Skip to content
Confir.
Free trial
EU AI Act

EU AI Act Article 8: Compliance with Requirements for High-Risk AI

EU AI Act Guide23 May 2026· 14 min read· 2,846 words

Article 8 activates Articles 9–15 for high-risk AI systems. Understand each requirement, the state-of-the-art standard, and the 2 December 2027 deadline.

Article 8 of Regulation (EU) 2024/1689 does exactly one thing: it states that high-risk AI systems must comply with the requirements set out in Articles 9 through 15. That sentence is the whole provision. Article 8 is a chapeau — a gateway clause — not an obligation in its own right. Every substantive duty for high-risk AI systems sits in the articles that follow it.

Understanding what Article 8 is, and what it is not, matters because old compliance inventories frequently misattribute obligations to it. If someone tells you the risk management system is an "Article 8 requirement," they are imprecise. The risk management system is Article 9. Article 8 is the sentence that says Articles 9 through 15 apply.

What Article 8 Actually Says

The provision has two elements.

First, high-risk AI systems must comply with the requirements of Articles 9–15 before they are placed on the market or put into service, and throughout their operational life. The compliance obligation is continuous, not a one-time pre-launch gate.

Second, Article 8(2) adds a consistency requirement: compliance with those requirements must take into account the intended purpose of the AI system and the generally acknowledged state of the art in AI and AI-related technologies. This is not a vague aspiration. "State of the art" sets the technical baseline — a provider cannot satisfy Article 15 (accuracy, robustness, cybersecurity) by meeting a standard that was already superseded when they shipped the product.

The reference to Annex I in Article 8 makes the provision relevant to high-risk AI systems that are safety components of regulated products (machinery, medical devices, civil aviation equipment, and others listed in Annex I). Those systems must comply with the requirements of Articles 9–15 in a manner consistent with the Annex I product legislation they sit inside. Where an Annex I regulation already requires a conformity assessment, the AI Act obligations are integrated into that process rather than run in parallel.

The Six Requirements: Articles 9 Through 15

Each of the six requirements that Article 8 activates has its own article. They are worth treating as a checklist, because every high-risk provider must address all six.

Article 9 — Risk management system. A continuous, iterative process covering hazard identification, risk estimation, risk evaluation, and risk mitigation, maintained throughout the system's lifecycle. The RMS is updated in light of operational data and connects directly to post-market monitoring under Article 72. This is the single most operationally demanding requirement for most providers.

Article 10 — Data and data governance. Training, validation, and test datasets must meet quality criteria: relevant, representative, free of errors, and complete in light of the intended purpose. Data governance practices must address data collection, labelling, cleaning, and aggregation. Where sensitive attributes are processed for the purpose of detecting and correcting bias, Article 10(5) provides a narrow permissions window for that processing.

Article 11 — Technical documentation. Providers must draw up technical documentation before placing a high-risk system on the market and keep it up to date. The mandatory content is specified in Annex IV (nine content areas, including a general description of the system, a description of its elements and development process, detailed information on its monitoring, functioning and control, information on its accuracy metrics, and post-market monitoring arrangements). This is the document that a notified body or market surveillance authority will examine first.

Article 12 — Record-keeping and logging. High-risk AI systems must have the capability to automatically generate logs throughout their operation. The minimum content of those logs includes the period of each use, the reference database against which the system checked input data, the input data that led to a match, and the natural persons involved in verification. Log retention by the provider is at least six months under Article 19; deployer retention under Article 26 is also at least six months.

Article 13 — Transparency and information to deployers. High-risk AI systems must be transparent enough for deployers to interpret their outputs correctly and use them appropriately. The system must be accompanied by instructions for use that cover the provider's identity, the intended purpose, performance metrics, data inputs expected, the degree of accuracy and its limitations, and the human oversight measures required. This article is the provider's duty; Article 26 translates it into deployer obligations.

Article 14 — Human oversight. High-risk AI systems must be designed to allow the natural persons designated to perform oversight to understand the system's capabilities and limitations, detect and address failures and unexpected performance, and, where appropriate, decide not to use the system's output. The oversight mechanisms must be built into the system by design — they cannot be bolted on after deployment. Where the system interacts with people who may be in vulnerable circumstances, the oversight provisions must account for that.

Article 15 — Accuracy, robustness, cybersecurity. High-risk AI systems must achieve an appropriate level of accuracy, be resilient against errors, faults, and inconsistencies, and be protected against adversarial attacks that could alter outputs or exploit the system. Performance metrics and their limits must be declared. This is a technical requirement, but its level is calibrated to the intended purpose and the state of the art — a credit-scoring model and an exam-monitoring tool will have different accuracy thresholds.

State of the Art: What It Means in Practice

The phrase "generally acknowledged state of the art" in Article 8(2) is borrowed from EU product law and means more than "what most companies do today." It refers to the highest level of technical capability available — the standard a technically qualified person familiar with the field would recognise as current best practice. Harmonised standards, where adopted by the European Commission, provide presumption of conformity with state-of-the-art requirements. Common specifications can also be issued by the Commission where harmonised standards are absent or insufficient.

For providers, this creates an ongoing obligation. A system validated in 2024 against then-current robustness benchmarks may need reassessment if those benchmarks have materially advanced by 2027. The state-of-the-art standard is a moving target, and the continuous compliance obligation in Article 8(1) means providers cannot treat conformity as a snapshot.

What Article 8 Is Not

Article 8 is not a standalone obligation. A compliance gap note that cites only "Article 8 non-compliance" without identifying which of Articles 9–15 was breached is incomplete. Article 8 has no obligation of its own — it points to the articles that do. Regulatory correspondence, internal audits, and corrective action plans should cite the specific article breached.

Article 8 is not the conformity assessment. The conformity assessment — the formal procedure that demonstrates compliance with Articles 9–15 before market placement — is Article 43. The distinction matters: Article 8 defines what you must comply with; Article 43 defines how you prove it. Annex VI (internal self-assessment) and Annex VII (notified-body assessment for biometric systems under Annex III point 1) are the two routes.

Article 8 is not the risk management system. Risk management is Article 9. This is the single most common mislabelling in the early compliance literature, including much of the first wave of AI Act guidance published in 2023–2024. The confusion arises because Article 8 was sometimes described as the "risk management article" in draft-stage commentary. In the final text, it is not.

Article 8 is not a penalty article. Non-compliance with Articles 9–15 is a non-compliance with the requirements of a high-risk AI system. The penalty for that is the €15,000,000 or 3% of total worldwide annual turnover tier under Article 99(4) — whichever is higher. For SMEs and start-ups, Article 99(6) caps the fine at the lower of the percentage or fixed amount.

The Annex I Intersection

High-risk AI systems that are safety components of products regulated under Annex I legislation — the Machinery Regulation, the Medical Device Regulation (MDR 2017/745), the In Vitro Diagnostic Medical Devices Regulation (IVDR 2017/746), civil aviation safety equipment, and others — face a more complex compliance picture.

For those systems, Article 8's compliance requirement applies, but the conformity assessment under Article 43 is conducted as part of the Annex I product's conformity assessment, not as a separate AI-only procedure. The practical effect is that the notified body responsible for the Annex I product assessment also assesses the AI components against Articles 9–15. The timeline for those systems is 2 August 2028, not the 2 December 2027 date that applies to stand-alone Annex III high-risk systems.

Providers building AI into regulated products should verify with their Annex I notified body how the AI Act requirements will be handled within the existing product certification procedure — the workflows differ across sectors, and some Annex I notified bodies had not published their AI Act integration procedures as of mid-2026.

A Practical Sequence for Meeting the Article 8 Requirements

Most compliance teams find it useful to treat Articles 9–15 not as a checklist to tick in order, but as a set of interdependent outputs that develop together. Here is one practical sequencing that reflects how the requirements connect.

Step 1 — Determine that Article 8 applies. Classify the system under Articles 5 and 6 using Annex III. If the system is high-risk and not exempted by Article 6(3), Article 8 applies. If the system is a safety component of an Annex I product, identify the applicable product legislation and the relevant notified body. Document the classification decision — it is the foundation for everything else.

Step 2 — Establish the risk management system (Article 9) early. The RMS is not a document; it is a process. It must be operational before the conformity assessment is completed, because the Article 9 output (the risk management plan and residual risk assessment) feeds directly into the Article 11 technical documentation. Starting the RMS after the technical documentation is already in draft means revisions are near-certain.

Step 3 — Lock data governance documentation (Article 10). Training, validation, and test dataset specifications must be documented with enough specificity to demonstrate relevance, representativeness, and freedom from errors. For providers using third-party datasets, procurement contracts and data provenance records become part of this documentation. The Article 10 documentation is a section of the Annex IV technical file.

Step 4 — Assemble the Article 11 technical documentation. The Annex IV template has nine content areas. It is the master compliance record — it contains or cross-references the Article 9 RMS output, the Article 10 data documentation, the Article 15 accuracy and robustness metrics, and the Article 14 oversight design. Completing it forces all the prior work into a coherent, audit-ready form.

Step 5 — Design logging (Article 12) and transparency materials (Article 13) in parallel. Logging capability must be built into the system, not retrofitted. The instructions for use required under Article 13 must be complete before deployment — deployers cannot operate the system correctly without them.

Step 6 — Validate human oversight mechanisms (Article 14). The oversight capability must be tested against realistic operating conditions, including edge cases and failure modes. This is often where providers discover that the oversight design is adequate for normal operation but breaks down under load or in high-stakes corner cases.

Step 7 — Benchmark and document accuracy, robustness, cybersecurity (Article 15). Performance metrics must be declared with their confidence intervals and operational conditions. Adversarial testing against known attack patterns (prompt injection, data poisoning, model inversion) should be documented even where not strictly mandated, because it directly evidences Article 15 compliance and Article 9 residual risk assessment.

Step 8 — Conduct the conformity assessment (Article 43). Once the Articles 9–15 documentation is complete, the formal assessment can proceed — either the Annex VI internal self-assessment (most Annex III systems) or the Annex VII notified-body procedure (Annex III point 1 biometrics where harmonised standards are not applied). The conformity assessment generates the EU declaration of conformity (Article 47) and the CE marking entitlement (Article 48).

