Annexes — referenced by Article 11(1)Article Annex IV

Annex IV: Technical Documentation for High-Risk AI Systems

Applies from 2 Aug 20265 min readEUR-Lex verified Apr 2026

Annex IV specifies the minimum content of technical documentation that providers of high-risk AI systems must prepare under Article 11. It is the high-risk system counterpart to Annex XI (which covers GPAI models). The documentation must be comprehensive enough for national competent authorities and notified bodies to assess conformity with Chapter III, Section 2 requirements. Annex IV covers: general system description, detailed development information, monitoring and functioning, risk management, lifecycle changes, standards used, EU declaration of conformity, and post-market monitoring. The Commission may update Annex IV via delegated acts under Article 97.

Start free assessment All articles

Who does this apply to?

-Providers of high-risk AI systems under Article 6 preparing technical documentation before market placement
-Quality, regulatory, and engineering teams assembling conformity evidence
-Notified bodies reviewing technical files during third-party conformity assessment
-Product manufacturers where AI is a safety component under Annex I product legislation

Scenarios

A startup ships an Annex III HR screening tool with marketing brochures but no structured technical file mapping Annex IV headings.

Fails Article 11 / Annex IV: conformity cannot be demonstrated to authorities or notified bodies.

Ref. Annex IV + Art. 11(1)

A provider maintains a versioned Annex IV pack (system description, data lineage, test reports, risk register, SBOM) stored alongside each model release hash.

Strong traceability aligned with Annex IV and Article 12 logging cross-references.

Ref. Annex IV

A medical device AI (dual-regulated under MDR and AI Act) uses a combined technical file under Article 11(2).

Matches the single-documentation route where Annex I Section A product law applies.

Ref. Annex IV + Art. 11(2)

What Annex IV requires (in plain terms)

Annex IV is the structured checklist behind Article 11. It converts the abstract duty to "draw up technical documentation" into concrete headings the provider must address. The documentation must contain at minimum:

1. General description of the AI system (intended purpose, interaction with hardware/software, versions, forms of distribution) 2. Detailed description of the development process including design, architecture, data, training/testing/validation, key design choices and rationale 3. Detailed information about monitoring, functioning, and control including capabilities, limitations, foreseeable misuse, human oversight measures, computational and hardware requirements 4. Description of the risk management system as per Article 9 5. Description of changes made through the system's lifecycle 6. List of harmonised standards applied (or other solutions chosen where standards are not followed) 7. Copy of the EU declaration of conformity (Article 47) 8. Description of the post-market monitoring system under Article 72

Always read the exact sub-points under each heading on EUR-Lex—this summary is not exhaustive.

Annex IV vs Annex XI (common confusion)

Teams often confuse these two annexes:

Annex IV = documentation for high-risk AI systems (the downstream product/application), required by Article 11.
Annex XI = documentation for GPAI models (the upstream foundation model), required by Article 53(1)(a).

If your high-risk system integrates a GPAI model, both annexes apply at different layers: the GPAI provider produces Annex XI documentation, and the high-risk system provider produces Annex IV documentation (using Article 53(1)(b) downstream information from the GPAI provider to populate relevant sections).

How Annex IV connects to the rest of the Act

Article 11 — The direct legal hook requiring Annex IV content.
Article 9 — Risk management outputs feed Annex IV point 4.
Article 10 — Data governance decisions feed Annex IV development process sections.
Article 12 — Logging design must align with what Annex IV promises.
Article 13 — Instructions for use must be consistent with Annex IV.
Article 14 — Oversight measures documented in Annex IV.
Article 15 — Accuracy, robustness, cybersecurity metrics in Annex IV.
Article 43 — Conformity assessment relies on Annex IV.
Article 47 — EU declaration of conformity (included in Annex IV).
Article 72 — Post-market monitoring plan in Annex IV.
Article 97 — Delegated acts may update Annex IV.
Annex XI — GPAI model documentation (the upstream counterpart).

Recitals (preamble) on EUR-Lex

The recitals in the same consolidated AI Act on EUR-Lex contextualise technical documentation, conformity assessment, and SME proportionality. Use the official preamble on EUR-Lex—do not rely on unofficial recital lists without checking sequence and wording against the authentic text.

Compliance checklist

Map every Annex IV heading (1–8) to concrete artefacts (architecture diagrams, data cards, test reports, risk registers, SBOMs, IFU drafts, conformity declarations).
Include design rationale and key design choices—not just specifications.
Document training, validation, and testing data per Article 10 data governance standards.
Embed the Article 9 risk management system outputs (hazard analysis, residual risk acceptance).
Cross-check Article 13 instructions and Article 12 logging design against Annex IV claims.
Version documentation with each model/software release placed on the market.
For dual-regulated products (Annex I), map overlaps between Annex IV and sectoral technical files early.
Track Commission delegated acts under Article 11(3)/Article 97 that may update Annex IV.

Read the official text on EUR-Lex

Turn Annex IV into an actionable checklist for your system—free assessment.

Start Free Assessment

Article 11: Technical Documentation

Article 9: Risk Management System

Article 10: Data and Data Governance

Article 12: Record-keeping

Article 13: Transparency and provision of information to deployers

Article 14: Human oversight

Article 15: Accuracy, robustness and cybersecurity

Article 43: Conformity Assessment for High-Risk AI Systems

Article 47: EU Declaration of Conformity

Article 72: Post-Market Monitoring

Article 97: Exercise of the Delegation

Article 113: Entry into Force and Application Dates

Annex XI: Technical Documentation for Providers of General-Purpose AI Models

Related annexes

Annex XI — GPAI model documentation (the upstream counterpart under Article 53)

Frequently asked questions

Can documentation live only in GitHub?

Repositories can hold evidence, but you need a curated, regulator-readable dossier that mirrors Annex IV headings and is version-controlled with each release.

Is a model card the same as Annex IV?

No. A model card may cover some Annex IV elements but typically lacks risk management system outputs, conformity declarations, post-market monitoring plans, and full lifecycle change documentation. Map gaps explicitly.

Does Annex IV apply to every deployer tweak?

Deployers making substantial modifications may become providers under Article 25 and then inherit Article 11/Annex IV duties for the modified system.

What about the SME simplified form?

Article 11(1) contemplates a Commission simplified form for SMEs. Until it exists and you opt in, treat Annex IV as the baseline for everyone, proportionate to risk.

On this page

Key terms

Technical documentation: The structured evidence file proving a high-risk AI system complies with Chapter III, Section 2 requirements—at minimum the elements listed in Annex IV.
Substantial modification: A change to the AI system after market placement that affects conformity or intended purpose—triggers documentation update and potentially new conformity assessment.
Harmonised standard: A European standard adopted at the request of the Commission that gives presumption of conformity with specific requirements when followed.

Maximum penalties (Art. 99)

3% of turnover / Up to EUR 15 million or 3% of global annual turnover for most high-risk requirements under Article 99(4)
SMEs / start-ups: Lower caps apply to SMEs and start-ups under Article 99(6)
Missing or misleading documentation often coincides with multiple Section 2 breaches—compounding exposure.

Timeline

2 Aug 2026
Annex IV documentation duties apply for Annex III high-risk systems (Article 6(2) path).
2 Aug 2027
Annex IV documentation duties apply for Article 6(1) product-law high-risk systems.

At a glance

Article: Annex IV
Status: Upcoming
Timeline: 2 Aug 2026
Updated: 11 Apr 2026

Recommended next step

Run the short assessment to map risk class and obligations to your specific AI use case in minutes.

Start assessment now