aicomply.
aicomply.
Home
Understand OverviewLearning ModulesGlobal RegulationsEU AI Act TextGlossaryFAQ
Assess Overview1. Register2. Classify3. Requirements4. Comply5. Monitor
Implement OverviewPoliciesStandardsControlsProceduresTemplates
Resources
GitHubGet Started
STD-AI-012

AI Post-Market Monitoring Standard

Establish and maintain post-market monitoring system for AI systems in operation.

Standards LibrarySTD-AI-012

2

Controls

0

Compliant

2

In Progress

0

Not Started

Overall Progress
35%
Controls
2 controls defined in this standard
PMM-001mediumIn Progress

Performance Monitoring System

Monitor AI system performance in production

45%
PMM-002mediumIn Progress

Periodic Review and Update

Conduct periodic reviews and implement improvements

25%
Implementation Guidance
Detailed guidance for implementing this standard

AI Post-Market Monitoring Standard

Document Type: Standard
Standard ID: STD-AI-012
Standard Title: AI Post-Market Monitoring Standard
Version: 1.0
Effective Date: 2025-08-01
Next Review Date: 2026-08-01
Review Frequency: Annually or upon regulatory change
Parent Policy: POL-AI-001 - Artificial Intelligence Policy
Owner: Product Director
Approved By: AI Governance Committee Chair
Status: Draft
Classification: Internal Use Only

TABLE OF CONTENTS

  1. Document History
  2. Objective
  3. Scope and Applicability
  4. Control Standard
  5. Supporting Procedures
  6. Compliance
  7. Roles and Responsibilities
  8. Exceptions
  9. Enforcement
  10. Key Performance Indicators (KPIs)
  11. Training Requirements
  12. Definitions
  13. Link with AI Act and ISO42001

DOCUMENT HISTORY

VersionDateAuthorChangesApproval DateApproved By
0.12025-07-15Product DirectorInitial draft--
0.22025-07-30Product DirectorAdded Article 72 details--
0.32025-08-01Product DirectorIncorporated stakeholder feedback--
1.02025-08-01Product DirectorFinal version approved - GRC restructured2025-07-25Jane Doe, AI Governance Committee Chair

OBJECTIVE

This standard defines requirements for establishing and maintaining a post-market monitoring system for AI systems in operation in compliance with EU AI Act Article 72.

Primary Goals:

  • Establish post-market monitoring system per Article 72(1)
  • Create and maintain post-market monitoring plan per Article 72(3)
  • Monitor AI system performance in real-world conditions
  • Enable corrective actions based on monitoring results

SCOPE AND APPLICABILITY

2.1 Mandatory Applicability

This standard is mandatory for:

  • All high-risk AI systems in operation (EU AI Act Article 72)
  • All AI systems throughout their operational lifecycle

2.2 Recommended Applicability

This standard is recommended for:

  • All AI systems for best practices
  • Limited-risk and minimal-risk AI systems (voluntary monitoring)

2.3 Monitoring Requirements Covered

  • Post-market monitoring system establishment
  • Post-market monitoring plan creation and maintenance
  • Performance monitoring and analysis
  • Corrective actions based on monitoring

2.4 Out of Scope

  • Pre-market testing (covered by testing standards)
  • Non-AI system monitoring (covered by other monitoring standards)
  • Monitoring outside EU AI Act scope

CONTROL STANDARD

Control PMM-001: Post-Market Monitoring System Establishment

Control ID: PMM-001
Control Name: Post-Market Monitoring System Design and Implementation
Control Type: Preventive
Control Frequency: Per high-risk AI system, before market placement
Risk Level: High

Control Objective

Establish post-market monitoring system per Article 72(1) to actively and systematically collect data, analyze performance in real-world conditions, identify risks and opportunities for improvement, and enable corrective actions.

Control Requirements

CR-001.1: PMM System Design and Implementation

Design and implement comprehensive post-market monitoring system.

