How to Prepare for an EU AI Act Audit
Prepare for an EU AI Act audit under Regulation (EU) 2024/1689: what authorities examine, the Article 74 evidence checklist, and penalties to €35M or 7%.
An EU AI Act audit is, at its core, an evidence test. Under Regulation (EU) 2024/1689, a national market-surveillance authority (MSA) designated under Article 74 can require you to produce the technical documentation and the automatically generated logs held under Article 12 — in a language it understands — and order corrective action where a system falls short. The audit does not ask whether you intended to comply. It asks whether you can produce the file.
That distinction is the whole game. Audit readiness is not a policy you write the week before; it is a documentation discipline that accrues over the system's lifetime. Logs, data-governance records and risk-management iterations cannot be backdated, so the providers and deployers who survive a review are the ones who started assembling the file early.
This guide covers who reviews you, what they examine, the evidence checklist to assemble, your cooperation duties when an authority asks, and why the discipline matters now even though the stand-alone high-risk obligations have been provisionally pushed back.
Who Reviews You Under the EU AI Act
Three audiences can examine your AI compliance file, and they ask for broadly the same artefacts. Designing your evidence base once, for all three, is the efficient move.
National market-surveillance authorities - Article 74
Each Member State designates a national market-surveillance authority under Article 74 to enforce the AI Act on its territory. The MSA is the primary public enforcer: it investigates non-compliance, requests documentation and logs, orders corrective action, and proposes penalties. It can act on a complaint, on a serious-incident report, or on its own initiative. Providers and deployers owe it active cooperation duties — failure to cooperate is itself an enforcement trigger, not a neutral choice.
Notified bodies and third-party conformity assessment - Article 43 / Annex VII
For certain high-risk systems — notably some biometric systems under Annex III and the Annex I product-embedded systems — conformity assessment runs through a notified body under Article 43 and Annex VII. A notified body is an accredited third party that examines your quality management system and technical documentation before the system reaches the market. Most stand-alone Annex III high-risk systems instead use self-assessment by internal control under Annex VI — but the same evidence still has to withstand later MSA scrutiny, so self-assessment is not a lighter evidentiary standard.
Internal and customer audits
Beyond regulators, enterprise customers increasingly run their own AI Act supplier audits before they buy, and internal audit functions test readiness on a recurring cycle. The evidence base is identical across all three: the MSA, the notified body, the customer and internal audit all draw from the same register, the same Annex IV file and the same logs.
| Reviewer | Legal basis | Timing | What they examine |
|---|---|---|---|
| Market-surveillance authority | Article 74 | After market placement (reactive or own-initiative) | Technical documentation, Article 12 logs, conformity evidence; can order corrective action |
| Notified body | Article 43 / Annex VII | Before market placement (certain systems) | Quality management system and technical documentation |
| Customer / internal audit | Contractual / governance | Pre-sale and recurring | The same register, Annex IV file and logs |
What an EU AI Act Audit Examines
An audit starts from your inventory and works outward into the obligation set. Each step is itself an evidence item — including the reasoning behind your classifications.
The AI system register and classification rationale - Article 6 / Annex III
The first question is always: what AI systems do you operate, and why is each one classified the way it is? The documented rationale for a system's risk classification under Article 6 and Annex III is itself an audited artefact. "We decided it was not high-risk" is not an answer; the reasoning, mapped to the relevant Annex III point, is.
The core high-risk obligation set - Articles 9 to 14
The substantive requirements are where most of the file lives:
- Risk management system (Article 9) — a continuous, documented, iterative process across the lifecycle, not a one-off risk register filed and forgotten.
- Data governance (Article 10) — provenance, relevance and representativeness of training, validation and testing data, plus examination for bias.
- Technical documentation (Article 11) — everything set out in Annex IV, kept current.
- Record-keeping and logging (Article 12) — automatic recording of events over the system's lifetime to ensure traceability.
- Instructions for use (Article 13) — the information deployers need to use the system correctly.
- Human oversight (Article 14) — measures that let designated people understand, monitor, intervene in and override the system.
Conformity, declaration and registration evidence - Articles 47 and 49
Auditors then check the conformity assessment evidence and the signed EU declaration of conformity under Article 47, registration in the EU database under Article 49, and AI literacy evidence under Article 4. These are the artefacts that close the loop between "the system meets the requirements" and "we can prove it." If you want the deeper mechanics, see how to prove compliance.
The EU AI Act Audit-Readiness Checklist
The spine of audit readiness is a single table that maps each evidence item to its governing Article or Annex, the system of record where it lives, and a current status. The "where it lives" column is not optional metadata — an audit fails on artefacts that exist somewhere but cannot be produced on request.
