EU AI Act Article 9 — risk management system for high-risk AI deployers

The Article 9 risk management cycle

Article 9(2) specifies that the risk management system shall consist of a continuous, iterative process run throughout the entire lifecycle, comprising:

1. Identification and analysis of known and reasonably foreseeable risks. This includes risks to health, safety, and fundamental rights that the high-risk AI system may pose when used as intended and when reasonably misused. For HR AI, this means analysing risks of biased candidate scoring, discriminatory task allocation, or privacy-invasive performance monitoring.
2. Estimation and evaluation of risks that may emerge when in use. Based on the intended purpose, foreseeable misuse, and information from post-market monitoring (Article 72). The estimation must take into account the probability that a risk will occur and the severity of its impact, including how reversible it is and how many persons are affected.
3. Adoption of appropriate risk-management measures. These must be designed and implemented to eliminate or reduce identified risks to the extent technically feasible. Where risks cannot be fully mitigated, residual risks must be documented and disclosed in the instructions for use.
4. Testing to ensure that the measures are effective and that the system performs consistently with its intended purpose across all the intended users and conditions of use, including testing for potential bias.

Article 9(4) — the fundamental rights dimension

Article 9(4) requires that risk management measures take due account of the technical knowledge, experience, education and training to be expected of users, and the environment in which the system is intended to be used. For HR AI deployed by an organisation where line managers receive AI recommendations but have no technical training, the provider must calibrate the risk measures to that environment — and the deployer must ensure that the human oversight function meets the competence level the provider assumed.

Article 9(4) further requires that risk management pay attention to the need to protect the health, safety, and fundamental rights of all those persons who may be affected by the system’s output, including third parties such as job applicants and monitored employees, not only the direct users of the system.

Application date

Article 9 high-risk obligations apply from 2 August 2026 for systems listed in Annex III. The Digital Omnibus provisional political agreement (7 May 2026 — not yet adopted or published in the Official Journal) proposes deferring stand-alone Annex III obligations for systems already on the market to 2 December 2027. Until formally adopted, 2 August 2026 is the binding date.

Deployer interactions with Article 9

Providers are the primary holders of the Article 9 obligation. But deployers interact with it in three concrete ways:

• Relying on the provider’s risk assessment. When a deployer selects and configures a high-risk AI system, it should obtain evidence from the vendor that the Article 9 risk management system is in place and that the specific deployment context (use case, user base, input data) has been included in the risk assessment. An Art 9 risk assessment conducted for a large technology company does not automatically cover deployment by an HR department in a 150-person firm.
• Contributing post-market monitoring data (Art 72). Article 72 requires deployers to monitor the performance of high-risk AI systems in production and to report relevant data back to providers. In practice this means: logging incidents where the AI produced unexpected or clearly wrong outputs, tracking error rates against the accuracy metrics in the instructions for use, and escalating to the vendor when patterns suggest the risk assessment has been overtaken by events.
• Deployer-side operational risk management. Article 26 imposes parallel obligations: use within intended purpose (Art 26(1)), competent human oversight (Art 26(2)), input-data quality (Art 26(4)), incident monitoring and reporting (Art 26(5)), log retention (Art 26(6)). These are the deployer’s own risk-management layer and must be documented separately from the vendor’s Article 9 system.

Article 72 post-market monitoring

Article 72 requires providers to establish and document a post-market monitoring system. Deployers are required to collect and provide data generated during use of the AI system to the provider where the deployer is contractually entitled to do so. This is why the vendor contract must include a log-access and data-sharing clause: without it, the deployer cannot fulfil this obligation.

From a practical risk-management standpoint, deployers should:

• Record each use case in which an AI recommendation was overridden by the human overseer and the reason.
• Record any case where the AI output was flagged as potentially incorrect or biased by a user or affected person.
• Compare quarterly error-rate data against the accuracy metrics in the Art 13 instructions for use and flag divergences to the vendor.
• Feed any serious incident report under Art 73 back into the vendor’s risk management update cycle.

Article 73 serious incident reporting

Article 73 requires deployers of high-risk AI systems to report any serious incident to the national market surveillance authority. A serious incident is defined as any incident or malfunctioning of an AI system that directly or indirectly leads to the death of a person, a serious harm to a person’s health, a serious and irreversible disruption to the management and operation of critical infrastructure, or breach of obligations under Union law intended to protect fundamental rights.

In an HR context, a biased rejection of all candidates from a protected group, a wrongful termination driven by an AI score without meaningful human review, or a performance system that generates data used in a discriminatory manner could reach the threshold of a serious incident. Deployers should include a serious-incident reporting procedure in their AI risk-management documentation.

Risk management evidence checklist for deployers

• Vendor evidence of Article 9 risk management system: confirmation it covers the deployer’s specific use context and user environment.
• Deployer risk register: each high-risk AI system with identified risks, assessed likelihood/severity, mitigating measures, and residual risk.
• Art 26(2) oversight designation: competence basis, training records, override authority and procedure.
• Art 26(6) log retention plan and evidence: system, retention period, access controls, GDPR reconciliation.
• Art 72 monitoring log: error-rate tracking, override records, vendor-reported changes to the risk assessment.
• Art 73 incident response procedure: definition of serious incident, escalation path, reporting template, national MSA contact details.
• Art 4 AI literacy records covering risk-management roles (the human overseer in particular must understand the risk the system poses).

Penalties

Failure to comply with high-risk system obligations, including deployer-side obligations under Article 26, is sanctioned under Article 99(4) with administrative fines of up to EUR 15 000 000 or 3 % of total worldwide annual turnover, whichever is higher. For SMEs and start-ups, Article 99(6) applies the lesser of the two figures. Failure to report a serious incident under Article 73 falls under Article 99(4) as a failure to comply with operator obligations.

Related EU guides

• Deployer checklist — Article 26
• Human oversight — Article 14
• Data governance — Article 10
• AI vendor contracts — 12-point deployer checklist
• Logging obligations — Article 12

Sources

• Regulation (EU) 2024/1689, Articles 9, 13, 26, 43, 72, 73, 99, Annex III — EUR-Lex: eur-lex.europa.eu/eli/reg/2024/1689/oj
• European AI Office — Implementation guidance: digital-strategy.ec.europa.eu