System Requirements (Article 72(1)):

RequirementDescriptionImplementationVerification
Active Data CollectionActively and systematically collect dataAutomated data collectionData collection logs
Performance AnalysisAnalyze performance in real-world conditionsPerformance analysis toolsAnalysis reports
Risk IdentificationIdentify risks and opportunities for improvementRisk analysis processesRisk reports
Corrective ActionsEnable corrective actionsCorrective action proceduresAction records
IntegrationIntegrate with risk management and quality managementSystem integrationIntegration documentation

Mandatory Actions:

  • Design PMM system architecture
  • Implement data collection mechanisms
  • Set up analysis processes
  • Enable corrective action workflows
  • Integrate with risk management (STD-AI-002)
  • Integrate with quality management (STD-AI-009)
  • Test system functionality
  • Obtain approval

PMM System Architecture:

ComponentDescriptionTechnologyIntegration
Data CollectionCollect monitoring dataAutomated toolsAI system, logging
Data StorageStore monitoring dataDatabase, data warehouseData governance
Analysis EngineAnalyze performanceAnalytics toolsPerformance monitoring
Alerting SystemAlert on issuesAlerting toolsIncident management
ReportingGenerate reportsReporting toolsManagement reporting
Corrective ActionsEnable corrective actionsWorkflow toolsCAPA system

Evidence Required:

  • PMM System Documentation (DOC-AI-PMM-001)
  • System architecture
  • Integration documentation
  • Test results
  • Approval records

Audit Verification:

  • Verify PMM system designed
  • Confirm data collection implemented
  • Check analysis processes set up
  • Validate corrective actions enabled
  • Verify integration with risk/quality management

Control PMM-002: Post-Market Monitoring Plan Creation

Control ID: PMM-002
Control Name: Post-Market Monitoring Plan Development
Control Type: Preventive
Control Frequency: Per high-risk AI system, before market placement
Risk Level: High

Control Objective

Create and maintain post-market monitoring plan per Article 72(3) to define strategy, methods, and procedures for post-market monitoring.

Control Requirements

CR-002.1: PMM Plan Development

Create comprehensive post-market monitoring plan.

Plan Contents (Article 72(3)):

ElementDescriptionRequiredImplementation
Data Collection StrategyStrategy for collecting monitoring dataYESData collection plan
Data SourcesSources of monitoring dataYESData source inventory
Analysis MethodsMethods for analyzing dataYESAnalysis procedures
Corrective Action ProceduresProcedures for corrective actionsYESCorrective action procedures
Reporting ProceduresProcedures for reportingYESReporting procedures
Review and Update ProceduresProcedures for reviewing and updating planYESReview procedures

Mandatory Actions:

  • Create PMM plan
  • Define data collection strategy
  • Identify data sources
  • Establish analysis methods
  • Define corrective action procedures
  • Define reporting procedures
  • Define review and update procedures
  • Obtain approval
  • Review and update annually

Data Collection Strategy:

Data TypeCollection MethodFrequencyData Source
Performance MetricsAutomated collectionReal-timeAI system logs
User FeedbackUser surveys, support ticketsMonthlyUser feedback systems
Incident ReportsIncident management systemAs neededIncident management
Error LogsAutomated collectionReal-timeSystem logs
Usage PatternsAutomated collectionDailyUsage analytics
Environmental ConditionsAutomated collectionReal-timeSystem monitoring

Evidence Required:

  • Post-Market Monitoring Plan (PLAN-AI-PMM-XXX)
  • Data collection strategy
  • Data source inventory
  • Analysis methods documentation
  • Corrective action procedures
  • Reporting procedures
  • Approval records
  • Annual review records

Audit Verification:

  • Verify PMM plan created
  • Confirm all required elements included
  • Check plan approved
  • Validate plan reviewed and updated annually

Control PMM-003: Performance Data Collection

Control ID: PMM-003
Control Name: Performance Data Collection and Management
Control Type: Detective
Control Frequency: Continuous
Risk Level: Medium

Control Objective

Collect and manage performance data systematically to enable performance analysis and identify issues early.

Control Requirements

CR-003.1: Data Collection Implementation

Implement comprehensive data collection per PMM plan.

Data Types:

Data TypeDescriptionCollection MethodFrequencyStorage
Performance MetricsAccuracy, precision, recall, etc.AutomatedReal-timeDatabase
User FeedbackUser satisfaction, complaintsSurveys, ticketsMonthlyFeedback system
Incident ReportsIncidents, errorsIncident systemAs neededIncident database
Error LogsSystem errors, exceptionsAutomatedReal-timeLog system
Usage PatternsUsage statistics, patternsAutomatedDailyAnalytics database
Environmental ConditionsOperating conditionsAutomatedReal-timeMonitoring system

Mandatory Actions:

  • Implement data collection per plan
  • Monitor data quality
  • Store data securely
  • Maintain data retention
  • Analyze data regularly
  • Report data collection status

Data Quality Requirements:

Quality DimensionRequirementMeasurementTarget
CompletenessAll required data collected% of data collected≥95%
AccuracyData accurate and correctError rate<1%
TimelinessData collected on timeCollection delay<1 hour
ConsistencyData consistent across sourcesConsistency score≥95%

Evidence Required:

  • Data collection records
  • Data quality reports
  • Data storage records
  • Data retention records
  • Analysis reports

Audit Verification:

  • Verify data collection implemented
  • Confirm data quality monitored
  • Check data stored securely
  • Validate data analyzed regularly

Control PMM-004: Performance Monitoring and Analysis

Control ID: PMM-004
Control Name: Performance Monitoring and Analysis
Control Type: Detective
Control Frequency: Continuous, monthly analysis
Risk Level: Medium

Control Objective

Monitor AI system performance in real-world conditions and analyze trends to identify issues and opportunities for improvement.

Control Requirements

CR-004.1: Performance Metrics Tracking

Track performance metrics continuously and compare to baselines.

Performance Metrics:

MetricDescriptionBaselineTargetAlert Threshold
Accuracy in ProductionProduction accuracyPre-deployment accuracy≥95%<90%
Error RatesError frequencyPre-deployment error rate<5%>10%
User SatisfactionUser satisfaction scoreTarget satisfaction≥4.0/5.0<3.5/5.0
System AvailabilitySystem uptimeTarget availability≥99.5%<99%
Response TimesSystem response timeTarget response time<2 seconds>5 seconds
Drift IndicatorsData/concept driftDrift threshold<0.1>0.2

Mandatory Actions:

  • Track metrics continuously
  • Compare to baselines
  • Alert on deviations
  • Investigate issues
  • Report trends
  • Update baselines as needed

Performance Analysis:

Analysis TypePurposeFrequencyOutput
Trend AnalysisIdentify performance trendsMonthlyTrend reports
Comparative AnalysisCompare to baselinesMonthlyComparison reports
Root Cause AnalysisInvestigate issuesAs neededRoot cause reports
Predictive AnalysisPredict future performanceQuarterlyPredictive reports

Evidence Required:

  • Performance dashboard
  • Metrics reports (monthly)
  • Trend analysis reports
  • Investigation records
  • Alert logs

Audit Verification:

  • Verify metrics tracked continuously
  • Confirm baselines established
  • Check alerts configured
  • Validate issues investigated
  • Verify reports generated

Control PMM-005: Corrective Actions Based on Monitoring

Control ID: PMM-005
Control Name: Corrective Actions from Post-Market Monitoring
Control Type: Corrective
Control Frequency: As needed
Risk Level: Medium

Control Objective

Implement corrective actions based on post-market monitoring results to address performance issues and improve AI system quality.

Control Requirements

CR-005.1: Corrective Action Process

Implement corrective actions per PMM plan and CAPA procedures.

Corrective Action Requirements:

RequirementDescriptionImplementationTimeline
Issue IdentificationIdentify performance issuesMonitoring alerts, analysisImmediate
Root Cause AnalysisInvestigate root causesRoot cause analysis5 days
Action PlanningPlan corrective actionsAction planning5 days
Action ImplementationImplement corrective actionsAction implementation30 days
Effectiveness VerificationVerify action effectivenessVerification testing10 days
Documentation UpdateUpdate documentationDocumentation update5 days

Mandatory Actions:

  • Monitor for performance issues
  • Investigate root causes
  • Plan corrective actions
  • Implement actions
  • Verify effectiveness
  • Update documentation
  • Report to management

Corrective Action Types:

Action TypeDescriptionWhen to UseExample
Model RetrainingRetrain model with new dataPerformance degradationAccuracy drop
Model UpdateUpdate model architectureArchitecture issuesArchitecture problems
Data Quality ImprovementImprove data qualityData quality issuesData quality problems
Process ImprovementImprove processesProcess issuesProcess problems
Configuration ChangesChange system configurationConfiguration issuesConfiguration problems

Evidence Required:

  • Issue logs
  • Root cause analyses
  • Corrective action plans
  • Implementation records
  • Verification records
  • Documentation updates

Audit Verification:

  • Verify issues identified
  • Confirm root cause analysis conducted
  • Check corrective actions implemented
  • Validate effectiveness verified
  • Verify documentation updated

SUPPORTING PROCEDURES

This standard is implemented through the following detailed procedures:

Procedure PROC-AI-PMM-001: Post-Market Monitoring Plan Creation Procedure

Purpose: Define step-by-step process for creating PMM plan
Owner: Product Director
Implements: Control PMM-002

Procedure Steps:

  1. Define data collection strategy
  2. Identify data sources
  3. Establish analysis methods
  4. Define corrective action procedures
  5. Define reporting procedures
  6. Obtain approval

Outputs:

  • Post-Market Monitoring Plan
  • Data collection strategy
  • Analysis methods

Procedure PROC-AI-PMM-002: Performance Data Collection Procedure

Purpose: Define process for collecting performance data
Owner: Product Director
Implements: Control PMM-003

Procedure Steps:

  1. Implement data collection
  2. Monitor data quality
  3. Store data securely
  4. Analyze data regularly

Outputs:

  • Data collection records
  • Data quality reports
  • Analysis reports

Procedure PROC-AI-PMM-003: Performance Analysis Procedure

Purpose: Define process for analyzing performance
Owner: Product Director
Implements: Control PMM-004

Procedure Steps:

  1. Track performance metrics
  2. Compare to baselines
  3. Analyze trends
  4. Investigate issues
  5. Report results

Outputs:

  • Performance reports
  • Trend analysis
  • Investigation records

Procedure PROC-AI-PMM-004: Corrective Action Procedure

Purpose: Define process for corrective actions
Owner: Product Director
Implements: Control PMM-005

Procedure Steps:

  1. Identify issues
  2. Investigate root causes
  3. Plan corrective actions
  4. Implement actions
  5. Verify effectiveness

Outputs:

  • Corrective action plans
  • Implementation records
  • Verification records

COMPLIANCE

5.1 Compliance Monitoring

Monitoring Approach: Continuous automated monitoring supplemented by monthly manual reviews and quarterly comprehensive audits.

Compliance Metrics:

MetricTargetMeasurement MethodFrequencyOwner
PMM System Coverage100%% of high-risk AI with PMM systemMonthlyProduct Director
PMM Plan Coverage100%% of high-risk AI with PMM planMonthlyProduct Director
Data Collection Completeness≥95%% of required data collectedDailyProduct Director
Analysis FrequencyMonthly minimumFrequency of analysisMonthlyProduct Director
Corrective Action Closure<30 daysAverage days to close actionsPer actionProduct Director
Performance Stability<5% variationPerformance variationWeeklyProduct Director

Monitoring Tools:

  • PMM Dashboard
  • Performance Monitoring Dashboard
  • Compliance Reports
  • Monthly compliance reports
  • Quarterly AI Governance Committee reviews

5.2 Internal Audit Requirements

Audit Frequency: Annually (minimum)

Audit Scope:

  • PMM system implementation
  • PMM plan completeness
  • Data collection effectiveness
  • Performance analysis quality
  • Corrective action effectiveness
  • Controls effectiveness (PMM-001 through PMM-005)

Audit Activities:

  • Review 100% of high-risk AI for PMM system
  • Sample 20% of PMM plans for quality review
  • Test data collection process
  • Review performance analysis
  • Review corrective actions
  • Interview key personnel

Audit Outputs:

  • Annual Post-Market Monitoring Audit Report
  • Findings and recommendations
  • Corrective action plans for deficiencies

5.3 External Audit / Regulatory Inspection

Preparation:

  • Maintain audit-ready PMM documentation at all times
  • Designate Product Director and Legal as regulatory liaisons
  • Prepare standard response procedures for authority requests

Provide to Auditors/Regulators:

  • PMM system documentation
  • PMM plans
  • Performance data and reports
  • Corrective action records
  • Internal audit reports
  • Evidence of controls execution

Authority Request Response:

  • Acknowledge request within 1 business day
  • Provide requested documentation within 5 business days
  • Coordinate through Legal and Product Director
  • Document all interactions with authorities

ROLES AND RESPONSIBILITIES

6.1 RACI Matrix

ActivityProduct DirectorAI System OwnerOperationsData ScienceQuality Director
PMM System EstablishmentR/ACCCC
PMM Plan CreationRACCC
Data CollectionRARCI
Performance AnalysisRACRC
Corrective ActionsRACRR

RACI Legend:

  • R = Responsible (does the work)
  • A = Accountable (ultimately answerable)
  • C = Consulted (provides input)
  • I = Informed (kept up-to-date)

6.2 Role Descriptions

Product Director

  • Primary Responsibility: Owns PMM framework, ensures compliance
  • Key Activities:
    • Establishes PMM framework
    • Oversees PMM implementation
    • Monitors PMM effectiveness
    • Reports to management
  • Required Competencies: EU AI Act Article 72, performance monitoring, data analysis

AI System Owner

  • Primary Responsibility: Accountable for PMM of their AI system
  • Key Activities:
    • Ensures PMM plan created
    • Monitors performance
    • Supports corrective actions
  • Required Competencies: AI system knowledge, PMM awareness

Operations

  • Primary Responsibility: Collects and manages monitoring data
  • Key Activities:
    • Implements data collection
    • Monitors data quality
    • Manages data storage
  • Required Competencies: Data collection, system operations

Data Science

  • Primary Responsibility: Analyzes performance data
  • Key Activities:
    • Analyzes performance metrics
    • Identifies trends
    • Supports corrective actions
  • Required Competencies: Data analysis, performance analysis

Quality Director

  • Primary Responsibility: Supports corrective actions
  • Key Activities:
    • Supports CAPA process
    • Verifies corrective actions
  • Required Competencies: Quality management, CAPA

EXCEPTIONS

7.1 Exception Philosophy

Post-market monitoring is a critical regulatory compliance activity for high-risk AI systems. Exceptions are granted restrictively and only where compensating controls adequately mitigate risks.

7.2 Allowed Exceptions

The following exceptions may be granted with proper justification and approval:

Exception TypeJustification RequiredMaximum DurationApproval AuthorityCompensating Controls
Reduced Monitoring (Minimal-Risk AI)AI system clearly minimal-risk; reduced monitoring sufficientPermanentProduct DirectorDocument rationale; Annual re-confirmation
Extended Analysis TimelineResource constraints prevent timely analysis15 daysProduct DirectorInterim monitoring; Accelerated plan

7.3 Prohibited Exceptions

The following exceptions cannot be granted under any circumstances:

Skipping PMM for high-risk AI - Mandatory per Article 72, no exceptions
Skipping PMM plan - Required per Article 72(3), no exceptions ❌ Skipping data collection - Required for effective monitoring
Skipping performance analysis - Required to identify issues

7.4 Exception Request Process

Step 1: Submit Exception Request

  • Complete Exception Request Form (FORM-AI-EXCEPTION-001)
  • Include business justification
  • Propose compensating controls
  • Specify duration requested
  • Attach risk assessment

Step 2: Risk Assessment

  • Product Director assesses risk of granting exception
  • Evaluates adequacy of compensating controls
  • Documents residual risk

Step 3: Approval

  • Route to appropriate approval authority based on exception type
  • Product Director approval: Minor exceptions
  • Product Director + AI Governance Committee: Significant exceptions
  • AI Governance Committee: Critical exceptions

Step 4: Documentation and Monitoring

  • Document exception in Exception Register
  • Assign exception owner
  • Set review date
  • Monitor compensating controls
  • Report exceptions quarterly to AI Governance Committee

Step 5: Exception Review and Closure

  • Review exception at specified review date
  • Assess if exception still needed
  • Close exception when normal PMM completed
  • Document lessons learned

ENFORCEMENT

8.1 Non-Compliance Consequences

ViolationSeverityConsequenceRemediation Required
High-risk AI without PMM systemCriticalImmediate suspension until PMM implementedImplement PMM within 30 business days; Root cause analysis
Missing PMM planHighEscalation to AI Governance CommitteeCreate PMM plan within 10 business days
Missing data collectionHighEscalation to managementImplement data collection within 10 business days
Missing performance analysisMediumWritten warningImplement analysis within 15 business days
Corrective actions not implementedMediumWritten warningImplement actions within 30 business days

8.2 Escalation Procedures

Level 1: Product Director

  • Minor procedural violations
  • Documentation deficiencies
  • Timeline delays < 5 days
  • Action: Written warning, corrective action required

Level 2: Product Director + AI Governance Committee

  • Repeated violations
  • Missing PMM system
  • Missing PMM plan
  • Action: Formal review, corrective action plan, management notification

Level 3: AI Governance Committee

  • High-risk AI without PMM
  • Critical compliance failures
  • Action: Immediate AI system suspension, investigation, disciplinary action

Level 4: Executive Management + Legal

  • Potential regulatory enforcement action
  • Significant legal liability
  • Reputational risk
  • Action: Executive crisis management, legal strategy, regulatory engagement

8.3 Immediate Escalation Triggers

Escalate immediately to AI Governance Committee + Legal if:

  • ⚠️ High-risk AI system operating without PMM system
  • ⚠️ Missing PMM plan
  • ⚠️ Critical performance issues affecting safety
  • ⚠️ Regulatory inquiry or inspection related to PMM
  • ⚠️ Critical monitoring failure leading to incident

8.4 Disciplinary Actions

Individuals responsible for PMM violations may be subject to:

  • Verbal or written warning
  • Mandatory retraining
  • Performance improvement plan
  • Reassignment of responsibilities
  • Suspension (with pay during investigation)
  • Termination (for egregious violations, e.g., knowingly disabling PMM)

Factors Considered:

  • Intent (knowing violation vs. honest mistake)
  • Severity of violation
  • Impact (actual or potential)
  • Cooperation with remediation
  • Prior violation history

KEY PERFORMANCE INDICATORS (KPIs)

9.1 Post-Market Monitoring KPIs

KPI IDKPI NameDefinitionTargetMeasurement MethodFrequencyOwnerReporting To
KPI-PMM-001PMM System Coverage% of high-risk AI with PMM system100%(# with PMM / # high-risk AI) × 100MonthlyProduct DirectorAI Governance Committee
KPI-PMM-002PMM Plan Coverage% of high-risk AI with PMM plan100%(# with plan / # high-risk AI) × 100MonthlyProduct DirectorManagement
KPI-PMM-003Data Collection Completeness% of required data collected≥95%(# data points collected / # required) × 100DailyProduct DirectorManagement
KPI-PMM-004Analysis FrequencyFrequency of performance analysisMonthly minimumCount of analyses per monthMonthlyProduct DirectorManagement
KPI-PMM-005Corrective Action ClosureAverage days to close corrective actions<30 daysΣ (closure days) / # actionsPer actionProduct DirectorManagement
KPI-PMM-006Performance StabilityPerformance variation over time<5%Standard deviation of performanceWeeklyProduct DirectorManagement
KPI-PMM-007Issue Detection TimeAverage time to detect issues<24 hoursΣ (detection time) / # issuesPer issueProduct DirectorManagement
KPI-PMM-008Corrective Action Effectiveness% of corrective actions effective≥90%(# effective / # total actions) × 100Per actionProduct DirectorManagement

