Annexes
The EU AI Act contains 13 annexes that specify technical requirements, lists of high-risk use cases, harmonisation legislation, and documentation templates.
Union Harmonisation Legislation
Lists EU product safety laws (Machinery, Medical Devices, Vehicles, etc.) whose products trigger high-risk classification for AI safety components under Article 6(1).
Criminal Offences for Biometric Identification Exception
Lists serious crimes (at least 4 years imprisonment) for which real-time biometric surveillance in public spaces may be used by law enforcement under the Article 5(1)(h) exception.
High-Risk AI Systems (Article 6(2))
Lists 8 categories of high-risk AI use cases: biometrics, critical infrastructure, education, employment, essential services (credit scoring, healthcare), law enforcement, migration, and justice/democratic processes.
Technical Documentation for High-Risk AI Systems
Specifies the content required in the technical documentation that providers of high-risk AI systems must draw up before placing them on the market (Article 11).
EU Declaration of Conformity
Template and required content for the EU declaration of conformity that providers must draw up for high-risk AI systems before placing them on the market.
Conformity Assessment Procedure — Internal Control
Describes the internal control conformity assessment procedure for high-risk AI systems (Article 43(2)) where a third-party notified body is not required.
Conformity Assessment — Third-Party Notified Body
Describes the third-party conformity assessment procedure involving a notified body, required for biometric identification systems and AI in critical infrastructure.
Information to be Submitted upon Registration — High-Risk AI (non-Annex I)
Specifies what information providers and deployers must submit to the EU database when registering a high-risk AI system not covered by Union harmonisation legislation.
Information to be Submitted — High-Risk AI (Annex I products)
Specifies registration information for high-risk AI systems that are safety components of products covered by Union harmonisation legislation (Annex I).
Registration — Deployer Information
Specifies the information that deployers of certain high-risk AI systems must submit to the EU database before deployment.
Technical Documentation for General-Purpose AI Models
Lists technical information GPAI model providers must document and maintain under Article 53(1)(a), covering model architecture, training data, evaluation results and capabilities.
Information for Downstream Providers of GPAI Models
Lists the information GPAI model providers must make available to downstream AI system providers who integrate the GPAI model into their products.
Criteria for Designation of High-Impact Capabilities / Codes of Practice
Lists the criteria the European Commission uses to identify GPAI models with systemic risk based on high-impact capabilities beyond the 10^25 FLOPs threshold.