aicomply.
aicomply.
Home
Understand OverviewLearning ModulesGlobal RegulationsEU AI Act TextGlossaryFAQ
Assess Overview1. Register2. Classify3. Requirements4. Comply5. Monitor
Implement OverviewPoliciesStandardsControlsProceduresTemplates
Resources
GitHubGet Started
STD-AI-011

AI Registration Standard

Register high-risk AI systems in EU database before market placement.

Standards LibrarySTD-AI-011

1

Controls

0

Compliant

0

In Progress

1

Not Started

Overall Progress
20%
Controls
1 controls defined in this standard
REG-001highNot Started

EU Database Registration

Register AI system in EU database

Implementation Guidance
Detailed guidance for implementing this standard

AI Registration Standard

Document Type: Standard
Standard ID: STD-AI-011
Standard Title: AI Registration Standard
Version: 1.0
Effective Date: 2025-08-01
Next Review Date: 2026-08-01
Review Frequency: Annually or upon regulatory change
Parent Policy: POL-AI-001 - Artificial Intelligence Policy
Owner: Chief Legal Officer
Approved By: AI Governance Committee Chair
Status: Draft
Classification: Internal Use Only

TABLE OF CONTENTS

  1. Document History
  2. Objective
  3. Scope and Applicability
  4. Control Standard
  5. Supporting Procedures
  6. Compliance
  7. Roles and Responsibilities
  8. Exceptions
  9. Enforcement
  10. Key Performance Indicators (KPIs)
  11. Training Requirements
  12. Definitions
  13. Link with AI Act and ISO42001

DOCUMENT HISTORY

VersionDateAuthorChangesApproval DateApproved By
0.12025-07-12Michael Brown, Chief Legal OfficerInitial draft--
0.22025-07-28Michael Brown, Chief Legal OfficerAdded Article 49/71 details--
0.32025-08-01Michael Brown, Chief Legal OfficerIncorporated stakeholder feedback--
1.02025-08-01Michael Brown, Chief Legal OfficerFinal version approved - GRC restructured2025-07-25Jane Doe, AI Governance Committee Chair

OBJECTIVE

This standard defines requirements for registering high-risk AI systems in the EU database before market placement in compliance with EU AI Act Articles 49 and 71.

Primary Goals:

  • Prepare for AI system registration with all required information
  • Submit registration to EU database before market placement
  • Maintain registration accuracy through timely updates

SCOPE AND APPLICABILITY

2.1 Mandatory Applicability

This standard is mandatory for:

  • All high-risk AI systems before market placement (EU AI Act Article 49)
  • All updates when AI system changes
  • All substantial modifications requiring registration updates

2.2 Registration Requirements Covered

  • Registration information gathering
  • Registration submission to EU database
  • Registration updates and maintenance

2.3 Out of Scope

  • Non-high-risk AI systems (no registration required)
  • Registration outside EU AI Act scope

CONTROL STANDARD

Control REG-001: Registration Information Gathering

Control ID: REG-001
Control Name: Registration Information Preparation
Control Type: Preventive
Control Frequency: Per high-risk AI system
Risk Level: High

Control Objective

Gather and verify all required registration information per Article 49(1) to ensure complete and accurate registration data is available before submission to EU database.

Control Requirements

CR-001.1: Registration Information Collection

Gather all required registration information per Article 49(1).

Required Information (Article 49(1)):

Information ElementDescriptionSourceRequiredVerification
Provider NameLegal name of providerCompany recordsYESLegal verification
Provider Contact DetailsAddress, phone, emailCompany recordsYESContact verification
AI System NameName of AI systemTechnical documentationYESTechnical verification
AI System TypeType/category of AI systemTechnical documentationYESTechnical verification
Intended PurposeDescription of intended purposeTechnical documentationYESTechnical verification
StatusOn market, in service, withdrawnMarket statusYESStatus verification
EU Member StatesMember States where availableMarket informationYESMarket verification
Annex III ReferenceReference to relevant Annex III entryClassification (STD-AI-001)YESClassification verification
Conformity Assessment ProcedureAnnex VI or Annex VIIConformity assessment (STD-AI-010)YESConformity verification
EU Declaration of ConformityReference to declarationDeclaration (STD-AI-010)YESDeclaration verification
Instructions for UseReference to instructionsUser documentation (STD-AI-006)YESDocumentation verification
CE Marking InformationCE marking detailsCE marking (STD-AI-010)YESCE marking verification

Mandatory Actions:

  • Gather all required information
  • Verify information accuracy
  • Compile registration package
  • Review for completeness
  • Obtain approvals
  • Archive registration package

Information Verification:

Verification TypeMethodOwnerEvidence
Legal VerificationReview company recordsLegalLegal records
Technical VerificationReview technical documentationCTOTechnical documentation
Market VerificationReview market informationProduct ManagementMarket records
Classification VerificationReview classificationAI Act Program ManagerClassification records
Conformity VerificationReview conformity assessmentChief Legal OfficerConformity records

Evidence Required:

  • Registration information package
  • Verification records
  • Approval records
  • Archive records

Audit Verification:

  • Verify all required information gathered
  • Confirm information verified
  • Check approvals obtained
  • Validate registration package compiled

Control REG-002: Registration Submission

Control ID: REG-002
Control Name: EU Database Registration Submission
Control Type: Preventive
Control Frequency: Per high-risk AI system, before market placement
Risk Level: High

Control Objective

Submit registration to EU database before market placement per Article 49 to ensure high-risk AI systems are registered before being placed on the market.

Control Requirements

CR-002.1: Registration Submission Process

Submit registration to EU database using official portal.

Submission Requirements:

RequirementSpecificationImplementation
TimingBefore placing on marketSubmit before market placement
PortalOfficial EU database portalUse official portal
Information CompletenessAll required information providedComplete all fields
ConfirmationObtain registration confirmationTrack confirmation
Registration NumberMaintain registration numberArchive registration number

Mandatory Actions:

  • Access EU database portal
  • Complete registration form
  • Submit registration
  • Verify submission
  • Obtain confirmation
  • Record registration number
  • Block market placement if not registered

Registration Submission Checklist:

StepDescriptionStatusEvidence
Portal AccessAccess official EU database portalPortal access records
Form CompletionComplete all registration fieldsForm completion records
Information VerificationVerify all information accurateVerification records
SubmissionSubmit registrationSubmission records
ConfirmationObtain registration confirmationConfirmation records
Registration NumberRecord registration numberRegistration number records
Market Placement AuthorizationAuthorize market placementAuthorization records

Evidence Required:

  • Registration submission records
  • Confirmation from EU database
  • Registration number
  • Market placement authorization

Audit Verification:

  • Verify registration submitted before market placement
  • Confirm official portal used
  • Check all information provided
  • Validate confirmation obtained
  • Verify registration number recorded
  • Check market placement blocked if not registered

Control REG-003: Registration Updates

Control ID: REG-003
Control Name: Registration Update and Maintenance
Control Type: Detective
Control Frequency: As needed, when changes occur
Risk Level: Medium

Control Objective

Update registration when changes occur to ensure registration information remains accurate and current throughout AI system lifecycle.

Control Requirements

CR-003.1: Registration Update Process

Monitor for update triggers and update registration promptly.

Update Triggers:

TriggerDescriptionUpdate RequiredTimeline
Substantial ModificationsChange affecting compliance or intended purposeYES< 30 days
Intended Purpose ChangeChange to intended purposeYES< 30 days
Market Availability ChangeChange in market availabilityYES< 30 days
Withdrawal from MarketAI system withdrawn from marketYES< 30 days
Provider Information ChangeChange in provider informationYES< 30 days
Status ChangeChange in system statusYES< 30 days

Mandatory Actions:

  • Monitor for update triggers
  • Assess if update required
  • Prepare update information
  • Update registration
  • Submit updates
  • Obtain confirmation
  • Document update

Update Process:

StepDescriptionOwnerTimeline
Trigger DetectionDetect update triggerAI Act Program ManagerImmediate
Update AssessmentAssess if update requiredChief Legal Officer1 day
Information PreparationPrepare update informationAI Act Program Manager2 days
Update SubmissionSubmit update to EU databaseAI Act Program Manager1 day
ConfirmationObtain update confirmationAI Act Program Manager1 day
DocumentationDocument updateAI Act Program Manager1 day

Evidence Required:

  • Update trigger detection records
  • Update assessment records
  • Update submission records
  • Submission confirmations
  • Update documentation

Audit Verification:

  • Verify update triggers monitored
  • Confirm updates submitted within timeline
  • Check update confirmations obtained
  • Validate updates documented

SUPPORTING PROCEDURES

This standard is implemented through the following detailed procedure:

Procedure PROC-AI-REG-001: AI System Registration Procedure

Purpose: Define step-by-step process for registering AI systems
Owner: Chief Legal Officer
Implements: Controls REG-001, REG-002, REG-003

Procedure Steps:

  1. Gather registration information - Control REG-001
  2. Verify information accuracy
  3. Compile registration package
  4. Submit registration - Control REG-002
  5. Obtain confirmation
  6. Record registration number
  7. Monitor for updates - Control REG-003
  8. Update registration as needed

Outputs:

  • Registration information package
  • Registration submission records
  • Registration confirmation
  • Registration number
  • Update records

COMPLIANCE

5.1 Compliance Monitoring

Monitoring Approach: Continuous automated monitoring supplemented by monthly manual reviews and quarterly comprehensive audits.

Compliance Metrics:

MetricTargetMeasurement MethodFrequencyOwner
Registration Completion100%% of high-risk AI registered before market placementMonthlyChief Legal Officer
Registration Accuracy100%% of registrations with no errorsPer registrationChief Legal Officer
Update Timeliness< 30 daysAverage days to update registrationPer updateChief Legal Officer
Update Coverage100%% of required updates completedMonthlyChief Legal Officer

Monitoring Tools:

  • Registration Dashboard
  • Compliance Reports
  • Monthly compliance reports
  • Quarterly AI Governance Committee reviews

5.2 Internal Audit Requirements

Audit Frequency: Annually (minimum)

Audit Scope:

  • Registration completion
  • Registration information accuracy
  • Registration submission timeliness
  • Registration update coverage
  • Controls effectiveness (REG-001 through REG-003)

Audit Activities:

  • Review 100% of high-risk AI for registration
  • Sample 20% of registrations for accuracy review
  • Test registration submission process
  • Review registration updates
  • Verify registration numbers recorded

Audit Outputs:

  • Annual Registration Audit Report
  • Findings and recommendations
  • Corrective action plans for deficiencies

5.3 External Audit / Regulatory Inspection

Preparation:

  • Maintain audit-ready registration documentation at all times
  • Designate Chief Legal Officer and Legal as regulatory liaisons
  • Prepare standard response procedures for authority requests

Provide to Auditors/Regulators:

  • Registration records
  • Registration confirmations
  • Registration numbers
  • Update records
  • Internal audit reports
  • Evidence of controls execution

Authority Request Response:

  • Acknowledge request within 1 business day
  • Provide requested documentation within 5 business days
  • Coordinate through Legal and Chief Legal Officer
  • Document all interactions with authorities

ROLES AND RESPONSIBILITIES

6.1 RACI Matrix

ActivityChief Legal OfficerAI Act Program ManagerAI System OwnerCTOProduct Management
Registration Information GatheringR/ARCCC
Information VerificationRRCCC
Registration SubmissionR/ARIII
Registration UpdatesRRAIC
Registration MonitoringRRCIC

RACI Legend:

  • R = Responsible (does the work)
  • A = Accountable (ultimately answerable)
  • C = Consulted (provides input)
  • I = Informed (kept up-to-date)

6.2 Role Descriptions

Chief Legal Officer

  • Primary Responsibility: Owns registration framework, ensures compliance
  • Key Activities:
    • Oversees registration process
    • Ensures regulatory compliance
    • Approves registrations
    • Reports to management
  • Required Competencies: EU AI Act Article 49 (Registration) and Article 71 (EU Database), registration procedures, regulatory compliance

AI Act Program Manager

  • Primary Responsibility: Manages registration process
  • Key Activities:
    • Coordinates registration
    • Gathers registration information
    • Submits registrations
    • Monitors for updates
    • Tracks registration status
  • Required Competencies: Registration procedures, EU database portal, project management

AI System Owner

  • Primary Responsibility: Accountable for registration of their AI system
  • Key Activities:
    • Provides technical information
    • Supports registration
    • Notifies of changes requiring updates
  • Required Competencies: AI system knowledge, registration awareness

CTO

  • Primary Responsibility: Provides technical information for registration
  • Key Activities:
    • Provides technical documentation references
    • Verifies technical information
  • Required Competencies: Technical documentation, AI system knowledge

Product Management

  • Primary Responsibility: Provides market information for registration
  • Key Activities:
    • Provides market availability information
    • Notifies of market changes
  • Required Competencies: Market information, product management

EXCEPTIONS

7.1 Exception Philosophy

Registration is a mandatory regulatory requirement for high-risk AI systems before market placement. Exceptions are granted restrictively and only where compensating controls adequately mitigate risks.

7.2 Allowed Exceptions

The following exceptions may be granted with proper justification and approval:

Exception TypeJustification RequiredMaximum DurationApproval AuthorityCompensating Controls
Extended Update TimelineTechnical issues preventing timely update15 daysChief Legal OfficerInterim documentation; Accelerated plan

7.3 Prohibited Exceptions

The following exceptions cannot be granted under any circumstances:

Skipping registration for high-risk AI - Mandatory per Article 49, no exceptions
Placing high-risk AI on market without registration - Illegal, no exceptions
Skipping registration updates - Required for ongoing compliance

7.4 Exception Request Process

Step 1: Submit Exception Request

  • Complete Exception Request Form (FORM-AI-EXCEPTION-001)
  • Include business justification
  • Propose compensating controls
  • Specify duration requested
  • Attach risk assessment

Step 2: Risk Assessment

  • Chief Legal Officer assesses risk of granting exception
  • Evaluates adequacy of compensating controls
  • Documents residual risk

Step 3: Approval

  • Route to appropriate approval authority based on exception type
  • Chief Legal Officer approval: Minor exceptions
  • Chief Legal Officer + AI Governance Committee: Significant exceptions
  • AI Governance Committee: Critical exceptions

Step 4: Documentation and Monitoring

  • Document exception in Exception Register
  • Assign exception owner
  • Set review date
  • Monitor compensating controls
  • Report exceptions quarterly to AI Governance Committee

Step 5: Exception Review and Closure

  • Review exception at specified review date
  • Assess if exception still needed
  • Close exception when normal registration completed
  • Document lessons learned

ENFORCEMENT

8.1 Non-Compliance Consequences

ViolationSeverityConsequenceRemediation Required
Placing high-risk AI on market without registrationCriticalImmediate removal from market; Legal investigationRegister immediately; Root cause analysis
Incomplete registration informationHighEscalation to AI Governance CommitteeComplete registration within 5 business days
Registration update not submittedHighEscalation to managementSubmit update within 5 business days
Inaccurate registration informationMediumWritten warningCorrect information within 10 business days

8.2 Escalation Procedures

Level 1: Chief Legal Officer

  • Minor procedural violations
  • Documentation deficiencies
  • Timeline delays < 5 days
  • Action: Written warning, corrective action required

Level 2: Chief Legal Officer + AI Governance Committee

  • Repeated violations
  • Incomplete registrations
  • Missing updates
  • Action: Formal review, corrective action plan, management notification

Level 3: AI Governance Committee

  • Placing AI on market without registration
  • Critical compliance failures
  • Action: Immediate market removal, investigation, disciplinary action

Level 4: Executive Management + Legal

  • Potential regulatory enforcement action
  • Significant legal liability
  • Reputational risk
  • Action: Executive crisis management, legal strategy, regulatory engagement

8.3 Immediate Escalation Triggers

Escalate immediately to AI Governance Committee + Legal if:

  • ⚠️ High-risk AI system placed on market without registration
  • ⚠️ Regulatory inquiry or inspection related to registration
  • ⚠️ Critical registration errors affecting compliance

8.4 Disciplinary Actions

Individuals responsible for registration violations may be subject to:

  • Verbal or written warning
  • Mandatory retraining
  • Performance improvement plan
  • Reassignment of responsibilities
  • Suspension (with pay during investigation)
  • Termination (for egregious violations, e.g., knowingly placing AI on market without registration)

Factors Considered:

  • Intent (knowing violation vs. honest mistake)
  • Severity of violation
  • Impact (actual or potential)
  • Cooperation with remediation
  • Prior violation history

KEY PERFORMANCE INDICATORS (KPIs)

9.1 Registration KPIs

KPI IDKPI NameDefinitionTargetMeasurement MethodFrequencyOwnerReporting To
KPI-REG-001Registration Completion% of high-risk AI registered before market placement100%(# registered / # high-risk AI) × 100MonthlyChief Legal OfficerAI Governance Committee
KPI-REG-002Registration Accuracy% of registrations with no errors100%(# error-free / # total registrations) × 100Per registrationChief Legal OfficerManagement
KPI-REG-003Update TimelinessAverage days to update registration< 30 daysΣ (update days) / # updatesPer updateChief Legal OfficerManagement
KPI-REG-004Update Coverage% of required updates completed100%(# updates completed / # required updates) × 100MonthlyChief Legal OfficerAI Governance Committee
KPI-REG-005Registration Number Tracking% of registrations with recorded numbers100%(# with numbers / # total registrations) × 100MonthlyChief Legal OfficerManagement

9.2 KPI Dashboards and Reporting

Real-Time Dashboard (Chief Legal Officer access)

  • Current registration status
  • Registration completion rate
  • Update status
  • Registration numbers
  • Compliance status

Monthly Management Report

  • KPI-REG-001, 002, 004, 005
  • Trend analysis (vs. previous month)
  • Issues and risks
  • Planned actions

Quarterly AI Governance Committee Report

  • All KPIs
  • Registration effectiveness assessment
  • Internal audit findings (if conducted)
  • Exception register review

Annual Executive Report

  • Full-year KPI performance
  • Registration maturity assessment
  • Strategic recommendations
  • Regulatory outlook

9.3 KPI Thresholds and Alerts

KPIGreen (Good)Yellow (Warning)Red (Critical)Alert Action
Registration Completion100%95-99%< 95%Red: Immediate escalation to AI Governance Committee Chair
Registration Accuracy100%95-99%< 95%Red: Immediate escalation to AI Governance Committee
Update Timeliness< 30 days30-45 days> 45 daysRed: Escalate to AI Governance Committee
Update Coverage100%95-99%< 95%Red: Escalate to AI Governance Committee

TRAINING REQUIREMENTS

10.1 Training Program Overview

All personnel involved in registration must complete role-specific training to ensure competency in EU AI Act Article 49 (Registration) and Article 71 (EU Database) requirements, registration procedures, and EU database portal usage.

10.2 Role-Based Training Requirements

RoleTraining CourseDurationContentFrequencyAssessment Required
Chief Legal OfficerRegistration Expert Training12 hoursEU AI Act Article 49 (Registration) and Article 71 (EU Database); Registration procedures; EU databaseInitial + annuallyYes - Written exam (≥90%)
AI Act Program ManagerRegistration Management Training8 hoursRegistration procedures; EU database portal; Information gatheringInitial + annuallyYes - Practical exercise
AI System OwnersRegistration Overview2 hoursRegistration requirements; Responsibilities; Information provisionAt onboarding + annuallyYes - Knowledge check (≥80%)
All AI Development StaffRegistration Awareness1 hourRegistration basics; Requirements; AwarenessAt onboarding + annuallyYes - Knowledge check (≥80%)

10.3 Training Content by Topic

EU AI Act Article 49 (Registration) and Article 71 (EU Database) Requirements

  • Registration requirement (Article 49)
  • EU database (Article 71)
  • Compliance obligations

Registration Procedures

  • Information gathering
  • Registration submission
  • Registration updates
  • EU database portal usage

Registration Information

  • Required information elements
  • Information verification
  • Information accuracy

10.4 Training Delivery Methods

Initial Training:

  • Instructor-led classroom or virtual training
  • Includes interactive exercises and case studies
  • Hands-on practice with EU database portal
  • Group discussions of complex scenarios

Annual Refresher:

  • E-learning modules for core content review
  • Live update sessions for regulatory changes
  • Case study reviews of recent registrations
  • Knowledge assessment

On-the-Job Training:

  • Mentoring for new registration staff
  • Job shadowing during registrations
  • Supervised registration for first 3 AI systems

Just-in-Time Training:

  • Quick reference guides and job aids
  • Video tutorials on specific topics
  • Help desk support from experienced staff

10.5 Training Effectiveness Measurement

Assessment Methods:

  • Written exams for knowledge retention
  • Practical exercises for skill application
  • On-the-job observations for competency validation
  • Feedback surveys for training quality

Competency Validation:

  • AI Act Program Managers: Must demonstrate ability to register 1 sample AI system with 100% accuracy before independent work
  • All staff: Must pass knowledge assessments with minimum required scores

Training Metrics:

MetricTargetFrequency
Training completion rate100%Quarterly
Assessment pass rate (first attempt)≥ 90%Per training
Training effectiveness score (survey)≥ 4.0/5.0Per training
Time to competency (AI Act Program Managers)< 30 daysPer person

10.6 Training Records

Records Maintained:

  • Training attendance records
  • Assessment scores
  • Competency validations
  • Refresher training completion
  • Individual training transcripts

Retention: 10 years (to align with EU AI Act documentation retention)

Access: HR, Chief Legal Officer, Internal Audit, Competent Authorities (upon request)

DEFINITIONS

TermDefinitionSource
RegistrationProcess of registering high-risk AI system in EU databaseEU AI Act Article 49
EU DatabaseEU database for high-risk AI systemsEU AI Act Article 71
Registration NumberUnique identifier assigned upon registrationEU AI Act Article 49
Substantial ModificationChange affecting compliance or intended purposeEU AI Act Article 3(23)
Market PlacementMaking AI system available on EU marketEU AI Act Article 3

LINK WITH AI ACT AND ISO42001

12.1 EU AI Act Regulatory Mapping

This standard implements the following EU AI Act requirements:

EU AI Act ProvisionArticleRequirement SummaryImplemented By (Controls)
RegistrationArticle 49Registration before market placementAll controls (REG-001 through REG-003)
EU DatabaseArticle 71EU database specificationsREG-002, REG-003

12.2 ISO/IEC 42001:2023 Alignment

This standard aligns with ISO/IEC 42001:2023 as follows:

ISO 42001 ClauseRequirementImplementation in This Standard
Clause 4.4: AI management systemEstablish AI management systemRegistration supports AI management system
Clause 9.1: Monitoring, measurement, analysis, and evaluationMonitor and measureRegistration monitoring

12.3 Relationship to Other Standards

This registration standard integrates with other AI Act standards:

Related StandardIntegration PointRationale
STD-AI-001: ClassificationClassification determines if registration requiredHigh-risk AI requires registration
STD-AI-010: Conformity AssessmentConformity assessment information in registrationRegistration includes conformity assessment information

12.4 References and Related Documents

EU AI Act (Regulation (EU) 2024/1689):

  • Article 49: Registration
  • Article 71: EU Database

ISO/IEC Standards:

  • ISO/IEC 42001:2023: Information technology — Artificial intelligence — Management system

Internal Documents:

  • POL-AI-001: Artificial Intelligence Policy (parent policy)
  • STD-AI-001: AI System Classification Standard
  • STD-AI-010: AI Conformity Assessment Standard
  • PROC-AI-REG-001: Registration procedure

APPROVAL AND AUTHORIZATION

RoleNameTitleSignatureDate
Prepared ByMichael BrownChief Legal Officer_________________________
Reviewed BySarah JohnsonAI Act Program Manager_________________________
Reviewed ByJane DoeChief Strategy & Risk Officer_________________________
Approved ByJane DoeAI Governance Committee Chair_________________________

Effective Date: 2025-08-01
Next Review Date: 2026-08-01
Review Frequency: Annually or upon regulatory change

END OF STANDARD STD-AI-011

This standard is a living document. Feedback and improvement suggestions should be directed to the Chief Legal Officer.

Standard Details

Standard ID

STD-AI-011

Version

1.0

Status

draft

Owner

Legal

Effective Date

2025-08-01

Applicability

High-risk AI systems

EU AI Act References
Article 49
Related Resources
Implementation GuidesEU AI Act Full Text

Previous

Conformity Assessment

Next

Post-Market Monitoring