Evidence items, articles and where they live
| Evidence item | Article / Annex | Status |
|---|---|---|
| AI system register + classification rationale | Article 6 / Annex III | In place / In progress / Gap |
| Risk management system | Article 9 | In place / In progress / Gap |
| Data governance documentation | Article 10 | In place / In progress / Gap |
| Technical documentation | Article 11 / Annex IV | In place / In progress / Gap |
| Automatic logs and record-keeping | Article 12 | In place / In progress / Gap |
| Instructions for use / deployer information | Article 13 | In place / In progress / Gap |
| Human-oversight design and operating evidence | Article 14 | In place / In progress / Gap |
| Conformity assessment file | Article 43 / Annex VI or VII | In place / In progress / Gap |
| EU declaration of conformity | Article 47 | In place / In progress / Gap |
| EU database registration | Article 49 | In place / In progress / Gap |
| AI literacy measures and training records | Article 4 | In place / In progress / Gap |
Reading the checklist: status discipline
Track each row as in place, in progress or gap. The status is honest only if it reflects whether the artefact can be produced today, not whether someone has started a draft. Treat "where it lives" as a hard requirement: a brilliant risk-management process that exists only in a departed engineer's head is, for audit purposes, a gap.
Retention is part of the discipline. The declaration of conformity and the technical documentation must be kept for ten years after the system is placed on the market or put into service (Article 47). Logs under Article 12 accrue continuously; the Article 12 record-keeping regime is built around traceability over the full lifetime, so a routine deletion cycle that wipes events early is a self-inflicted gap.
Closing gaps before an authority asks
The purpose of the status column is to drive a backlog. Every "gap" and "in progress" row is a task with a Article number attached. Closing them before an MSA request arrives is the difference between handing over a pack and reconstructing one under a clock. The technical documentation file built to Annex IV is usually the largest single line item, so it is the one to start first.
What Authorities Can Request - and Your Cooperation Duties
Documentation and logs on request
Market-surveillance authorities can require providers and deployers to hand over the technical documentation built to Annex IV and the automatically generated logs held under Article 12, in a language the authority can understand. The language point catches companies out: documentation maintained only in an internal working language may need translation on short notice.
Cooperation and access duties
Providers must cooperate with MSA requests and give access to the information needed to demonstrate conformity. Cooperation is an active duty. An authority that has to chase you for the file, or that receives a partial response, is already forming a view — and failure to cooperate is itself an enforcement trigger.
Corrective action, withdrawal and the penalty for misleading information
Where a system is non-compliant, authorities can order corrective action, or restrict, withdraw or recall it from the market. And there is a specific trap worth naming: supplying incorrect, incomplete or misleading information to notified bodies or competent authorities is a distinct, separately penalised breach.
| Breach | Penalty cap | Legal basis |
|---|---|---|
| Prohibited practices (Article 5) | Up to €35 million or 7% of worldwide annual turnover, whichever is higher | Article 99(3) |
| Most obligation breaches (Articles 9–14, conformity, registration) | Up to €15 million or 3% of worldwide annual turnover, whichever is higher | Article 99(4) |
| Incorrect, incomplete or misleading information to authorities | Up to €7.5 million or 1% of worldwide annual turnover, whichever is higher | Article 99(5) |
For SMEs and start-ups, the applicable fine is the lower of the percentage and the fixed-amount cap under Article 99(6) — a proportional adjustment, not an exemption. The obligation is unchanged; only the exposure scales down.
Why Evidence Discipline Matters Now - Even With the High-Risk Delay
The proposed high-risk timeline shift
The Digital Omnibus reached provisional political agreement on 6–7 May 2026, with the COREPER text confirmed around 13 May 2026. It agreed to defer stand-alone high-risk Annex III obligations (Article 6(2)) from 2 August 2026 to 2 December 2027, and Annex I product-embedded systems (Article 6(1)) from 2 August 2027 to 2 August 2028.
What is already in force and enforceable
As of June 2026 this deferral is agreed but not yet law — it still needs a European Parliament plenary vote, formal Council adoption and Official Journal publication. Until then, the statute still reads 2 August 2026 for high-risk Annex III, so plan against the live date and track the change. Two further points matter. The new dates are fixed calendar dates: the "stop the clock" proposal that would have tied the delay to the availability of harmonised standards was rejected, so the delay is not contingent on standards. And plenty is already in force and auditable:
- The Article 5 prohibitions since 2 February 2025.
- GPAI obligations under Articles 51–55 since 2 August 2025.
- The Article 4 AI literacy duty.
- Most Article 50 transparency duties, with content-marking / watermarking landing on 2 December 2026 — a new deadline that also covers the CSAM / "nudifier" ban.
