EU AI Act Compliance Budget Planning: Cost Drivers for High-Risk AI

The EU AI Act does not come with a price tag. It comes with obligations — and the cost of meeting them depends almost entirely on whether your AI systems are high-risk under Article 6, what role you occupy in the value chain, and how much governance infrastructure you already have. A company deploying a third-party HR screening tool faces a very different bill than one building and placing its own credit-scoring system on the market.

Under the Digital Omnibus agreed in May 2026, the deadline for stand-alone high-risk AI systems listed in Annex III is 2 December 2027. AI embedded as a safety component in regulated products (Annex I — medical devices, machinery, aviation) follows on 2 August 2028. That extended runway makes phased budgeting possible, but it does not make the workload smaller. The Article 9 risk management system, the Annex IV technical documentation pack, conformity assessment under Article 43, registration under Article 49, and post-market monitoring under Article 72 each require real work. Planning the spend now — across fiscal years rather than as a single crisis budget — is what the timeline allows.

Why Classification Is the First Budget Decision

You cannot cost-plan compliance without first knowing what you have. Article 6 creates two routes to high-risk status. The first covers AI systems that function as safety components of products under EU harmonisation legislation (Annex I — think MDR-regulated diagnostic AI). The second, and the one most companies encounter, covers the eight categories in Annex III: biometrics, critical infrastructure, education, employment and worker management, access to essential services (including creditworthiness scoring under point 5(b) and life/health insurance pricing under point 5(c)), law enforcement, migration and border control, and administration of justice and democratic processes.

The Article 6(3) filter matters here. A system that falls within an Annex III area is still not automatically high-risk — if it poses no significant risk of harm to health, safety or fundamental rights, the provider may document that assessment and exit the full obligation stack. But any system that profiles natural persons is always high-risk, and the exemption claim must itself be documented and registered under Article 49. Getting classification wrong in either direction carries cost: over-classifying wastes compliance spend; under-classifying creates retroactive remediation and potential enforcement exposure.

The practical first step is an AI inventory. List every system you build or deploy in a professional context, map each against the Annex III categories, apply the Article 6(3) filter where arguable, and derive your role — provider under Article 16 or deployer under Article 26 — for each. Most companies that deploy third-party AI tools are deployers; companies that ship AI-enabled products to customers are providers. The obligations, and the costs, differ substantially.

The Article 9 Risk Management System

Article 9 is an ongoing operational commitment, not a document you file once. It requires providers to establish a risk management system that runs throughout the system's entire lifecycle — identifying known and reasonably foreseeable risks, evaluating them, implementing mitigation measures, and testing that residual risks are acceptable.

Staff time is the dominant cost. Companies with GDPR risk processes or an ISO/IEC 42001 framework already in place face lower setup costs than those building from scratch. The Article 9 system feeds everything downstream: residual risks identified here shape the Article 14 human oversight requirements, Article 15 accuracy and robustness obligations, and Article 73 serious-incident reporting scope. Ongoing annual maintenance — the quarterly review cycle, updating documentation when the system changes, feeding in monitoring data from Article 72 — is a recurring line item, not a one-off.

The Annex IV Technical Documentation Pack (Article 11)

Providers must compile technical documentation before placing a high-risk system on the market or putting it into service. The nine content areas set out in Annex IV — a general system description, design specifications, training and validation data governance, performance testing results, risk management records, and human oversight provisions — form the basis of any conformity assessment and the evidence pack that market surveillance authorities can request at any time.

For a company building on third-party AI models or APIs, part of this documentation has to come from the upstream supplier under Article 13 and the GPAI provisions. Map what you can obtain from the model provider against what you must generate yourself. Gaps are a compliance risk. Article 18 requires providers to retain the Annex IV pack for ten years after placing the system on the market — a document management and version-control cost that is easy to underestimate.

Conformity Assessment Under Article 43: Internal vs Notified Body

The conformity assessment (Article 43) is where the cost difference between system types is sharpest. For most Annex III categories — critical infrastructure, education, employment, essential services, law enforcement, migration, justice — providers use the Annex VI internal self-assessment route. This means the provider itself checks the system against the requirements, documents the outcome, and issues the EU declaration of conformity under Article 47. No external body must be paid.

The exception is Annex III point 1: biometric systems. Where a harmonised standard covering the relevant requirements has not been applied (or has been applied only in part), the Annex VII notified-body route applies. Notified-body fees vary by body, system complexity, and scope of assessment, but they are materially higher than an internal self-assessment. If you operate in the biometrics space — remote biometric identification, biometric categorisation, emotion recognition where permitted — build notified-body fees into the budget explicitly and allow time for scheduling, because capacity at notified bodies is constrained.

For Annex I (product-embedded AI), the conformity assessment is integrated into the existing product-safety procedure; the AI Act does not add a second standalone assessment, but it does add AI-specific requirements to what the product assessment must cover.

Registration (Article 49) and the EU Database

Before placing a high-risk system on the market, providers must register it in the EU database established under Article 71. Registration under Article 49 is not just an administrative formality — it is what makes the system publicly accountable and what market surveillance authorities use to track the deployed population. Deployers of certain Annex III systems (particularly in the public-sector and law-enforcement domains) have separate registration obligations.

The cost is primarily internal staff time to compile the registration information and maintain it as the system evolves. Systems that are substantially modified under Article 3(23) must be re-assessed and re-registered.

Human Oversight (Article 14) and AI Literacy (Article 4)

Article 14 requires providers to design high-risk systems so that deployers can effectively oversee them — including the ability to understand outputs, intervene, and override. Deployers must then assign competent individuals to that oversight role and ensure they have what they need to exercise it. The design-side obligation is a provider cost; the operational-side obligation is a deployer cost.

Article 4 sits separately. It has applied since 2 February 2025 and requires providers and deployers to ensure staff who work with AI systems have an appropriate level of AI literacy. This is not the same as the human-oversight function — it is a broader competence baseline. Training budgets, whether for internal programmes or external providers, need to cover both: the technical oversight skills Article 14 demands and the general literacy Article 4 requires.

For companies with small compliance or legal teams, AI literacy training is often the most immediately visible budget line because it applies now and reaches across the organisation.

Quality Management System (Article 17)

Providers must implement a quality management system covering the policies, processes, and procedures needed for ongoing compliance. Article 17 maps closely to what ISO/IEC 42001 provides organisationally — companies already holding that certification have a structural advantage. The QMS integrates the Article 9 risk management system, the Annex IV documentation process, the Article 72 monitoring programme, and the conformity assessment records into a single governance structure. Where no QMS exists today, building one is a meaningful initial investment; extending an existing ISO 27001 or GDPR governance structure is considerably cheaper.

Post-Market Monitoring (Article 72)

The obligation does not end at launch. Article 72 requires providers to actively monitor deployed systems for risks, unexpected behaviour, and performance drift. The monitoring plan must be part of the technical documentation and feed back into the Article 9 risk management system.

Serious incidents trigger reporting under Article 73, with timelines of 2, 10, or 15 days depending on severity. Incident detection and response is not optional — plan for it before deployment. The budget question is whether monitoring is automated (tooling cost), manual (staff time), or a combination.

Tooling vs Consultants: The Make-or-Buy Decision

External law firms and specialist consultancies provide high-confidence outputs for classification, Annex IV documentation, and conformity assessment support, but fees accumulate quickly — particularly for the ongoing elements (Article 9 reviews, Article 72 monitoring, Article 4 training programmes). A consultancy engagement covering a single high-risk system from classification through to registration typically costs materially more per year than self-serve compliance tooling.

Self-serve compliance software encodes the obligation logic in structured workflows that the compliance, legal, or IT team runs directly. For most companies deploying one to five high-risk systems, a tooling-led approach with targeted external input for contested classification decisions or notified-body coordination is the most cost-efficient structure.

SME Proportionality and the Article 99(6) Fine Cap

The Act builds in some proportionality for smaller companies. Article 99(6) caps fines for SMEs and start-ups at the lower of the fixed-sum ceiling or the percentage of worldwide annual turnover. So for the €15 million / 3% tier that applies to most high-risk obligation breaches — the tier most companies face — a company with €2 million annual turnover would be capped at €60,000, not €15 million. That is still a material number, and it sits alongside the non-financial consequences: market surveillance authority intervention, system withdrawal, and the audit and remediation costs that follow.

The proportionality protection is not a reason to defer compliance investment — it is a calibration input. A company with low turnover still needs a functioning Article 9 system and Annex IV documentation; it just faces a lower worst-case fine exposure if it falls short.

How Confir Helps

Confir is a self-serve EU AI Act compliance tool built for compliance, legal, and IT teams at companies that cannot absorb the cost of a full consultant-led programme for every system. Starting at €600 per year, it replaces a significant portion of the manual work involved in classification, technical documentation, and FRIA preparation. The classification engine is rule-based and deterministic — the same intake produces the same finding, grounded in explicit Article 6 and Annex III logic, with the rule that fired visible and auditable. It generates the Article 11 / Annex IV documentation pack, the Article 47 / Annex V Declaration of Conformity, and supports the Article 27 FRIA workflow. For companies with up to five high-risk systems, it covers the structured compliance work that would otherwise require either staff weeks or consultant fees.

What Confir does not replace is legal judgment on genuinely contested classification decisions, notified-body engagement for Annex VII biometrics assessments, or the internal leadership commitment that a QMS under Article 17 requires. Treat it as the structured backbone for the documentation and assessment work, with external expert input reserved for the decisions that genuinely need it.

The FY2027 deadline means there are roughly three budget cycles before the Annex III obligation date. The sequencing that works: inventory and classify in year one, build Article 9 and Annex IV infrastructure in year two, complete conformity assessment and registration in advance of 2 December 2027. Each year has a distinct spend profile and delivers something auditable.

Frequently Asked Questions

What are the main cost drivers for EU AI Act compliance?

Classification comes first — you cannot budget anything else until you know which systems are high-risk under Article 6 and what role you play. After that: Article 9 risk management system, Annex IV technical documentation (Article 11), conformity assessment (Article 43 — self-assessment for most Annex III categories; notified-body fees for biometrics), post-market monitoring (Article 72), registration (Article 49), QMS (Article 17), and AI literacy training (Article 4, in force since 2 February 2025).

When is the compliance deadline for high-risk AI systems?

Under the Digital Omnibus agreed in May 2026, stand-alone high-risk AI systems listed in Annex III must comply by 2 December 2027. High-risk AI embedded as a safety component in products covered by EU harmonisation legislation (Annex I — medical devices, machinery, aviation) must comply by 2 August 2028. The original deadline of 2 August 2026 has been deferred for the high-risk tier. Prohibited practices under Article 5 have applied since 2 February 2025; they are not deferred.

Do most companies need a notified body, or can they self-assess?

Most companies can self-assess. The Annex VI internal self-assessment route applies to Annex III categories 2 through 8 — critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice. The Annex VII notified-body route applies to Annex III point 1 (biometrics) where harmonised standards have not been applied. For AI embedded in Annex I products, the conformity assessment follows the product-safety regime. If you are not in the biometrics space and not building regulated products, you almost certainly self-assess.

What does the Article 99(6) fine cap mean for smaller companies?

Article 99(6) caps fines for SMEs and start-ups at the lower of the percentage or the fixed-amount ceiling in each tier. For the main high-risk tier — €15 million or 3% of worldwide annual turnover — a company with €3 million annual turnover would face a maximum of €90,000, not €15 million. The cap is a genuine proportionality protection, but it does not alter the obligation itself. A small company with a high-risk system still needs the Article 9 risk management system, the Annex IV documentation, and the Article 43 conformity assessment.

How does the Article 9 risk management system differ from the Article 17 QMS?

The Article 9 risk management system is system-specific — it runs throughout the lifecycle of each individual high-risk AI system, identifying and mitigating risks specific to that system. The Article 17 quality management system is organisation-wide — it is the governance structure that integrates compliance processes, documentation management, post-market monitoring, and incident reporting across all the provider's high-risk systems. Think of Article 9 as the technical evidence and Article 17 as the organisational wrapper. ISO/IEC 42001 provides a recognised framework for the Article 17 QMS, though certification is voluntary.

Is compliance a one-off cost or a recurring one?

Both. There is a substantial initial investment in classification, Annex IV documentation, conformity assessment, and registration. But Article 9 requires ongoing risk review; Article 72 requires continuous post-market monitoring; Article 4 AI literacy is a standing obligation; and the Article 17 QMS needs maintenance as systems evolve. Budget for a higher first-year spend followed by a lower but real annual run rate for monitoring, review cycles, and training.

What can self-serve tooling realistically replace, and what still needs external expertise?

Tooling handles structured work well: Article 6 classification, Annex IV documentation generation, Article 47 Declaration of Conformity, and Article 27 FRIA workflows. External input still adds value for contested Article 6(3) exemption claims, notified-body coordination for Annex VII biometrics assessments, and legal review of cross-border role questions under Article 25. The economics favour tooling for structured documentation work and targeted advisory fees for the decisions that are genuinely contested.

Related guides

• Article 8 high-risk compliance requirements
• risk classification decision tree
• risk classification levels guide
• EU AI Act compliance software