The Simplified Technical Documentation Form for SMEs and Start-ups Under the EU AI Act
How SMEs use the simplified Annex IV form under Article 11(1) of the EU AI Act. Same evidence, leaner drafting, with high-risk rules from 2 December 2027.
If your company is a small or medium-sized enterprise or a start-up building a high-risk AI system, Article 11(1) of Regulation (EU) 2024/1689 gives you a specific concession: the European Commission is to establish a simplified technical documentation form aimed at your needs, which you may then complete and use instead of drafting a full standalone Annex IV dossier.
The concession is real but narrow. It reduces the drafting and evidence-compilation burden — the volume and format of what you produce. It does not lower the substantive bar. Your high-risk system must still meet every requirement in Chapter III, Section 2 of the Regulation: the risk management system, data governance, human oversight, accuracy, robustness and cybersecurity. The simplified form is a leaner way to present the same evidence, not a smaller set of obligations.
One practical caveat as of June 2026: the enabling provision in Article 11(1) is in force, but the standardised simplified form itself is still subject to Commission specification. Until that template is published, the safe approach is to document against the full Annex IV structure now and condense into the simplified layout once it lands — the underlying evidence is identical either way.
What the Simplified Technical Documentation Form Is
Article 11(1) and the SME-specific provision
Article 11 requires every provider of a high-risk AI system to draw up the technical documentation obligation before the system is placed on the market or put into service, and to keep it up to date. The minimum contents are fixed in Annex IV. Within that same article, Article 11(1) carries a targeted instruction to the Commission: establish a simplified technical documentation form that meets the needs of SMEs, including start-ups, which those providers may complete and use.
The point of the provision is proportionality. A five-person company shipping a CV-screening tool should not have to assemble the same exhaustive dossier as a large multinational, where that exhaustiveness adds cost without adding regulatory value.
Why a lighter form exists
The legislator's reasoning is consistent across the Act: smaller providers face the same legal obligations but have far less compliance capacity. So the form is the documentation-side counterpart to other SME measures — proportionate conformity-assessment fees under Article 62 and a proportional cap on fines under Article 99(6). The lighter form lowers the cost of demonstrating compliance, not the compliance itself.
Status: enabled by statute, form pending Commission
As of June 2026 the enabling text is law, but the form is not yet a published template. That gap matters for planning: you cannot "use the simplified form" today as a finished artefact, because the Commission has not yet specified it. What you can do is build your evidence base against the full Annex IV requirements and be ready to condense it the moment the template appears.
Who Qualifies: SME and Start-up Definitions
The SME definition the Act borrows
The EU AI Act does not invent a new size threshold. It relies on the established EU definition in Commission Recommendation 2003/361/EC: fewer than 250 staff, and either an annual turnover not exceeding EUR 50 million or a balance-sheet total not exceeding EUR 43 million. Within that band, micro enterprises (fewer than 10 staff and turnover or balance sheet not exceeding EUR 2 million) and small enterprises receive the most proportionate treatment.
How start-ups are treated
The Act repeatedly pairs "SMEs, including start-ups" as the intended beneficiaries of its relief measures. Start-ups are not given a separate legal definition; they are addressed alongside SMEs throughout the proportionality provisions, including Article 62 and the Article 11(1) simplified form. If you meet the Recommendation 2003/361/EC thresholds, the form is available to you regardless of how young the company is.
Group and ownership tests
The linked-enterprise and partner-enterprise rules from Recommendation 2003/361/EC apply in full. A company that is, on its own headcount and turnover, comfortably an SME may not qualify if it is majority-owned by a large group — the group's figures are aggregated. Document your size classification explicitly, including ownership structure, so a market surveillance authority cannot later dispute your entitlement to proportionate treatment.
Qualifying as an SME unlocks more than the form. It also opens proportionate conformity-assessment fees under Article 62 and the proportional fine cap under Article 99(6) — covered below.
Full Annex IV Versus the Simplified SME Form, Section by Section
The eight Annex IV content blocks
Annex IV sets out the required content blocks: (1) a general description of the system; (2) a detailed description of its elements and the development process; (3) monitoring, functioning and control; (4) performance metrics and their appropriateness; (5) the risk management system under Article 9; (6) lifecycle changes; (7) the harmonised standards applied; and (8) the EU declaration of conformity together with the post-market monitoring plan.
What the simplified form must still contain
The simplified SME form is expected to let you supply the same categories of information in a condensed, template-driven way rather than as an extensive standalone dossier. Every Annex IV element is covered — but with proportionate depth. The reduction is in drafting effort and volume, not in the legal substance being evidenced.
Where the burden is reduced, not removed
The core substantive elements cannot be dropped. Whatever the form, you must keep demonstrable: the risk management system (Article 9), data governance evidence (Article 10), human oversight design (Article 14), and accuracy, robustness and cybersecurity measures (Article 15). Authorities can still request the documentation, and it must remain available for ten years.