Building the file before the deadline
Audit-ready evidence cannot be retrofitted. Logs (Article 12), data-governance records (Article 10) and risk-management iterations (Article 9) all accrue over time. A review in late 2027 will ask for a history that only exists if you started recording it well before. Starting the file now is precisely what makes a future review survivable — the delay buys preparation time, not a reason to wait.
From Checklist to Audit-Ready File With Confir
Run a readiness assessment first
Start by scoring each checklist row, surfacing gaps and prioritising the artefacts an auditor will ask for first. Confir's readiness module runs exactly this pass — the readiness assessment turns the status column above into a ranked backlog rather than a static spreadsheet.
Assemble the Annex IV file deterministically
Confir generates the technical documentation against the Annex IV structure and links it to the register, the classification rationale, the logs and the declaration of conformity — one coherent, exportable pack rather than a folder of disconnected documents. If you want a sense of the target output, the Annex IV template shows the structure the file is built against.
The synthesis is deterministic and rule-based: the same inputs always produce the same documentation — the same logic every time, no model inference, no hallucination. That reproducibility is itself an audit-friendly property, because every output traces back to source data an auditor can inspect.
Keep the pack current between audits
The evidence base is maintained continuously, so a substantial modification or a serious incident updates the file rather than triggering a documentation scramble. The result: an MSA request under Article 74, a notified body review under Article 43, a customer supplier audit and internal audit all draw from the same current, defensible file.
How Confir Helps
Confir structures the full audit-readiness file across its assessment modules — classifying each system under Articles 5 and 6, deriving the applicable role, and driving a structured assessment across risk classification (AIRC), data and technical robustness (AITR), transparency and oversight (AITO), and governance and post-market monitoring (AIGM). It generates the Article 11 / Annex IV technical documentation pack and the Article 47 declaration of conformity, and keeps the register, classification rationale and logs linked so the whole pack stays exportable on request. The engine is deterministic and rule-based: the same inputs produce the same output, the same logic every time, with no model inference and no hallucination — so the file an auditor receives is reproducible and traceable to its source data.
Frequently Asked Questions
Who conducts an EU AI Act audit? Two public bodies and your own stakeholders. National market-surveillance authorities (Article 74) enforce the Act and can request documentation and logs. For certain high-risk systems, a notified body runs third-party conformity assessment (Article 43, Annex VII). Enterprise customers and internal audit teams also review the same evidence base before and after deployment.
What documents can a market-surveillance authority request? Authorities can require the full technical documentation built to Annex IV and the automatically generated logs kept under Article 12, in a language they understand. They may also ask for the risk management file, data-governance records, the declaration of conformity and registration details, and can order corrective action, restriction, withdrawal or recall where a system is non-compliant.
What is the penalty for giving incorrect information to an AI Act authority? Supplying incorrect, incomplete or misleading information to notified bodies or competent authorities is a distinct breach under Article 99(5), with fines up to €7.5 million or 1% of total worldwide annual turnover, whichever is higher. It is separate from the €15M / 3% tier for obligation breaches and the €35M / 7% tier for prohibited practices.
When do EU AI Act high-risk obligations start applying? The statute in force still says 2 August 2026 for stand-alone high-risk Annex III systems. The Digital Omnibus political agreement of May 2026 proposes deferring that to 2 December 2027 (and Annex I product systems to 2 August 2028), but as of June 2026 it is not yet law — it still needs Parliament, Council and Official Journal steps. Plan against the live date.
Do I need to prepare for an audit now if high-risk rules are delayed? Yes. The Article 5 prohibitions have applied since February 2025, GPAI obligations since August 2025, and the Article 4 AI literacy duty is already live. Critically, audit evidence like Article 12 logs, Article 10 data records and Article 9 risk iterations accrues over time and cannot be retrofitted, so building the file early is what makes a later review survivable.
What is the difference between a notified body and a market-surveillance authority? A notified body is an accredited private organisation that performs third-party conformity assessment before a high-risk system reaches the market (Article 43, Annex VII), checking the quality system and technical documentation. A market-surveillance authority is the public enforcer designated by each Member State under Article 74, which investigates non-compliance and imposes penalties after a system is on the market.
What goes in an EU AI Act audit-readiness checklist? Map each evidence item to its Article and where it lives: the AI system register and classification rationale (Article 6 / Annex III), risk management (Article 9), data governance (Article 10), technical documentation (Article 11 / Annex IV), logs (Article 12), human oversight (Article 14), conformity assessment (Article 43), declaration of conformity (Article 47), EU database registration (Article 49) and AI literacy evidence (Article 4).
Related guides
- How to prove EU AI Act compliance
- Technical documentation requirements
- Annex IV technical documentation contents
- Article 12 record-keeping and logs
- The EU AI Act readiness assessment
- Annex IV technical documentation template
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →