Understanding your situation
A market surveillance authority or downstream party has requested documentation for a high-risk AI system you provide or deploy.
What you need to prepare
- ✓The request and the high-risk system concerned
- ✓Technical documentation (Annex IV-style)
- ✓Risk-management system records
- ✓Data-governance and quality measures
- ✓Human-oversight arrangements
- ✓Any gaps and a remediation timeline; a named contact
Related templates & guides
⏰ Deadline
Respond by the date in the request. High-risk obligations are proposed to apply from 2 December 2027 (Annex III) and 2 August 2028 (Annex I) under the Digital Omnibus, conditional on adoption; the original date was 2 August 2026.
🏛️ Authority
National market surveillance authorities; notified bodies where relevant.
⚖️ Legal basis
Regulation (EU) 2024/1689 high-risk provisions (risk management, technical documentation, data governance, human oversight, conformity assessment); Article 99 penalties.
Expert tips
- 1Map each requested item to a specific document.
- 2Summarise your risk-management process, not just its existence.
- 3Describe human oversight concretely (who, when, how).
- 4If standards/tooling are still maturing, say what you have and what is in progress.
- 5Note the proposed timeline shift, clearly marked as conditional.
Frequently Asked Questions
When do high-risk AI obligations apply?
Originally 2 August 2026. Under the Digital Omnibus provisional agreement, standalone Annex III systems would apply from 2 December 2027 and Annex I embedded systems from 2 August 2028 — conditional on the Omnibus being formally adopted.