The table below maps each Annex IV section to its likely treatment under the simplified form. Rows marked "depends on Commission spec" are not yet final as of June 2026.
| Annex IV element | Full-form treatment | Simplified-form treatment |
|---|---|---|
| 1. General description of the system | Full narrative | Condensed template fields (depends on Commission spec) |
| 2. Elements & development process | Extensive, including data lineage | Condensed, key facts retained (depends on Commission spec) |
| 3. Monitoring, functioning & control | Full detail | Condensed template |
| 4. Performance metrics & appropriateness | Full justification | Retained — metric choice must still be justified |
| 5. Risk management system (Art 9) | Full risk file | Retained in full — cannot be condensed away |
| 6. Lifecycle changes | Full change log | Retained — must stay current |
| 7. Harmonised standards applied | Full list & divergences | Cross-referenced / condensed |
| 8. EU declaration of conformity + PMM plan | Full copy + plan | Retained in full |
The pattern is clear: presentational sections compress; the legally load-bearing rows (risk management, the declaration, the monitoring plan, metric justification) stay in full.
How the Simplified Form Interacts With Conformity Assessment
Internal control versus notified body routes
Technical documentation is the evidentiary core of the conformity assessment. Under Article 43, most Annex III high-risk systems use the internal-control procedure (Annex VI), where the provider self-assesses against its own documentation. Certain biometric systems and high-risk AI embedded in Annex I products require a notified body (Annex VII).
Documentation as the assessment input
Using the simplified form does not change which conformity-assessment route applies. Route selection is driven by the type of system, not by company size. A leaner but complete simplified form still has to support the full Article 43 conclusion — for the internal-control route, that means your own self-assessment rests on it; for the notified-body route, it is what the body reads.
What changes for SMEs
What does change is cost. Article 62 directs Member States and the AI Office to give SMEs and start-ups priority access to regulatory sandboxes and to set conformity-assessment fees proportionately to company size and market needs. That reduces the cost layered on top of the documentation effort. Note too that a substantial modification to the system after assessment triggers a fresh conformity assessment under Article 43(4) — so the documentation, simplified or full, must be kept current.
From Documentation to the EU Declaration of Conformity and CE Mark
What the declaration asserts
After a successful conformity assessment, the provider draws up a single written EU declaration of conformity under Article 47 and keeps it at the disposal of national competent authorities for ten years. The declaration is the provider's formal statement that the system meets the Regulation; the technical documentation is what backs it up.
Where it sits in Annex IV
The EU declaration of conformity is itself a required component of the technical documentation (Annex IV, point 8). So even the simplified form must capture it — it is not an optional add-on.
Registration in the EU database
The CE marking under Article 48 is the visible artefact that the high-risk system has passed conformity assessment; the documentation sits behind it as the supporting dossier. Most stand-alone high-risk systems must also be registered in the EU database under Article 49 before being placed on the market — regardless of whether the simplified form was used.
Digital Omnibus and the Direction of SME Relief
The agreed deferral of high-risk dates
The Digital Omnibus reached provisional political agreement on 6-7 May 2026, with the COREPER text confirmed around 13 May 2026, and is broadly framed around reducing burden on SMEs and start-ups. It agreed to defer stand-alone high-risk Annex III obligations (Article 6(2)) from 2 August 2026 to 2 December 2027, and Annex I product-embedded high-risk (Article 6(1)) from 2 August 2027 to 2 August 2028.
What has not moved
Not everything moved. Article 5 prohibitions have applied since 2 February 2025. GPAI obligations (Articles 51-55) have applied since 2 August 2025. Most Article 50 transparency is unchanged, with content-marking shifting to 2 December 2026, and a new 2 December 2026 deadline was added for the CSAM / "nudifier" ban and content marking. Importantly, the new dates are fixed calendar dates — the "stop the clock" proposal that would have tied the delay to harmonised-standards availability was rejected, so the deferral must not be described as standards-contingent.
The freshness caveat as of June 2026
The critical caveat: as of June 2026 the Digital Omnibus is agreed but not yet law. It still needs a European Parliament plenary vote, formal Council adoption, and Official Journal publication. Until those steps complete, the statute still reads 2 August 2026 for high-risk Annex III. Treat the 2 December 2027 date as the likely, not the certain, deadline — and prepare accordingly.
Practical Path for SMEs Preparing the Documentation Now
Working against full Annex IV until the form lands
Because the simplified form is not yet specified, the safe path is straightforward:
- Compile against the full Annex IV structure now. Build each of the eight content blocks as if you were preparing the complete dossier.
- Tag your size classification. Record headcount, turnover or balance sheet, and ownership structure so your SME entitlement is documented.
