EU AI Database: What It Is, Who Registers, and What Gets Listed

The EU AI database is the central registry for high-risk AI systems falling under Annex III of Regulation (EU) 2024/1689. It is established under Article 71 of the EU AI Act. The obligation to actually register your system is a separate provision — Article 49 — and the distinction matters: Article 71 creates the infrastructure; Article 49 creates the legal duty. This article covers both, while the companion article EU AI Act Article 49: the registration obligation focuses on the registration procedure in detail.

The database is managed by the European Commission and is publicly searchable for most entries. It went live ahead of the high-risk compliance deadline. Under the Digital Omnibus agreed in May 2026, that deadline for stand-alone Annex III systems is now 2 December 2027 (pushed back from the original August 2026 date). That is the operative registration deadline for most companies reading this.

---

What the EU database is

Article 71 establishes a single EU-level registry of high-risk AI systems. The Commission sets it up and maintains it; national competent authorities and market surveillance bodies can access it; and a public-facing section is searchable by anyone.

The database is not a certification register. Being listed does not mean your system is approved or compliant. It means you have notified the Commission of its existence, its classification, and the key facts about it. Think of it as a declaration, not a licence.

---

Who registers

Three groups have registration obligations under Article 49:

1. Providers of Annex III high-risk AI systems. If you develop and place on the EU market — or put into service — an AI system that falls within one of the eight Annex III areas, you register it before market entry. This applies whether you are established in the EU or a third country. A third-country provider that does not have an EU establishment must appoint an authorised representative (Article 22), and that representative registers the system on the provider's behalf.

2. Providers who conclude their Annex III system is NOT high-risk under Article 6(3). The Article 6(3) filter allows a provider to determine that a system nominally falling in an Annex III category does not, in fact, pose a significant risk of harm — because it performs only a narrow procedural task, improves a previously completed human activity, detects patterns without replacing human assessment, or does preparatory work. But the provider must document that determination and, critically, also register it in the EU database. The system is registered as a non-high-risk Annex III system, not simply omitted. (The one hard limit: any system that profiles natural persons is always high-risk and cannot use the Article 6(3) exemption.)

3. Certain deployers that are public authorities or EU bodies. Article 49(3) extends a registration obligation to deployers that are public authorities — including EU institutions, agencies, and bodies — when they put a high-risk Annex III system into service. A public authority deploying a high-risk AI system for benefits eligibility determinations, for example, registers its use separately from the provider's registration.

Private-sector deployers (companies using a high-risk system supplied by a third-party provider) do not register as deployers. The provider's registration covers the system.

---

Which systems are covered — and which are not

The EU database covers Annex III systems only. These are the eight use-case areas declared high-risk by the legislature:

1. Biometrics — remote biometric identification, biometric categorisation, emotion recognition (where permitted)
2. Critical infrastructure — safety components in digital infrastructure, road traffic, utilities
3. Education and vocational training — access decisions, performance evaluation, exam-cheating monitoring
4. Employment and worker management — recruitment, screening, promotion, termination, task allocation, monitoring
5. Access to essential private and public services — creditworthiness and credit scoring (fraud detection excluded), health and life insurance risk and pricing, emergency dispatch, public-benefits eligibility
6. Law enforcement — risk of offending or re-offending, polygraphs, evidence reliability assessment, profiling
7. Migration, asylum, and border control — risk assessment, application examination, document verification
8. Administration of justice and democratic processes — assisting judicial authorities, influencing elections or referenda

Annex I systems — high-risk AI embedded as safety components in regulated products (medical devices under MDR, machinery under the Machinery Regulation, etc.) — are not registered in the EU database. Their conformity goes through product-specific routes, and they have a separate deadline: 2 August 2028.

---

Public versus restricted sections

The database is not uniformly open. Article 71 draws a clear line.

The public section covers the vast majority of Annex III categories. Anyone can search by system name, provider, intended purpose, and Annex III classification. This is the transparency function: civil society, researchers, affected individuals, and competitors can look up what systems are on the market.

The restricted section covers three Annex III areas where public disclosure would compromise operational security or create specific risks:

• Annex III point 1 where applied by law-enforcement authorities — biometric systems used in law-enforcement contexts
• Annex III point 6 — law-enforcement AI systems (risk of offending/re-offending assessments, profiling, polygraphs)
• Annex III points 7 — migration, asylum, and border-control AI systems

For these, the registered information is accessible to national competent authorities, market surveillance bodies, and the Commission, but not the general public. The Commission publishes only aggregated statistics for restricted entries.

---

What data goes into the database (Annex VIII)

The content of a registration entry is specified in Annex VIII of the Regulation. It covers two groups of information: what the provider submits for the system itself, and what a deployer (public authority) submits for its use of a high-risk system.

For providers, the Annex VIII data includes:

• Name, address, and contact details of the provider (and authorised representative, if applicable)
• Name of the system, version, and intended purpose
• The Annex III category under which it is classified
• Whether the provider has used the Article 6(3) non-high-risk determination (and the basis for that conclusion)
• The EU declaration of conformity under Article 47 — or, for non-high-risk Article 6(3) entrants, the documentation of the determination
• A general description of the system, including its capabilities and limitations
• Status of the system (on the market, withdrawn, recalled)
• Countries where the system is made available

For public-authority deployers, Annex VIII requires:

• Name, address, and contact details of the deployer
• Which system is being used and the provider's registration reference
• A description of the use case — the specific context and purpose for which the system is deployed
• Whether a Fundamental Rights Impact Assessment (Article 27) has been conducted

This data is submitted through the Commission's online portal. Entries must be kept current — a change in intended purpose, withdrawal from the market, or a modification that affects the high-risk classification triggers an update obligation.

---

How to register

The Commission operates a dedicated registration portal linked from the EU AI Act Service Desk (digital-strategy.ec.europa.eu). The process follows these steps:

Step 1 — Confirm classification. Before registering, determine whether your system is genuinely Annex III and whether the Article 6(3) non-high-risk filter applies. If you are using the filter, document it. If not, confirm the Annex VIII data is ready.

Step 2 — Prepare the Annex VIII data package. This is not a short form. You will need the technical documentation (Article 11 / Annex IV), the EU declaration of conformity (Article 47 / Annex V), and a clear description of intended purpose and affected groups.

Step 3 — Create or access your organisational account on the portal. A legal representative of the provider (or the authorised representative, for third-country providers) creates the account and is responsible for the accuracy of the submission.

Step 4 — Submit the registration. Complete the structured form with all Annex VIII fields. For restricted-section systems (law enforcement, migration, biometrics in law-enforcement use), the portal routes the submission appropriately.

Step 5 — Keep the entry current. Article 49(1) requires providers to update the registration whenever relevant information changes. If you withdraw the system, update accordingly. If the intended purpose changes in a way that affects its Annex III classification, update immediately.

---

Keeping the entry current

Registration is not a one-time event. The Act imposes ongoing accuracy obligations. A provider that makes a substantial modification to a high-risk system — defined in Article 3(23) as a change affecting the system's compliance with the high-risk requirements or altering its intended purpose — must update the registration before re-releasing the modified system.

Similarly, if a previously registered system is subsequently determined by the provider to fall below the high-risk threshold (perhaps after an Article 6(3) self-assessment following a scoping change), the provider must update the entry to reflect that determination. Leaving an outdated or inaccurate entry in the database violates Article 49 and can attract the misinformation penalty tier.

---

The deadline

For stand-alone Annex III high-risk systems, 2 December 2027 is when the full high-risk obligation stack — including Article 49 registration — applies. This is the date set under the Digital Omnibus political agreement of May 2026, which deferred the original 2 August 2026 deadline.

That deferral is real and authoritative. But the Annex VIII data package takes months to assemble properly: technical documentation, the Article 47 declaration of conformity, the risk management records underpinning Articles 9 through 15. Companies starting this in late 2027 will be filing incomplete registrations under pressure. The registration is the output of a compliance programme, not the starting point.

---

Penalties for non-registration and inaccurate information

Failing to register a high-risk system, or registering it with false or misleading information, is an enforceable breach. The penalty structure under Article 99:

• Non-compliance with the registration obligation (placing an unregistered high-risk system on the market) falls under Article 99(4): up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher.
• Supplying incorrect, incomplete, or misleading information in a registration falls under Article 99(5): up to €7,500,000 or 1% of total worldwide annual turnover, whichever is higher.

For companies that qualify as SMEs or start-ups under Article 99(6), the fine is capped at the lower of the fixed amount or the percentage — a meaningful proportionality protection.

---

How Confir helps

Assembling an Annex VIII registration entry is downstream of having the full compliance documentation in place. Confir's rule-based, deterministic engine generates the data you need: the Annex IV technical documentation pack (Article 11), the Article 47 / Annex V EU Declaration of Conformity, and the Article 27 Fundamental Rights Impact Assessment for deployers that need it. The Article 6(3) non-high-risk assessment is also structured and documented within Confir, so providers using the filter have an audit-ready record to support their registration entry.

Because the engine applies explicit rules — not probabilistic inference — the same intake always produces the same finding. That reproducibility matters when you are making a formal registration statement to the Commission.

---

Frequently asked questions

What is the difference between Article 71 and Article 49 of the EU AI Act?

Article 71 establishes the EU database for high-risk AI systems — it creates the registry and defines its structure, the Commission's responsibilities for managing it, and the public/restricted access rules. Article 49 creates the legal obligation to register: who must do it, when, and for which systems. You follow Article 49 to comply; you submit data into the infrastructure created by Article 71. Both articles are real and distinct; citing one when you mean the other is a material error.

Who actually submits the registration — the provider or the deployer?

Providers submit for their systems before placing them on the market. Public-authority deployers submit separately to record their use of a high-risk system. Private-sector deployers (companies using a provider's high-risk system) do not register independently — the provider's entry covers the system. If a third-country provider has appointed an authorised representative under Article 22, the representative handles the submission.

If I conclude my Annex III system is not high-risk under Article 6(3), do I still register?

Yes. Providers that apply the Article 6(3) non-high-risk filter must register that determination in the EU database. The entry records the system, the Annex III area it nominally falls under, and the documented basis for concluding it does not pose a significant risk. This is not optional — it is the mechanism by which the regulator can audit the self-assessment.

What goes in the restricted (non-public) section of the database?

Systems used in law-enforcement contexts (Annex III point 6), migration, asylum, and border control (point 7), and biometric systems used by law-enforcement authorities (point 1 in that context) go into the restricted section. The data is accessible to competent authorities and the Commission but not publicly searchable. Aggregate statistics are published. The vast majority of Annex III registrations — employment, credit, education, benefits — are in the public section.

When is the registration deadline?

For stand-alone Annex III high-risk systems, 2 December 2027, under the Digital Omnibus agreed in May 2026. For AI systems that are safety components of regulated products (Annex I), the deadline is 2 August 2028 — and those systems register through product-specific routes, not the EU database. The original 2 August 2026 date has been formally deferred for Annex III systems.

What happens if I supply incorrect information in my registration?

Providing incorrect, incomplete, or misleading information to the EU database triggers Article 99(5): up to €7,500,000 or 1% of total worldwide annual turnover, whichever is higher. Deliberate misrepresentation could also support broader enforcement action on the underlying compliance obligations. Accuracy is not just a legal duty — for a system in the public section, the entry is visible to regulators, civil society, and affected individuals.

---

Related guides

• risk classification framework
• Article 6 high-risk criteria
• OpenAI API compliance status
• Article 8 technical requirements
• EU AI Act overview
• Annex III social benefits assessment
• high-risk AI system inventory management