Article 11 of Regulation (EU) 2024/1689 — Technical documentation. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 11 of Regulation (EU) 2024/1689 (the EU AI Act) establishes the obligation for providers of high-risk AI systems to draw up technical documentation before placing such a system on the market or putting it into service, and to keep that documentation up to date throughout the system's lifecycle.

The article directs that technical documentation must be compiled in a manner that demonstrates the system's compliance with the requirements laid down in Title III, Chapter 2 of the Regulation — the full set of requirements applicable to high-risk AI systems. The documentation must contain, at minimum, all the information specified in Annex IV of the Regulation.

Annex IV enumerates eight categories of required information: (1) a general description of the system and its intended purpose; (2) a detailed description of the system's elements and the development process; (3) information on the monitoring, functioning, and control of the system; (4) a description of the risk management process followed pursuant to Article 9; (5) a description of changes made to the system over its lifecycle; (6) a list of harmonised standards applied and other technical standards relied upon; (7) a copy of the EU declaration of conformity required under Article 47; and (8) post-market monitoring plans as required by Article 72.

The article also provides that the Commission may adopt delegated acts to amend Annex IV where technological developments make it necessary, ensuring that documentation requirements remain current and relevant as the technology evolves.

What This Means in Practice

Article 11 requires providers — not deployers, not distributors — to produce and maintain a structured technical file for every high-risk AI system they bring to market or put into service within the EU. This is a pre-market obligation: the documentation must exist before the system is released, not assembled after the fact.

For an AI provider building, for example, a credit-scoring tool used by a bank (an Annex III, point 5(b) system), this means producing a living document that captures not only what the model does and how it was trained, but also how risks were identified and mitigated (Article 9), how the system was tested and validated (Article 9(8)), what data governance measures apply (Article 10), and how the system can be monitored and audited post-deployment (Article 72).

The "up to date" requirement is operationally significant. Any material change to the system — a model retrain, a significant update to training data, a change in intended purpose, or an expansion to a new deployment context — must be reflected in revised documentation. Providers should therefore treat technical documentation not as a one-time compliance artefact but as a version-controlled record that tracks the system's development history.

For providers established outside the EU, the authorised representative designated under Article 22 must hold the documentation and be able to present it to national market surveillance authorities or notified bodies on request. National authorities may demand access to technical documentation during conformity assessments and post-market surveillance activities, including in the context of serious incident investigations under Article 73.

Notified bodies involved in third-party conformity assessment (required for certain high-risk categories, as set out in Article 43) will scrutinise technical documentation as the primary evidentiary basis for issuing an EU technical documentation assessment certificate.

Key Obligations

Relationship to Other Articles

Article 11 sits at the centre of the conformity infrastructure for high-risk AI systems and cannot be read in isolation. It draws directly on Article 9 (risk management system), as the risk management process and its outcomes must be documented in the technical file. Article 10 (data and data governance) contributes the data-related elements required under Annex IV. Article 12 (record-keeping) complements Article 11 by requiring automatic logging of events throughout the system's operation, logs that themselves form part of the broader documentation landscape.

Article 43 (conformity assessment) is the primary downstream consumer of Article 11: notified bodies conducting third-party assessments rely on technical documentation as their core evidentiary input. Article 47 (EU declaration of conformity) requires a copy of that declaration to be incorporated into the technical file itself. Article 18 sets the ten-year retention period for technical documentation. Article 72 (post-market monitoring) and Article 73 (serious incident reporting) generate information that must flow back into updated documentation over the system's life.

Compliance Timeline

The EU AI Act entered into force on 1 August 2024 (twenty days after publication in the Official Journal on 12 July 2024). Application of the Act is phased:

Providers who have not yet initiated their technical documentation processes should treat August 2026 as a hard deadline and build documentation drafting into their development workflows immediately. The complexity of Annex IV and the iterative nature of AI development mean that documentation assembled retrospectively rarely meets the standard authorities will apply.

Official AI Act Compliance Deadline Calendar

Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.

Obligation Applies to Original date New date Status Countdown Legal basis
Prohibited Practices (Art. 5) All providers and deployers active AI Act Art. 5
GPAI Rules (Chapter 5) GPAI model providers active AI Act Art. 51-56
High-risk AI — Annex III (standalone) Providers of standalone Annex III systems deferred AI Omnibus 2026 Art. 6(2)
High-risk AI — Annex I (embedded) AI embedded in Annex I regulated products deferred AI Omnibus 2026 Art. 6(1)
AI-Generated Content Marking Providers of generative GPAI systems active AI Act Art. 50(2)
Regulatory Sandboxes National competent authorities active AI Act Art. 57

Download JSON · CC BY 4.0

AI Act meets DORA and NIS2

Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.

Explore regulation-dora.eu ↗

Frequently Asked Questions

Technical documentation must be drawn up before a high-risk AI system is placed on the market or put into service, and kept up to date thereafter. Its purpose is to demonstrate that the system complies with the requirements of Title III, Chapter 2, and to provide national competent authorities and notified bodies with all information necessary to assess conformity.

The obligation falls on providers of high-risk AI systems as defined in Article 3(3) and listed in Annex I or Annex III. Providers established outside the EU must ensure their authorised representative holds the documentation and can make it available to authorities upon request.

The documentation must cover the information set out in Annex IV, including a general description of the system, a description of design specifications and development processes, information on training and validation data, monitoring and control measures, risk management records, and post-market monitoring plans, among other elements.

Article 18 requires providers to keep technical documentation for ten years after the high-risk AI system has been placed on the market or put into service. This retention obligation runs alongside the record-keeping requirements of Article 12.

No. Article 11 applies specifically to high-risk AI systems under Title III. General-purpose AI models are governed separately under Title VIII (Articles 51-56), which imposes its own technical documentation requirements distinct from those in Annex IV.

Stay ahead of AI Act changes

Get compliance alerts when deadlines or obligations change.

No spam. One-click unsubscribe.