- Condense into the simplified template once published. When the Commission specifies the form, map your existing evidence into it — no new evidence is needed.
- Keep the file current. Update lifecycle changes (Annex IV point 6) and re-run conformity assessment on any substantial modification under Article 43(4).
Building reusable evidence
The extra runway from the agreed 2 December 2027 high-risk date is preparation time, not a reason to wait — especially since it is not yet law and could shift. The evidence you assemble (risk file, data governance records, oversight design, test results) is reusable across the full and simplified forms, the declaration, and the conformity record.
Why completeness matters
Penalties make completeness worth the effort. Most provider-obligation breaches carry fines up to EUR 15 million or 3% of worldwide annual turnover (Article 99(4)). Supplying incorrect, incomplete or misleading information to authorities is a distinct, lower tier — up to EUR 7.5 million or 1% of turnover (Article 99(5)) — which directly targets documentation quality. For SMEs and start-ups, Article 99(6) caps each fine at the lower of the percentage or fixed-amount figure.
How Confir Helps
Confir produces the appropriate documentation form deterministically. Through a structured intake, the engine maps your inputs to the full Annex IV template layout today and, once the Commission publishes the simplified SME structure, to that condensed form — without re-collecting evidence. The relevant module is AITR (the Data & Technical Robustness assessment), which covers all eight Annex IV content blocks.
The engine is deterministic and rule-based: the same inputs produce the same output, the same rules fire for the same conditions, every time — no model inference, no hallucination. Because the logic is rule-based, you can explain why each section was populated the way it was, which is exactly what an auditor or notified body will ask.
Confir also assembles the EU declaration of conformity, links it to the underlying Annex IV evidence, and keeps the declaration and conformity record in sync with the documentation — ready for either the full or simplified output. AITR sits alongside three other assessment areas: AIRC (risk classification under Articles 5 and 6), AITO (transparency and human oversight under Articles 13 and 14), and AIGM (governance and post-market monitoring under Articles 9, 72 and 73). For smaller teams, compliance software for SMEs turns the proportionality the Act promises into a workable process.
Frequently Asked Questions
What is the simplified technical documentation form for SMEs under the EU AI Act?
It is a condensed template the European Commission is to establish under Article 11(1) so SMEs and start-ups can document high-risk AI systems with less drafting burden. It covers the same Annex IV content categories but in a leaner, template-driven way. As of June 2026 the enabling provision is in force, but the form itself is still pending Commission specification.
Who qualifies as an SME or start-up under the EU AI Act?
The Act uses the EU definition in Recommendation 2003/361/EC: fewer than 250 staff and turnover not exceeding EUR 50 million or a balance sheet not exceeding EUR 43 million. Start-ups are addressed alongside SMEs throughout the proportionality measures. Linked and partner-enterprise rules apply, so a small company owned by a large group may not qualify.
Does the simplified form reduce what an SME has to comply with?
No. It reduces the volume and format of the documentation, not the legal requirements. The high-risk system must still meet the substantive obligations in Chapter III, Section 2 — including the Article 9 risk management system, Article 10 data governance, Article 14 human oversight and Article 15 accuracy and cybersecurity. The same evidence categories must remain demonstrable to authorities.
Does using the simplified form change the conformity assessment route?
No. The conformity-assessment route depends on the type of high-risk system, not company size. Under Article 43, most Annex III systems use internal control (Annex VI), while certain biometric systems and Annex I products require a notified body (Annex VII). The simplified form is the documentation input to whichever route already applies.
When do high-risk AI documentation obligations actually start?
Under the current statute, stand-alone high-risk Annex III obligations apply from 2 August 2026. The Digital Omnibus agreed in May 2026 to defer this to 2 December 2027, but as of June 2026 that change is not yet law — it still needs a European Parliament vote, Council adoption and Official Journal publication. Until then, the 2 August 2026 date stands.
What are the penalties for incomplete or incorrect technical documentation?
Most provider-obligation breaches carry fines up to EUR 15 million or 3% of worldwide annual turnover under Article 99(4). Supplying incorrect, incomplete or misleading information to authorities is a separate, lower tier of up to EUR 7.5 million or 1% under Article 99(5). For SMEs and start-ups, Article 99(6) caps each fine at the lower figure.
Is the simplified SME form available to use now?
Not yet as a published template. Article 11(1) requires the Commission to establish it, but as of June 2026 that specification is still pending. The practical approach is to document against the full Annex IV structure now and condense into the simplified form once it is published, since the underlying evidence is identical either way.
Related guides
- Annex IV documentation requirements
- The Annex IV requirements in detail
- The technical documentation obligation
- The Annex IV technical documentation template
- Article 11 full requirements
- Compliance software for SMEs
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →