Complete index of all 113 articles of the EU AI Act (Regulation 2024/1689), organized by Title and Chapter. Browse the full text structure with links to each article.
This page is the complete table of contents for the EU AI Act (Regulation (EU) 2024/1689). All 113 articles are listed under their official Title and Chapter headings, with a brief description of each article's subject matter. Use this index to navigate the full legislative structure or to locate a specific provision.
Title I — General Provisions
- Art. 1 — Subject matter — Establishes the purpose of the Regulation, which lays down harmonised rules for the placing on the market, putting into service, and use of AI systems in the Union.
- Art. 2 — Scope — Defines which providers, deployers, importers, distributors, and product manufacturers are subject to the Regulation, and lists the exclusions.
- Art. 3 — Definitions — Provides the official definitions of 68 key terms used throughout the Regulation, including "AI system", "provider", "deployer", "high-risk AI system", and "general-purpose AI model".
- Art. 4 — AI literacy — Requires providers and deployers to take measures to ensure a sufficient level of AI literacy in their staff and persons dealing with AI systems on their behalf.
Title II — Prohibited AI Practices
- Art. 5 — Prohibited AI practices — Lists AI practices that are prohibited outright in the Union as being contrary to Union values, including subliminal manipulation, social scoring, and most uses of real-time remote biometric identification in public spaces.
Title III — High-Risk AI Systems
Chapter 1 — Classification of High-Risk AI Systems
- Art. 6 — Classification rules for high-risk AI systems — Sets out the two-tier classification framework: Annex I product-safety AI and Annex III stand-alone high-risk AI systems, plus the self-assessment exception procedure.
- Art. 7 — Amendments to Annex III — Empowers the Commission to amend Annex III via delegated acts to add or remove high-risk use-case categories based on defined criteria.
Chapter 2 — Requirements for High-Risk AI Systems
- Art. 8 — Compliance with the requirements — Establishes that high-risk AI systems must comply with the requirements in this Chapter throughout their entire lifecycle.
- Art. 9 — Risk management system — Requires providers to establish, implement, document, and maintain a continuous risk management system for high-risk AI systems.
- Art. 10 — Data and data governance — Sets requirements for training, validation, and testing datasets, including relevance, representativeness, and freedom from errors and biases.
- Art. 11 — Technical documentation — Requires providers to draw up technical documentation before placing a high-risk AI system on the market, in accordance with Annex IV.
- Art. 12 — Record-keeping — Obliges providers to ensure high-risk AI systems are capable of automatically recording events (logs) throughout their lifetime.
- Art. 13 — Transparency and provision of information to deployers — Requires that high-risk AI systems are sufficiently transparent for deployers to interpret outputs and use the system appropriately, including via an instructions-for-use document.
- Art. 14 — Human oversight — Requires high-risk AI systems to be designed to allow effective human oversight and intervention during the period of use.
- Art. 15 — Accuracy, robustness, and cybersecurity — Specifies that high-risk AI systems must achieve appropriate levels of accuracy, be resilient to errors and faults, and be protected against cybersecurity threats.
Chapter 3 — Obligations of Providers and Deployers of High-Risk AI Systems and Other Parties
- Art. 16 — Obligations of providers of high-risk AI systems — Lists the core obligations of providers, including quality management, conformity assessment, registration, and corrective action.
- Art. 17 — Quality management system — Requires providers to put in place a quality management system covering strategies, design controls, testing, post-market monitoring, and documentation.
- Art. 18 — Documentation keeping — Specifies the types of documentation providers must keep and make available to national authorities for ten years after placing a system on the market.
- Art. 19 — Automatically generated logs — Obliges providers to keep the logs automatically generated by their high-risk AI systems to the extent they are under their control.
- Art. 20 — Corrective actions and duty of information — Requires providers to take immediate corrective actions when a high-risk AI system does not conform and to inform authorities and deployers accordingly.
- Art. 21 — Cooperation with competent authorities — Obliges providers to cooperate with national competent authorities and supply all requested information and documentation.
- Art. 22 — Authorised representatives of providers established outside the Union — Requires providers established outside the EU to designate an authorised representative in the Union before placing systems on the market.
- Art. 23 — Obligations of importers — Sets obligations for importers to verify conformity assessment, CE marking, and provider documentation before placing high-risk AI systems on the market.
- Art. 24 — Obligations of distributors — Requires distributors to verify CE marking and accompanying documentation before making a high-risk AI system available on the market.
- Art. 25 — Responsibilities along the AI value chain — Clarifies when importers, distributors, or other parties take on the full obligations of a provider, particularly when they modify or place systems under their own name.
- Art. 26 — Obligations of deployers of high-risk AI systems — Sets out deployer obligations including following instructions for use, ensuring human oversight, monitoring operation, and informing providers and authorities of risks.
- Art. 27 — Fundamental rights impact assessment for high-risk AI systems — Requires certain public bodies and private entities performing regulated tasks to conduct a fundamental rights impact assessment before deploying a high-risk AI system.
Chapter 4 — Notifying Authorities and Notified Bodies
- Art. 28 — Notifying authorities — Requires each Member State to designate a national notifying authority responsible for establishing and carrying out the procedures for assessment and notification of conformity assessment bodies.
- Art. 29 — Application of a conformity assessment body for notification — Sets out the procedure and information requirements for conformity assessment bodies applying to be notified.
- Art. 30 — Notification procedure — Describes the process through which Member States notify the Commission and other Member States of authorised conformity assessment bodies.
- Art. 31 — Requirements for notified bodies — Lists the organisational, independence, impartiality, and competence requirements a conformity assessment body must meet to be notified.
- Art. 32 — Presumption of conformity of notified bodies — Establishes that bodies accredited by a national accreditation authority in accordance with EU accreditation Regulation 765/2008 are presumed to meet the requirements for notified bodies.
- Art. 33 — Subsidiaries of and subcontracting by notified bodies — Permits notified bodies to subcontract or use subsidiaries provided that the client is informed and the notified body remains fully responsible.
- Art. 34 — Operational obligations of notified bodies — Requires notified bodies to carry out conformity assessments in a proportionate manner, document their procedures, and report to notifying authorities.
- Art. 35 — Identification numbers and lists of notified bodies — Provides for the Commission to assign identification numbers to notified bodies and publish an up-to-date list of all notified bodies.
- Art. 36 — Changes to notifications — Sets out the procedure for amending, suspending, or withdrawing a notification when a notified body no longer meets the requirements.
- Art. 37 — Challenge of the competence of notified bodies — Establishes the procedure by which the Commission may investigate whether a notified body continues to meet the requirements and require corrective action.
- Art. 38 — Coordination of notified bodies — Requires the Commission to ensure appropriate coordination and cooperation among notified bodies through a sectoral group of notified bodies.
- Art. 39 — Conformity assessment bodies of third countries — Permits conformity assessment bodies established in third countries to be notified under the Regulation only where a bilateral agreement between the Union and the third country so provides.
Chapter 5 — Standards, Conformity Assessment, Certificates, and Registration
- Art. 40 — Harmonised standards and common specifications — Provides that high-risk AI systems conforming to harmonised standards or common specifications shall be presumed to comply with the requirements of Chapter 2.
- Art. 41 — Common specifications — Empowers the Commission to adopt implementing acts establishing common specifications where harmonised standards do not exist or are insufficient.
- Art. 42 — Presumption of conformity with certain requirements — Creates a rebuttable presumption of conformity for high-risk AI systems trained and tested on data reflecting the specific geographic, contextual, and behavioural settings of intended use.
- Art. 43 — Conformity assessment — Specifies the conformity assessment procedures applicable to each category of high-risk AI system, including internal control and third-party assessment routes.
- Art. 44 — Certificates — Governs the EU technical documentation assessment certificates and quality management system certificates issued by notified bodies, including their validity and renewal.
- Art. 45 — Information obligations of notified bodies — Requires notified bodies to notify the notifying authority of certificates issued, modified, supplemented, suspended, withdrawn, or refused, and to maintain a register of certificates.
- Art. 46 — Derogation from conformity assessment procedure — Allows Member State authorities to authorise specific high-risk AI systems to be placed on the market without completing the standard conformity assessment procedure, in the interest of public security or safety.
- Art. 47 — EU declaration of conformity — Requires providers to draw up a written EU declaration of conformity for each high-risk AI system and keep it updated throughout the system's lifecycle.
- Art. 48 — CE marking — Provides that high-risk AI systems must bear the CE conformity marking before being placed on the market or put into service, in accordance with the rules in Annex V.
- Art. 49 — Registration — Requires providers of high-risk AI systems listed in Annex III (and certain GPAI model providers) to register in the EU database before placing those systems on the market.
Title IV — Transparency Obligations for Certain AI Systems
- Art. 50 — Transparency obligations for providers and deployers of certain AI systems — Requires providers to design certain AI systems (chatbots, deepfakes, emotion recognition, biometric categorisation) so that users are informed they are interacting with AI or that content is AI-generated.
Title V — General-Purpose AI Models
Chapter 1 — Classification of General-Purpose AI Models
- Art. 51 — Classification of general-purpose AI models as general-purpose AI models with systemic risk — Sets out the criteria and thresholds — notably training compute above 10^25 FLOPs — for classifying a GPAI model as posing systemic risk.
Chapter 2 — Obligations for Providers of General-Purpose AI Models
- Art. 52 — Obligations of providers of general-purpose AI models — Lists the baseline obligations for all GPAI model providers: technical documentation, cooperation, copyright policy, and training data summary.
- Art. 53 — Obligations of providers of general-purpose AI models with systemic risk — Imposes additional obligations on providers of systemic-risk GPAI models, including model evaluation, adversarial testing, incident reporting, and cybersecurity measures.
- Art. 54 — Authorised representative of providers of general-purpose AI models established outside the Union — Requires providers of GPAI models established outside the EU to designate an authorised representative in the Union.
- Art. 55 — Obligations of providers of general-purpose AI models with systemic risk as regards evaluation and adversarial testing — Details the model evaluation and adversarial testing obligations for systemic-risk GPAI model providers, including Commission-facilitated red-teaming.
Chapter 3 — Codes of Practice
- Art. 56 — Codes of practice — Provides for the AI Office to facilitate the development of codes of practice for GPAI model providers to demonstrate compliance with their obligations.
Title VI — Measures in Support of Innovation
Chapter 1 — AI Regulatory Sandboxes
- Art. 57 — AI regulatory sandboxes — Requires Member States to establish AI regulatory sandboxes providing controlled environments for developing, testing, and validating innovative AI systems before market placement.
- Art. 58 — Detailed arrangements for AI regulatory sandboxes and their functioning — Empowers the Commission to adopt implementing acts specifying uniform conditions for establishing and operating AI regulatory sandboxes.
- Art. 59 — Further processing of personal data for developing certain AI systems in the public interest in the AI regulatory sandbox — Sets out the limited conditions under which personal data lawfully collected for other purposes may be further processed in an AI regulatory sandbox.
Chapter 2 — Measures for Providers and Deployers, in Particular SMEs, Including Start-Ups
- Art. 60 — Testing of high-risk AI systems in real world conditions outside AI regulatory sandboxes — Allows testing of high-risk AI systems in real-world conditions outside a regulatory sandbox, subject to a specific plan and safeguards including informed consent.
- Art. 61 — Informed consent to participate in testing in real world conditions outside AI regulatory sandboxes — Sets out the information to be provided and the conditions for obtaining valid informed consent from individuals involved in real-world testing.
- Art. 62 — Measures for providers and deployers, in particular SMEs, including start-ups — Requires national competent authorities and the AI Office to take specific measures to reduce the regulatory burden on SMEs and start-ups, including priority access to sandboxes and reduced fees.
Title VII — Governance
Chapter 1 — EU-Level Governance
- Art. 63 — AI Office — Establishes the AI Office within the Commission as the body responsible for overseeing GPAI models, coordinating AI governance across the Union, and developing Union expertise in AI.
- Art. 64 — Tasks of the AI Office — Lists the tasks of the AI Office including monitoring GPAI model obligations, supporting the AI Board, conducting investigations, and fostering Union-wide AI governance coherence.
- Art. 65 — AI Board — Establishes the European Artificial Intelligence Board composed of one representative from each Member State and the European Data Protection Supervisor, with the AI Office providing its secretariat.
- Art. 66 — Tasks of the AI Board — Specifies the advisory and coordination tasks of the AI Board, including issuing opinions, recommendations, and guidance to support consistent application of the Regulation.
- Art. 67 — Advisory forum — Establishes an advisory forum to provide technical expertise and stakeholder input to the AI Board and Commission, including representatives from industry, civil society, and academia.
- Art. 68 — Scientific panel of independent experts — Creates a scientific panel of independent experts to provide technical and scientific advice to the AI Office and national authorities, particularly regarding GPAI model assessment.
Chapter 2 — National Competent Authorities
- Art. 69 — Designation of national competent authorities and single points of contact — Requires each Member State to designate one or more national competent authorities to supervise application of the Regulation and to designate a single point of contact.
- Art. 70 — Status of national competent authorities — Requires national competent authorities to act with complete independence, have adequate resources, and be free from external influence in exercising their functions.
Title VIII — EU Database for High-Risk AI Systems
- Art. 71 — EU database for high-risk AI systems — Requires the Commission to establish and maintain a publicly accessible EU database containing registration information for high-risk AI systems listed under Annex III.
Title IX — Post-Market Monitoring, Information Sharing, and Market Surveillance
Chapter 1 — Post-Market Monitoring
- Art. 72 — Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems — Requires providers to establish and document a post-market monitoring system to proactively collect and analyse data on high-risk AI system performance throughout their lifetime.
Chapter 2 — Sharing of Information on Serious Incidents
- Art. 73 — Reporting of serious incidents — Requires providers of high-risk AI systems placed on the Union market to report serious incidents to the market surveillance authorities of the Member States in which the incident occurred.
Chapter 3 — Market Surveillance and Control of AI Systems in the Union Market
- Art. 74 — Market surveillance and control of AI systems in the Union market — Designates national market surveillance authorities, specifies their powers and responsibilities, and establishes the framework for coordinated market surveillance of AI systems.
- Art. 75 — Mutual assistance, market surveillance and control of general-purpose AI models — Provides for mutual assistance between national market surveillance authorities and the AI Office for the market surveillance and control of GPAI models.
- Art. 76 — Supervision of testing in real world conditions by market surveillance authorities — Grants market surveillance authorities the power to supervise and inspect real-world testing of high-risk AI systems and to require modifications or suspension of testing.
- Art. 77 — Powers of authorities protecting fundamental rights — Requires market surveillance authorities to cooperate with national authorities responsible for fundamental rights protection when assessing high-risk AI systems affecting individuals' rights.
- Art. 78 — Confidentiality — Obliges national competent authorities and the Commission to maintain the confidentiality of information and data obtained in carrying out their tasks, in line with applicable Union and national law.
- Art. 79 — National procedure for dealing with AI systems presenting a risk at national level — Sets out the procedure for national authorities to assess, restrict, or withdraw from the market an AI system that presents a risk, and to notify other Member States and the Commission.
- Art. 80 — Procedure for dealing with high-risk AI systems classified by the provider as not high-risk — Provides the procedure for authorities to challenge a provider's self-classification of a system as not high-risk and to require reclassification and conformity assessment.
- Art. 81 — Union safeguard procedure — Empowers the Commission to assess whether a national measure restricting an AI system is justified and, if so, to require all Member States to take equivalent action.
- Art. 82 — Compliant AI systems which present a risk — Establishes the procedure for dealing with AI systems that comply with the Regulation but still present a risk to health, safety, or fundamental rights, including requesting corrective action.
- Art. 83 — Formal non-compliance — Requires national authorities to ask providers to correct formal non-compliance (such as missing CE marking or declarations of conformity) unrelated to the substantive technical requirements.
- Art. 84 — Union AI testing support structures — Provides for the Commission to designate Union AI testing support structures to provide independent technical expertise and testing services to national market surveillance authorities.
Chapter 4 — Remedies
- Art. 85 — Right to lodge a complaint with a market surveillance authority — Grants any natural or legal person the right to lodge a complaint with a market surveillance authority where they have reason to believe an AI system infringes the Regulation.
- Art. 86 — Right to explanation of individual decision-making — Grants affected persons subject to a decision based on a high-risk AI system the right to obtain a clear explanation of the role of the AI system and the main elements of the decision.
- Art. 87 — Reporting of breaches and protection of reporting persons — Requires Member States to ensure that reporting mechanisms and whistleblower protections established under Directive (EU) 2019/1937 apply to breaches of the Regulation.
Title X — Codes of Conduct and Guidelines
- Art. 88 — Codes of conduct for voluntary application of specific requirements — Encourages providers of non-high-risk AI systems to draw up voluntary codes of conduct to apply some or all of the requirements applicable to high-risk AI systems.
- Art. 89 — Guidelines from the Commission on the implementation of this Regulation — Empowers the Commission to issue guidelines on the practical implementation of the Regulation, including on the application of definitions and conformity assessment procedures.
Title XI — Delegation of Power and Committee Procedure
- Art. 90 — Exercise of the delegation — Sets the standard terms for the Commission's power to adopt delegated acts under the Regulation, including the five-year duration, revocation, and scrutiny conditions.
- Art. 91 — Committee procedure — Establishes that the Commission is to be assisted by a standing committee and specifies the applicable comitology procedures for implementing acts under the Regulation.
Title XII — Penalties
- Art. 92 — Penalties — Sets out the administrative fines applicable to infringements of the Regulation: up to EUR 35 million or 7% of global annual turnover for prohibited-practice violations, EUR 15 million or 3% for other violations, and EUR 7.5 million or 1.5% for supplying incorrect information.
- Art. 93 — Penalties for Union institutions, bodies, offices and agencies — Grants the European Data Protection Supervisor the power to impose administrative fines on Union institutions, bodies, offices, and agencies for infringements of the Regulation.
Title XIII — Final Provisions
- Art. 94 — Exercise of the delegation for Annexes I, II, IV, V, VI and VII — Provides specific delegation rules for Commission acts amending or supplementing the technical annexes to the Regulation.
- Art. 95 — Evaluation and review — Requires the Commission to carry out a regular evaluation of the Regulation, reporting to the European Parliament and the Council on the functioning of the AI Office, penalties regime, and scope of Annex III.
- Art. 96 — Report on the implementation of the Regulation — Requires the Commission to submit a report to the European Parliament and the Council assessing progress with standardisation activities and the adequacy of resources for national competent authorities.
- Art. 97 — Repeal — Repeals Commission Recommendation (EU) 2021/C 136/01 and Council Recommendation on Artificial Intelligence, which are superseded by this Regulation.
- Art. 98 — Amendments to Regulation (EC) No 300/2008 — Amends the civil aviation security Regulation to incorporate references to the EU AI Act requirements for AI-based security equipment.
- Art. 99 — Amendments to Regulation (EU) No 167/2013 — Amends the agricultural and forestry vehicles Regulation to align product safety rules for AI systems used in those vehicles with the EU AI Act framework.
- Art. 100 — Amendments to Regulation (EU) No 168/2013 — Amends the two- or three-wheel vehicles and quadricycles Regulation to align AI-related product safety rules with the EU AI Act.
- Art. 101 — Amendments to Directive 2014/90/EU — Amends the Marine Equipment Directive to incorporate the EU AI Act requirements for marine equipment incorporating AI systems.
- Art. 102 — Amendments to Directive (EU) 2016/797 — Amends the Railway Interoperability Directive to align railway safety AI requirements with the EU AI Act framework.
- Art. 103 — Amendments to Regulation (EU) 2018/858 — Amends the Motor Vehicles Regulation to align vehicle type-approval rules for AI systems with the EU AI Act.
- Art. 104 — Amendments to Regulation (EU) 2018/1139 — Amends the Aviation Safety Regulation to integrate EU AI Act requirements for AI systems used in civil aviation.
- Art. 105 — Amendments to Regulation (EU) 2019/2144 — Amends the Vehicle Type-Approval Regulation for motor vehicles to incorporate the EU AI Act's safety requirements for AI systems in vehicles.
- Art. 106 — Amendments to Directive 2006/42/EC — Amends the Machinery Directive to align requirements for AI-enabled machinery with the EU AI Act framework.
- Art. 107 — Amendments to Directive 2009/138/EC — Amends the Solvency II Insurance Directive to incorporate considerations relating to AI systems used by insurance undertakings.
- Art. 108 — Amendments to Directive 2013/36/EU — Amends the Capital Requirements Directive to include references to AI system governance and risk management within the prudential framework for credit institutions.
- Art. 109 — Amendments to Directive (EU) 2016/97 — Amends the Insurance Distribution Directive to reflect AI Act requirements applicable to AI tools used in insurance distribution.
- Art. 110 — Amendments to Regulation (EU) 2016/679 — Amends the General Data Protection Regulation (GDPR) to align data protection impact assessment requirements with high-risk AI system assessments.
- Art. 111 — Amendments to Directive (EU) 2022/2555 — Amends the NIS 2 Directive on cybersecurity to ensure coherence between cybersecurity obligations and AI Act requirements for essential entities using AI systems.
- Art. 112 — Transitional provisions — Establishes transitional arrangements for AI systems already on the market or in service before the Regulation's application date, including phase-in timelines for compliance.
- Art. 113 — Entry into force and application — States that the Regulation entered into force on 1 August 2024 and specifies the phased application dates: February 2025 for prohibited practices, August 2025 for GPAI rules, August 2026 for most high-risk obligations, and December 2026 for Annex I high-risk product AI.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
How many articles does the EU AI Act have?
The EU AI Act (Regulation (EU) 2024/1689) has 113 articles, organized across 13 Titles. It was published in the Official Journal of the European Union on 12 July 2024 and entered into force on 1 August 2024. The provisions apply in phases: prohibited practices from February 2025, GPAI rules from August 2025, and the main high-risk AI obligations from August 2026 and December 2026 depending on the system category.
What is the structure of the EU AI Act?
The EU AI Act is structured into 13 Titles covering: general provisions (Title I), prohibited practices (Title II), high-risk AI systems including classification, requirements, obligations, notified bodies, standards and conformity (Title III, Chapters 1-5), transparency obligations (Title IV), general-purpose AI models (Title V), innovation support (Title VI), governance (Title VII), the EU database (Title VIII), market surveillance (Title IX), codes of conduct (Title X), delegation provisions (Title XI), penalties (Title XII), and final provisions (Title XIII).
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.