Annex IV technical documentation — EU AI Act Article 11

The nine Annex IV sections

1. General description of the AI system. Intended purpose, provider name and version, how the system interacts or can be used to interact with hardware or software that is not part of the AI system itself, versions of relevant software / firmware, description of all forms in which the AI system is placed on the market, hardware on which the system is intended to run, deployment forms (software in product, downloadable etc.), instructions for use and where relevant installation instructions.
2. Detailed description of the elements and of the development process.Methods and steps for the development; design specifications; system architecture; computational resources used to develop, train, test and validate the system; data requirements including data sheets describing training methodologies and techniques and the training data sets used; human-oversight measures needed; pre-determined changes to the system and its performance (point 2(f)); validation and testing procedures; cybersecurity measures.
3. Information about the monitoring, functioning and control of the AI system.Its capabilities and limitations in performance, including degrees of accuracy for specific persons or groups of persons; foreseeable unintended outcomes and sources of risks to health, safety, fundamental rights and discrimination; human-oversight measures implemented under Article 14; specifications on input data.
4. A description of the appropriateness of the performance metrics.Justification of the metrics selected for the system.
5. A detailed description of the risk-management system under Article 9.
6. A description of relevant changes made by the provider to the system through its lifecycle.
7. A list of the harmonised standards applied in full or in part. The references must be published in the Official Journal of the European Union. Where such standards have not been applied, the technical solutions adopted to meet the requirements set out in Section 2 must be described and justified.
8. A copy of the EU declaration of conformity referred to in Article 47.
9. A detailed description of the system in place to evaluate the AI system performance in the post-market phase in accordance with Article 72, including the post-market monitoring plan referred to in Article 72(3).

The SME simplified form (Art 11(1))

Article 11(1) provides that, where the provider is a SME including a start-up, the technical documentation may be provided in a simplified manner. To that end, the Commission is to establish a simplified technical-documentation form targeted at the needs of small and microenterprises, allowing SMEs to provide the elements specified in Annex IV in a simplified way provided the documentation still covers the requirements referred to in Article 11(1). Larger providers (or SMEs that voluntarily adopt the full form) follow the full Annex IV structure.

When the file must exist and how long it must be kept

Article 11(1) requires the technical documentation to be drawn up before the high-risk AI system is placed on the market or put into service, and to be kept up to date. Article 18(1) requires the provider to keep the technical documentation, the quality-management-system documentation, documentation concerning changes approved by notified bodies where applicable, decisions and other documents issued by notified bodies where applicable, and the EU declaration of conformity, for a period ending 10 years after the AI system has been placed on the market or put into service.

Article 43(4) provides that a substantial modification triggers a new conformity assessment — which in turn requires the Annex IV file to be updated to reflect the modified system. Pre-declared changes captured in point 2(f) of Annex IV do not count as substantial modifications.

Deployer use of the Annex IV file

Deployers do not maintain the Annex IV file (the provider does), but they rely on it for their own Article 26 duties (assigning competent human oversight, monitoring operation in line with the instructions for use, keeping logs, conducting the data-protection impact assessment where applicable) and for the Article 27 fundamental-rights impact assessment where the deployer is in scope.

For deployers reclassified as providers under Article 25 (rebrand, substantial modification, purpose change), the duty to compile and maintain the Annex IV file passes to the deployer itself.

Deployer pre-purchase / annual-review checklist

• Vendor confirms an Annex IV file exists and is current.
• Index of Annex IV sections; for each section the vendor names the document the deployer can request on audit.
• Datasheet of the training data sets (Annex IV point 2(d)) sufficient to evaluate bias risk.
• Description of pre-declared post-market changes (point 2(f)) so the deployer knows what counts as a substantial modification.
• Copy of the Article 47 EU declaration of conformity.
• Vendor commitment that the Article 72 post-market monitoring plan exists and reports relevant findings.
• Internal decision-record confirming no Article 25 trigger applies (otherwise the deployer becomes the provider).

Common misconceptions

• “The vendor’s product whitepaper is the Annex IV file.” Marketing collateral is not Annex IV. The file must follow the nine-section structure and cover the Section 2 essential requirements.
• “Once compiled, the file is done.” Article 11(1) requires the file to be kept up to date. Substantial modifications and pre-declared learning changes flow back into the file.
• “SMEs are exempt.” SMEs may use the simplified form, but the substantive requirements still apply — the file must still cover Article 11(1).

Related EU guides

• EU AI Act conformity assessment
• NIS2 incident reporting timeline
• AI literacy obligation — Article 4
• Prohibited AI practices — Article 5
• GPAI vs deployer obligations

Sources

• Regulation (EU) 2024/1689, Articles 11, 18, 25, 26, 27, 43(4), 47, 72; Annex IV — EUR-Lex: eur-lex.europa.eu/eli/reg/2024/1689/oj
• AI Act Service Desk — Article 11 technical documentation: ai-act-service-desk.ec.europa.eu/en/ai-act/article-11