Article 9 of Regulation (EU) 2024/1689 — Risk management system. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 9 of Regulation (EU) 2024/1689 imposes a mandatory, continuous risk management system on providers of high-risk AI systems throughout the entire system lifecycle. The provision requires that the risk management system consist of an iterative process integrated into the development and operation of the high-risk AI system, updated regularly in the light of new information gathered during post-market monitoring.
Concretely, Article 9 requires providers to: (a) identify and analyse all known and reasonably foreseeable risks associated with the high-risk AI system; (b) estimate and evaluate risks that may materialise when the system is used in accordance with its intended purpose and under conditions of reasonably foreseeable misuse; (c) evaluate risks arising from available data and the behaviour of persons who interact with the system; and (d) adopt suitable risk management measures based on this analysis.
Risk management measures must be such that any residual risk associated with each hazard, as well as the overall residual risk of the high-risk AI system, is judged to be acceptable. Article 9 also specifies that testing must be carried out to identify appropriate measures, and that such testing must be conducted against defined metrics and probabilistic thresholds. Special attention is required where the system is likely to interact with children or other vulnerable groups. Information arising from the experience of deployers is to be fed back into the system provider's risk management process.
What This Means in Practice
Article 9 is one of the most operationally demanding requirements in Title III of the EU AI Act. It applies to any legal entity that qualifies as a provider of a high-risk AI system — meaning the entity that develops the system or has it developed and places it on the market or puts it into service under its own name or trademark.
In practical terms, compliance requires establishing a documented risk management framework before the system is placed on the market. This is not a checkbox exercise: the regulation requires an iterative process that persists for the life of the product, meaning risk management documentation must evolve as the system is updated, retrained, or deployed in new contexts.
A compliant risk management system will typically include: a structured risk identification procedure covering both intended use and plausible misuse scenarios; a risk estimation matrix that evaluates probability and severity of harm; a catalogue of mitigation measures with documented rationale for their selection; formal pre-market testing against defined metrics; and a mechanism to absorb post-market feedback — including incident data provided by deployers — back into ongoing risk analysis.
For example, a provider of an AI-based credit-scoring tool classified as high-risk under Annex III must document how the model could produce discriminatory outcomes, what technical and organisational measures reduce that risk, and how real-world performance data will trigger re-evaluation. An AI system used in a medical context must additionally address the heightened duty of care where vulnerable users are involved. Risk management outputs feed directly into the technical documentation required by Article 11 and the conformity assessment under Articles 43-44.
Key Obligations
- Establish and maintain a continuous risk management system that covers the entire lifecycle of the high-risk AI system, from design through decommissioning, updated in light of post-market monitoring data.
- Identify all known and reasonably foreseeable risks, including risks arising from reasonably foreseeable misuse, from interaction with other systems, and from the sociotechnical context of deployment.
- Estimate and evaluate risks with respect to their probability of occurrence and severity of potential harm, taking into account the intended purpose and the categories of persons likely to be affected, including vulnerable groups and children.
- Adopt risk management measures that reduce identified risks to an acceptable residual level; where technical measures are insufficient, organisational or informational measures must supplement them.
- Conduct pre-market testing using defined metrics and probabilistic thresholds appropriate to the intended purpose, to validate that selected measures are effective and that residual risk is acceptable.
- Integrate post-market monitoring feedback from deployers and end-users into the ongoing risk management process, ensuring the system remains responsive to real-world evidence of harm or near-miss events.
Relationship to Other Articles
Article 9 sits at the centre of the Chapter 2 requirements framework and is structurally linked to several other provisions. It depends on Article 6 and Annex III for its scope: only systems qualifying as high-risk are subject to its obligations. The outputs of the Article 9 process directly feed Article 11 (technical documentation), which requires providers to demonstrate that a compliant risk management system exists and has been applied.
Article 9 also connects tightly to Article 10 (data and data governance), since the quality of training, validation, and test data materially affects the risk profile that must be managed. Article 13 (transparency and provision of information) requires that certain risk-related information be communicated to deployers, and Article 14 (human oversight) specifies measures that frequently serve as first-line risk mitigation tools under Article 9. Article 26 places downstream obligations on deployers to monitor real-world use and report relevant information back to providers, closing the feedback loop that Article 9 requires. Finally, Article 72 (post-market monitoring) formalises the data-collection mechanisms that sustain the iterative risk management process over time.
Compliance Timeline
The EU AI Act entered into force on 1 August 2024. Article 9, as a core Chapter 2 requirement applicable to high-risk AI systems, follows the general compliance timeline for Title III obligations:
- 1 August 2024 — Regulation enters into force; the 24-month transitional clock begins for most high-risk obligations.
- 2 February 2025 — Prohibitions on unacceptable-risk AI practices (Article 5) become applicable. Article 9 does not yet apply.
- 2 August 2025 — Rules on General-Purpose AI models (Title VIII) become applicable. Article 9 still not yet mandatory for most high-risk systems.
- 2 December 2026 — Article 9 becomes fully applicable to high-risk AI systems listed in Annex III (AI systems in areas such as education, employment, essential services, law enforcement, migration, and administration of justice). Providers must have a compliant risk management system in place by this date.
- 2 August 2027 — Extended deadline for high-risk AI systems that are safety components of products already covered by existing Union harmonisation legislation listed in Annex I (e.g. machinery, medical devices, civil aviation).
Providers who are developing or procuring high-risk AI systems should treat 2 December 2026 as their hard deadline for Article 9 compliance readiness, building risk management frameworks into their development processes well in advance to allow time for testing, documentation, and conformity assessment.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Providers of high-risk AI systems as defined in Article 6 and Annex III of Regulation (EU) 2024/1689 are required to establish and maintain a risk management system before placing their system on the market or putting it into service.
The system must identify and analyse known and reasonably foreseeable risks, estimate and evaluate risks that may emerge during use, adopt appropriate risk management measures, and ensure that residual risks are judged acceptable under the regulation.
No. Article 9 requires a continuous, iterative process that runs throughout the entire lifecycle of the high-risk AI system, including post-market monitoring. The system must be updated as new information about risks emerges.
Article 9 explicitly requires providers to account for risks arising from reasonably foreseeable misuse — not only intended use. This means providers must analyse plausible ways the system could be used incorrectly or in bad faith and mitigate those risks accordingly.
Article 9(7) requires that testing procedures be defined and conducted to identify the most appropriate risk management measures. Testing must be performed against previously defined metrics and probabilistic thresholds appropriate to the intended purpose, and must occur prior to market placement.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.