XIII: Criteria for Classification of GPAI Models with Systemic Risk
EU AI Act Annex XIII: criteria for classifying GPAI models with systemic risk—10^25 FLOPs compute threshold, qualitative indicators, delegated act updates, and links to Articles 51, 52, 55.