9.2 KPI Dashboards and Reporting

Real-Time Dashboard (Product Director access)

  • Current PMM status
  • Performance metrics
  • Data collection status
  • Corrective action status
  • System health

Monthly Management Report

  • KPI-PMM-001, 002, 003, 004, 005, 006, 007, 008
  • Trend analysis (vs. previous month)
  • Issues and risks
  • Planned actions

Quarterly AI Governance Committee Report

  • All KPIs
  • PMM effectiveness assessment
  • Performance trends
  • Internal audit findings (if conducted)
  • Exception register review

Annual Executive Report

  • Full-year KPI performance
  • PMM maturity assessment
  • Strategic recommendations
  • Regulatory outlook

9.3 KPI Thresholds and Alerts

KPIGreen (Good)Yellow (Warning)Red (Critical)Alert Action
PMM System Coverage100%95-99%< 95%Red: Immediate escalation to AI Governance Committee Chair
Data Collection Completeness≥95%90-94%< 90%Red: Escalate to AI Governance Committee
Performance Stability<5%5-10%> 10%Red: Escalate to AI Governance Committee
Corrective Action Closure<30 days30-45 days> 45 daysRed: Escalate to AI Governance Committee

TRAINING REQUIREMENTS

10.1 Training Program Overview

All personnel involved in post-market monitoring must complete role-specific training to ensure competency in EU AI Act Article 72 requirements, PMM procedures, and performance analysis.

10.2 Role-Based Training Requirements

RoleTraining CourseDurationContentFrequencyAssessment Required
Product DirectorPMM Management Expert Training16 hoursEU AI Act Article 72; PMM system; PMM planning; Performance analysisInitial + annuallyYes - Written exam (≥90%)
AI System OwnersPMM Overview4 hoursPMM requirements; Responsibilities; PMM planAt onboarding + annuallyYes - Knowledge check (≥80%)
Operations StaffPMM Data Collection Training8 hoursData collection; Data quality; Data managementInitial + annuallyYes - Practical exercise
Data SciencePMM Analysis Training8 hoursPerformance analysis; Trend analysis; Root cause analysisInitial + annuallyYes - Practical exercise
All AI Development StaffPMM Awareness2 hoursPMM basics; Requirements; AwarenessAt onboarding + annuallyYes - Knowledge check (≥80%)

10.3 Training Content by Topic

EU AI Act Article 72 Requirements

  • PMM system (Article 72(1))
  • PMM plan (Article 72(3))
  • Compliance obligations

PMM System

  • System design
  • Data collection
  • Performance analysis
  • Corrective actions

Performance Analysis

  • Performance metrics
  • Trend analysis
  • Root cause analysis
  • Corrective action planning

10.4 Training Delivery Methods

Initial Training:

  • Instructor-led classroom or virtual training
  • Includes interactive exercises and case studies
  • Hands-on practice with PMM tools
  • Group discussions of complex scenarios

Annual Refresher:

  • E-learning modules for core content review
  • Live update sessions for regulatory changes
  • Case study reviews of recent PMM activities
  • Knowledge assessment

On-the-Job Training:

  • Mentoring for new PMM staff
  • Job shadowing during PMM activities
  • Supervised PMM for first 3 AI systems

Just-in-Time Training:

  • Quick reference guides and job aids
  • Video tutorials on specific topics
  • Help desk support from experienced staff

10.5 Training Effectiveness Measurement

Assessment Methods:

  • Written exams for knowledge retention
  • Practical exercises for skill application
  • On-the-job observations for competency validation
  • Feedback surveys for training quality

Competency Validation:

  • Product Directors: Must demonstrate ability to establish PMM system for 1 sample AI system with 100% compliance before independent work
  • All staff: Must pass knowledge assessments with minimum required scores

Training Metrics:

MetricTargetFrequency
Training completion rate100%Quarterly
Assessment pass rate (first attempt)≥ 90%Per training
Training effectiveness score (survey)≥ 4.0/5.0Per training
Time to competency (Product Directors)< 45 daysPer person

10.6 Training Records

Records Maintained:

  • Training attendance records
  • Assessment scores
  • Competency validations
  • Refresher training completion
  • Individual training transcripts

Retention: 10 years (to align with EU AI Act documentation retention)

Access: HR, Product Director, Internal Audit, Competent Authorities (upon request)

DEFINITIONS

TermDefinitionSource
Post-Market Monitoring (PMM)System for monitoring AI systems after market placementEU AI Act Article 72
PMM SystemSystem for actively and systematically collecting data and analyzing performanceEU AI Act Article 72(1)
PMM PlanPlan defining PMM strategy, methods, and proceduresEU AI Act Article 72(3)
Performance MetricsMetrics measuring AI system performanceThis Standard
Data DriftChange in input data distribution over timeThis Standard
Concept DriftChange in relationship between inputs and outputs over timeThis Standard

LINK WITH AI ACT AND ISO42001

12.1 EU AI Act Regulatory Mapping

This standard implements the following EU AI Act requirements:

EU AI Act ProvisionArticleRequirement SummaryImplemented By (Controls)
Post-Market MonitoringArticle 72PMM system for high-risk AIAll controls (PMM-001 through PMM-005)
PMM SystemArticle 72(1)System requirementsPMM-001
PMM PlanArticle 72(3)Plan requirementsPMM-002

12.2 ISO/IEC 42001:2023 Alignment

This standard aligns with ISO/IEC 42001:2023 as follows:

ISO 42001 ClauseRequirementImplementation in This Standard
Clause 9.1: Monitoring, measurement, analysis, and evaluationMonitor and measurePMM-003, PMM-004
Clause 10.1: Nonconformity and corrective actionAddress nonconformitiesPMM-005

12.3 Relationship to Other Standards

This post-market monitoring standard integrates with other AI Act standards:

Related StandardIntegration PointRationale
STD-AI-001: ClassificationClassification determines if PMM requiredHigh-risk AI requires Article 72 PMM
STD-AI-002: Risk ManagementPMM data informs risk management per Article 9(2)(c)PMM data feeds risk management evaluation
STD-AI-009: Quality ManagementPMM integrated with quality management (Article 17(1)(h))PMM supports quality management
STD-AI-013: Incident ManagementPMM may identify incidentsPMM data feeds incident management

12.4 References and Related Documents

EU AI Act (Regulation (EU) 2024/1689):

  • Article 72: Post-Market Monitoring
  • Article 72(1): PMM System
  • Article 72(3): PMM Plan

ISO/IEC Standards:

  • ISO/IEC 42001:2023: Information technology — Artificial intelligence — Management system

Internal Documents:

  • POL-AI-001: Artificial Intelligence Policy (parent policy)
  • STD-AI-001: AI System Classification Standard
  • STD-AI-002: AI Risk Management Standard
  • STD-AI-009: AI Quality Management Standard
  • STD-AI-013: AI Incident Management Standard
  • PROC-AI-PMM-001, -002, -003, -004: PMM procedures

APPROVAL AND AUTHORIZATION

RoleNameTitleSignatureDate
Prepared ByProduct DirectorProduct Director_________________________
Reviewed BySarah JohnsonAI Act Program Manager_________________________
Reviewed ByJane DoeChief Strategy & Risk Officer_________________________
Approved ByJane DoeAI Governance Committee Chair_________________________

Effective Date: 2025-08-01
Next Review Date: 2026-08-01
Review Frequency: Annually or upon regulatory change

END OF STANDARD STD-AI-012

This standard is a living document. Feedback and improvement suggestions should be directed to the Product Director.

Standard Details

Standard ID

STD-AI-012

Version

1.0

Status

draft

Owner

Product Directors

Effective Date

2025-08-01

Applicability

High-risk AI systems

EU AI Act References
Article 72
ISO 42001 Mapping
Clause 9.1Clause 10.2
Related Resources
Implementation GuidesEU AI Act Full Text

Previous

Registration

Next

Incident Management