Procedures & Compliance Documents

Comprehensive risk management procedure covering identification, assessment, mitigation, and monitoring of AI-related risks per Article 9 requirements. Includes GPAI risk assessment and third-party AI risk management.

Step-by-step process for classifying AI systems according to EU AI Act risk categories including prohibited practices (Article 5), high-risk (Annex III), GPAI classification (Articles 51-56), and limited/minimal risk systems.

Comprehensive data governance procedure for AI training, validation, and testing datasets per Article 10 requirements. Covers data quality, bias detection, lineage documentation, and statistical appropriateness.

Procedure for creating and maintaining Annex IV compliant technical documentation for high-risk AI systems. Includes GPAI documentation requirements (Annex XI/XII).

Procedure for implementing Article 12 compliant automatic logging capabilities with minimum 6-month log retention (Art. 19(1)) for high-risk AI systems.

Procedure for ensuring Article 13 and Article 50 transparency obligations including instructions for use, AI interaction disclosure, and synthetic content labeling.

Comprehensive procedure for implementing Article 14 human oversight requirements including oversight mechanisms, competency requirements, and intervention protocols.

Procedure for ensuring Article 15 compliance covering accuracy metrics, robustness testing, and cybersecurity measures for high-risk AI systems.

Procedure for establishing and maintaining an Article 17 compliant Quality Management System for AI providers covering all QMS elements.

Procedure for conducting conformity assessments per Articles 43, 47, and 48 including self-assessment, notified body involvement, and CE marking requirements.

Procedure for registering high-risk AI systems and GPAI models in the EU database per Articles 49 and 71 with Annex VIII data requirements.

Comprehensive procedure for Article 72 post-market monitoring including PMMP establishment, data collection, analysis, and proportionate response to identified issues.

Procedure for managing and reporting serious incidents per Article 73 including detection, investigation, notification to authorities, and corrective actions.

Procedure for ensuring Article 4 AI literacy compliance including competency frameworks, training programs, and ongoing education for all personnel involved with AI systems.

Comprehensive procedure for AI system development covering requirements, design, implementation, testing, and deployment phases with gate reviews.

Procedure for managing AI vendors and third-party AI components including due diligence, risk assessment, and ongoing monitoring.

Procedure for establishing AI governance structures including governance bodies, approval processes, and decision-making frameworks.

Procedure for managing changes to AI systems including substantial modification assessment, change approval, and implementation.

Procedure for managing CAPA including root cause analysis, corrective actions, preventive measures, and effectiveness verification.

Procedure for deploying AI systems to production including pre-deployment checks, deployment execution, and post-deployment verification.

Comprehensive testing procedure covering functional, performance, bias, security, and compliance testing for AI systems.

Procedure for managing AI system configurations including model parameters, hyperparameters, and version control.

Procedure for ensuring AI literacy and competency per Article 4 and Article 14 requirements.

Comprehensive checklist for AI risk assessments covering health, safety, fundamental rights, and technical risks.

Complete EU AI Act conformity assessment checklist covering Articles 9-17, 47, 48, 71, 72.

Annex IV technical documentation checklist covering all required documentation elements.

Comprehensive checklist to verify all AI system documentation is complete and current.

Checklist for verifying the effectiveness of implemented risk controls.

Checklist for post-market monitoring activities per Article 72 requirements.

Checklist for Article 13 and Article 50 transparency requirements.

Checklist for EU database registration requirements per Article 71.

Form for documenting AI system risk classification decisions.

Form for requesting review or change of AI system classification.

Form for documenting AI system risk assessments.

Form for documenting risk treatment decisions and control implementation.

Form for reporting AI system incidents per Article 73 requirements.

Form for EU database registration per Article 71.

Form for updating existing EU database registrations.

Form for documenting transparency disclosures for AI systems.

Form for requesting exceptions to AI compliance requirements.

Complete catalog of controls mapped to EU AI Act requirements, with implementation guidance and evidence requirements.

Guide for determining which AI Act roles (Provider, Deployer, Distributor, Importer) apply to your organization for each AI system.

Template and decision tree for classifying AI systems according to EU AI Act risk levels with step-by-step guidance.

User guide for the AI Act Consolidated Workbook, explaining how to use the compliance tracking spreadsheet effectively.

Document internal and external audits of AI systems with findings and corrective actions.

Document conformity assessment activities and outcomes for high-risk AI systems.

Document corrective and preventive actions for AI system non-conformities.

Document changes to AI systems including impact assessment and approvals.

Document AI system risk classification decisions and supporting rationale.

Document data governance activities for AI training and validation datasets.

Document data quality assessments and remediation activities.

Document AI system deployment activities and go-live approvals.

Document technical documentation status and Annex IV compliance.

Document AI governance committee decisions and approvals.

Document human oversight activities and intervention events.

Document AI system incidents and serious incident reports per Article 73.

Document automatic logging configuration and log retention activities.

Document post-market monitoring activities and findings per Article 72.

Document EU database registration activities per Article 71.

Document AI system risk assessments and risk register entries.

Document risk treatment decisions and control implementation.

Document periodic risk reviews and risk status updates.

Document AI system testing activities and test results.

Document transparency disclosures and user notifications.

Document AI literacy training completion and competency assessments.

Document AI vendor due diligence and assessment activities.