Step 9 — Register in the EU database (Article 49). Providers must register high-risk systems in the EU database for AI before market placement.

This sequence is not a legal prescription — Article 8 does not mandate a sequencing. But providers who try to run these steps simultaneously or out of order consistently find that the later steps surface gaps that require revisiting earlier ones.

When Article 8 Compliance Begins

Under the Digital Omnibus agreed in May 2026, the high-risk AI obligations are deferred:

  • 2 December 2027 — stand-alone high-risk AI systems listed in Annex III (recruitment, credit, biometrics, law enforcement, etc.).
  • 2 August 2028 — high-risk AI systems that are safety components of Annex I products.

The original 2 August 2026 deadline was the high-risk application date before the Digital Omnibus. It is no longer operative as the high-risk compliance deadline (though it remains the general application date for the Act and the date from which Article 50 limited-risk transparency obligations apply).

That deferral does not affect the time required to achieve compliance. Assembling the Article 11 technical documentation, building the Article 9 risk management system, and completing the Article 43 conformity assessment for a non-trivial high-risk system takes months. Providers who wait until late 2027 to start will not be ready.

How Confir Structures the Article 8 Requirements

Because Article 8 points at six discrete requirements, Confir maps each one to a specific assessment area:

  • AIRC (Risk Classification & Compliance) — Articles 5, 6, 43, 50: classification and conformity assessment.
  • AITR (Data & Technical Robustness) — Articles 10, 11, 15: data governance, technical documentation, accuracy and robustness.
  • AITO (Transparency & Human Oversight) — Articles 13, 14, 27, 50: transparency to deployers and human oversight design.
  • AIGM (Governance & Post-Market Monitoring) — Articles 9, 72, 73: risk management system, post-market monitoring, and incident reporting.

The assessment uses rule-based, deterministic logic — same intake produces the same finding, with the rule that fired visible and human-readable. This means the gap analysis is reproducible and defensible in an audit or authority review. The output is a Compliance Health Score across all four areas, with control-level findings tied to the specific article they address.

Frequently Asked Questions

What is the difference between Article 8 and Article 9?

Article 8 is the chapeau provision that makes Articles 9–15 apply to high-risk AI systems. Article 9 is one of those six requirements — specifically, the requirement to establish and maintain a risk management system. Article 8 says "you must comply with the requirements"; Article 9 defines what the risk management requirement actually involves. They are not interchangeable, and citing Article 8 when you mean Article 9 is imprecise in any compliance document.

Does Article 8 apply to deployers?

No. Articles 9–15 are provider obligations. Deployers have their own obligation set under Article 26 — including the duty to use the system in line with instructions for use, maintain logs, and ensure human oversight. Deployers do not build technical documentation or run the risk management system; those are the provider's duties under the Articles that Article 8 activates.

What does "state of the art" mean for Article 15 compliance?

State of the art means the highest level of technical development generally accepted as current best practice in the relevant technical field. For Article 15 (accuracy, robustness, cybersecurity), this means providers must benchmark their systems against the best available methods at the time of development — not merely industry average practice. Harmonised standards, where published and referenced by the Commission, create a presumption of conformity with the state-of-the-art standard.

How does Article 8 interact with the Article 43 conformity assessment?

Article 8 defines what high-risk AI systems must comply with (Articles 9–15). Article 43 defines the procedure for proving that compliance before market placement. Most Annex III systems use the Annex VI internal self-assessment route; Annex III point 1 biometric systems (where harmonised standards are not applied) require the Annex VII notified-body route. Article 8 is the "what"; Article 43 is the "how you prove it."

What are the penalties for non-compliance with the Articles 9–15 requirements?

Non-compliance with any of Articles 9–15 falls under Article 99(4): up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher. For SMEs and start-ups, Article 99(6) caps the fine at the lower of the percentage or the fixed amount. Each Article carries the same penalty ceiling — there is no graduated structure within the high-risk requirement set.

When do Article 8 obligations apply?

For stand-alone Annex III high-risk systems: from 2 December 2027 (under the Digital Omnibus political agreement of May 2026, deferring the original 2 August 2026 date). For high-risk AI embedded as safety components in Annex I products: from 2 August 2028.

Related guides

Manage your EU AI Act compliance in one place

Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.

Start free trial →

Related guides

EU AI Act Guide

EU AI Act: Real-Time Biometric Identification Ban (Article 5)

Article 5(1)(h) bans real-time remote biometric ID in public spaces for law enforcement. Three exceptions, prior authorisation required. Fine: €35M or 7%.

Annex Guide

EU AI Act Annex III: The High-Risk Use Cases, Explained

The 8 Annex III high-risk AI areas: biometrics, credit scoring, recruitment, law enforcement. Obligations, the Art 6(3) filter, and the 2 Dec 2027 deadline.

Annex Guide

EU AI Act Annex IV: What Goes in Your Technical Documentation File

Annex IV defines nine mandatory sections for high-risk AI technical docs under EU AI Act 2024/1689. Provider deadline: 2 Dec 2027. Penalties: €15M or 3%.