The Annex IV Technical Documentation Template for High-Risk AI Systems
A copy-paste Annex IV technical documentation template covering all 9 content requirements under Article 11, kept available to authorities for 10 years.
Article 11 of the EU AI Act (Regulation (EU) 2024/1689) requires the provider of a high-risk AI system to draw up technical documentation before the system is placed on the market or put into service — and to keep it current for as long as the system is in use. The minimum contents of that documentation are not left to your judgment: they are fixed by Annex IV, which lays out the headings the file must contain.
This page gives you a copy-paste Annex IV technical documentation template, walks through each content requirement point by point, and shows how the file ties into conformity assessment, the EU declaration of conformity, and EU database registration. Treat Annex IV as a structured list of evidence categories — not a free-form report — and the file stays audit-ready.
For the underlying duty, see the technical documentation obligation and the legal background in Article 11.
What Annex IV Technical Documentation Is — And Who Must Produce It
Annex IV is the schedule that defines what a high-risk AI system's technical file must contain. It is referenced from Article 11 and exists to give national authorities a single, predictable place to look when they want to verify that a system actually complies with the law.
The Article 11 obligation and the Annex IV minimum contents — Article 11
Article 11(1) requires the provider of a high-risk AI system to draw up the technical documentation before the system is placed on the market or put into service, and to keep it up to date thereafter. This is a pre-market gate, not a retrospective tidy-up.
The documentation must be drawn up so that it demonstrates the system complies with the requirements set out in Section 2 of Chapter III — that is, Articles 8 to 15 (risk management, data governance, technical documentation, record-keeping, transparency, human oversight, and accuracy/robustness/cybersecurity). It is not a marketing document; it is the evidence base.
Crucially, the contents are fixed by Annex IV. The nine numbered headings of Annex IV define the skeleton, so you are not inventing a structure — you are filling in a prescribed one. See Annex IV explained for the headline-level overview.
Who is on the hook: providers of high-risk AI systems
The Article 11 / Annex IV duty falls on the provider — the actor that develops a high-risk AI system, or has one developed, and places it on the market or puts it into service under its own name or trademark. Deployers do not draw up Annex IV documentation, although they have their own obligations (record-keeping under Article 26, and a Fundamental Rights Impact Assessment under Article 27 for some).
Note one trap: a deployer that substantially modifies a high-risk system, or puts its own name on it, can become a provider under Article 25 — and then inherits the Annex IV duty. If you are repackaging or materially altering someone else's high-risk system, assume the documentation obligation may be yours.
The 10-year retention and authority-access rule — Article 18
The file is not write-once. Under Article 18, the provider must keep the technical documentation, the EU declaration of conformity, and related records at the disposal of the national competent authorities for 10 years after the system is placed on the market or put into service.
Because an authority can request the file at any time during that window, the practical rule is simple: keep Annex IV current as the system evolves, rather than reconstructing it the week a regulator calls. A file assembled retrospectively rarely survives scrutiny.
The Annex IV Content Requirements, Point by Point
Annex IV is a numbered list of content headings. Every in-scope provider must address all of them in writing, scoped to what is relevant for the specific system. There is no discretion to drop a heading because it feels less relevant — you address it, even if only to record why it does not apply.
Point 1 — General description and intended purpose — Annex IV point 1
A general description of the AI system: its intended purpose, the name of the provider and the system versions, how the system interacts with (or can be used with) hardware or software that is not part of the system itself, the relevant versions of any software or firmware, and the form in which the system is placed on the market or put into service.
Point 2 — Elements and development process — Annex IV point 2
A detailed description of the elements of the system and the process for its development. This is the largest heading and typically includes the methods and steps for development, system architecture, computational resources, data requirements (data sheets describing training methodologies and datasets), the human oversight measures designed in (Article 14), and the validation and testing procedures used.
Point 3 — Monitoring, functioning and control — Annex IV point 3
Detailed information about the monitoring, functioning and control of the system: its capabilities and limitations in performance, the expected level of accuracy for the intended purpose, and the foreseeable unintended outcomes and sources of risk to health, safety, fundamental rights, and discrimination.
Point 4 — Performance metrics — Annex IV point 4
Where appropriate, a description of the appropriateness of the performance metrics for the specific system. This is where you justify why the metrics you report (accuracy, false-positive/negative rates, and so on) are the right ones for the intended purpose.
Point 5 — Risk management system — Annex IV point 5 and Article 9
A detailed description of the risk management system in accordance with Article 9 — the iterative, lifecycle process of identifying, evaluating, and mitigating risks. Annex IV point 5 is effectively a pointer to your Article 9 record.
Point 6 — Lifecycle changes — Annex IV point 6
A description of any relevant changes made by the provider to the system through its lifecycle. This is the heading your change log feeds: every material modification belongs here.
Point 7 — Standards applied — Annex IV point 7
The list of harmonised standards applied in full or in part, or — where no harmonised standards were applied — a detailed description of the other solutions adopted to meet the Article 8 to 15 requirements.
Point 8 — EU declaration of conformity — Annex IV point 8 and Article 47
A copy of the EU declaration of conformity referred to in Article 47. The declaration is not a separate filing that lives elsewhere — a copy sits inside the Annex IV file itself.
Point 9 — Post-market monitoring plan — Annex IV point 9 and Article 72
A detailed description of the system in place to evaluate the AI system's performance in the post-market phase, in line with Article 72 — the post-market monitoring obligation. For the per-heading detail, see the Annex IV requirements and the broader AI technical documentation guide.
The Copy-Paste Annex IV Template Skeleton
The most reliable way to keep Annex IV audit-ready is to treat each heading as a folder, not a paragraph — a place to collect the evidence that proves compliance, with a short narrative on top. Here is a clean skeleton mapped one-to-one to the Annex IV points.
ANNEX IV TECHNICAL DOCUMENTATION
System identifier: ____ Version: ____ Owner: ____
Last reviewed: ____ Conformity route: Annex VI / Annex VII
Change log: see Section 6
1. General description & intended purpose
2. Elements & development process
3. Monitoring, functioning & control
4. Performance metrics
5. Risk management system (Article 9)
6. Lifecycle changes (change log)
7. Harmonised standards applied (or other solutions)
8. EU declaration of conformity (Article 47) — copy attached
9. Post-market monitoring plan (Article 72)
Section-by-section: what evidence to attach
Each numbered section should hold the supporting evidence, not just prose. Map the evidence categories like this:
| Annex IV section | Evidence to attach | Driving Article |
|---|---|---|
| 1 General description | Intended-purpose statement, version register, deployment form | Article 11 |
| 2 Elements & development | Architecture diagrams, data governance records, dataset data sheets, human-oversight design | Articles 10, 14 |
| 3 Monitoring & control | Capabilities/limitations note, accuracy ranges, foreseeable-risk register | Article 13 |
| 4 Performance metrics | Metric justification, test logs | Article 15 |
| 5 Risk management | Article 9 risk register and mitigations | Article 9 |
| 6 Lifecycle changes | Running change log with dates and rationale | Article 11(1) |
| 7 Standards | List of harmonised standards or other-solutions rationale | Article 40 |
| 8 Declaration of conformity | Signed Article 47 DoC (copy) | Article 47 |
| 9 Post-market monitoring | Monitoring plan and data-collection method | Article 72 |
Version control, ownership, and the change log
Put a document control header on every Annex IV file: system identifier, version, owner, last-reviewed date, and a running change log. That change log is not just hygiene — it directly feeds Annex IV point 6 (lifecycle changes). Because an authority can request the file at any time under Article 18, the skeleton should be kept current continuously rather than assembled the week before an audit.
The Simplified Technical Documentation Form for SMEs
The Regulation builds in proportionality for smaller actors — but proportionality is not exemption. The system still has to actually comply.
What Article 11(1) allows for SMEs and start-ups — Article 11
Article 11(1) provides that SMEs, including start-ups, may provide the elements of the Annex IV technical documentation in a simplified manner, using a form to be established by the Commission. The aim is to reduce the documentary burden on companies that lack a large compliance function.
What the simplified form does not change
The simplified form changes how much paperwork you produce — not what the system must do. The substantive Article 8 to 15 requirements still apply in full: the system must still have a risk management system, governed data, human oversight, and demonstrable accuracy and robustness. And where a notified body is involved in conformity assessment, it must accept the simplified form if it contains all the required elements.
When the simplified form may not be enough
For a genuinely complex or high-stakes system, the simplified structure may not carry enough evidence to pass conformity assessment or satisfy an authority — at which point you fill in the detail anyway. Use the simplified form as a starting structure, not a ceiling.
One related comfort for smaller actors: penalties are also proportionate. Under Article 99(6), fines for SMEs and start-ups are calculated to take their size into account, capping exposure relative to larger operators.
How Annex IV Ties to Conformity Assessment and EU Database Registration
The Annex IV file does not sit on its own. It is the spine that the conformity assessment, the declaration of conformity, the CE marking, and the EU database entry all hang from.
Annex IV as the evidentiary basis of conformity assessment — Article 43
The Annex IV file is the evidence a provider relies on to pass conformity assessment under Article 43. There are two routes:
| Route | When it applies | Who assesses |
|---|---|---|
| Internal control (Annex VI) | Most Annex III high-risk systems | The provider itself |
| Notified body (Annex VII) | Certain biometric systems, and high-risk AI embedded in Annex I products | An external notified body |
See conformity assessment for the full place-on-market sequence.
The EU declaration of conformity — Article 47
Once conformity assessment is passed, the provider draws up the EU declaration of conformity under Article 47 and affixes the CE marking (Article 48). The declaration is itself Annex IV point 8, so the file references the very document its existence helps justify.
Article 49 registration in the EU database — Article 49
Before placing most Annex III high-risk systems on the market or putting them into service, providers (and certain deployers) must register the system in the EU database under Article 49. The registration draws on the same facts captured in Annex IV.
The sequence is therefore: build the Annex IV file, pass conformity assessment under Article 43, issue the Article 47 declaration of conformity and affix the CE marking, then register under Article 49.
When the High-Risk Obligations Actually Apply
The Article 11 / Annex IV duty is tied to the high-risk applicability date — and that date is in flux as of June 2026. Here is the honest position.
The statutory 2 August 2026 date — Article 113
As the statute currently reads, the obligations for stand-alone Annex III high-risk systems — including the Article 11 / Annex IV documentation duty — apply from 2 August 2026 under Article 113. Until the law changes, this is the binding date.
The Digital Omnibus proposal to defer to 2 December 2027
The Digital Omnibus reached provisional political agreement on 6–7 May 2026, with COREPER confirming the text around 13 May 2026. The package agreed to defer the stand-alone Annex III high-risk date from 2 August 2026 to 2 December 2027, and to move Annex I product-embedded high-risk systems (Article 6(1)) from 2 August 2027 to 2 August 2028.
Importantly, these are fixed calendar dates. The "stop-the-clock" proposal — which would have tied the delay to the availability of harmonised standards — was rejected, so the deferral is not standards-contingent.
Why the deferral is agreed but not yet law
As of June 2026, this deferral is agreed but not yet law. It still needs a European Parliament plenary vote, formal Council adoption, and publication in the Official Journal. Until those steps complete, the binding date remains 2 August 2026 — so plan to that date and treat the deferral as upside, not as a settled extension.
For context, not everything moved: Article 5 prohibited practices have applied since 2 February 2025, and general-purpose AI model obligations under Articles 51 to 55 since 2 August 2025. Those dates were not changed.
How Confir Generates Annex IV Documentation Deterministically
Confir takes a single high-risk system from registration and Article 6 classification, through the guided assessment, to the Annex IV technical file — scoping the content to the points that actually apply to your system rather than forcing you through irrelevant headings.
The synthesis engine is deterministic and rule-based: the same inputs always produce the same Annex IV output, using the same logic every time, with no model inference and no hallucination. That reproducibility matters in a regulatory context — an auditor or national authority can re-run the same inputs and get the same file. Every Annex IV section references the Article or Annex driving it (Article 9 for risk management, Article 47 for the declaration of conformity, Article 72 for post-market monitoring), and the audit trail records which rule fired and when.
Confir is an EU AI Act compliance specialist, not a law firm. For Annex IV outputs relied on in a regulatory filing, have a qualified lawyer review the file before you submit it. The stakes justify the review: non-compliance with the core high-risk obligations can reach EUR 15 million or 3% of total worldwide annual turnover, whichever is higher, under Article 99(4), and supplying incorrect, incomplete, or misleading information to a notified body or authority can reach EUR 7.5 million or 1% under Article 99(5).
Frequently Asked Questions
What is Annex IV of the EU AI Act?
Annex IV of Regulation (EU) 2024/1689 sets out the minimum contents of the technical documentation a provider of a high-risk AI system must compile under Article 11. It defines nine content headings, from the general system description and development process to the risk management system, the EU declaration of conformity, and the post-market monitoring plan.
What must Annex IV technical documentation contain?
Annex IV requires: a general description and intended purpose; the system elements and development process; monitoring, functioning and control; performance metrics; the Article 9 risk management system; lifecycle changes; the standards applied; a copy of the Article 47 EU declaration of conformity; and the Article 72 post-market monitoring plan. Each heading should hold the evidence supporting it.
Who is responsible for the Annex IV technical file?
The provider of the high-risk AI system is responsible under Article 11 for drawing up the technical documentation before the system is placed on the market and keeping it up to date. The file must be available to national competent authorities on request and retained for 10 years after the system is placed on the market or put into service.
Is there a simplified Annex IV form for small companies?
Yes. Article 11(1) lets SMEs, including start-ups, provide the Annex IV elements in a simplified manner using a form established by the Commission. It reduces the documentary burden but not the substantive duty — the system must still meet the Article 8 to 15 requirements, and a notified body must accept the simplified form if it is complete.
How does Annex IV relate to conformity assessment?
The Annex IV file is the evidence a provider relies on to pass conformity assessment under Article 43 — internal control under Annex VI for most Annex III systems, or a notified body under Annex VII for certain biometric and product systems. Passing it leads to the Article 47 declaration of conformity, CE marking, and Article 49 EU database registration.
When do the Annex IV documentation obligations apply?
As the statute currently reads, obligations for stand-alone Annex III high-risk systems, including Annex IV documentation, apply from 2 August 2026. The Digital Omnibus agreed in May 2026 to defer this to 2 December 2027, but as of June 2026 that change is not yet law — it still needs a Parliament vote, Council adoption, and publication.
How long must Annex IV technical documentation be kept?
Providers must keep the Annex IV technical documentation and the EU declaration of conformity at the disposal of national competent authorities for 10 years after the high-risk AI system is placed on the market or put into service, under Article 18. The file must stay current, not be assembled only when an authority requests it.
Related guides
- Annex IV explained
- the Annex IV requirements
- AI technical documentation
- the technical documentation obligation
- Article 11
- conformity assessment
Last reviewed June 2026. Cites Regulation (EU) 2024/1689 (EU AI Act).
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →