Technical Documentation (Article 11)

Learning Objectives

By the end of this chapter, you will be able to:

Create compliant technical documentation meeting Annex IV requirements
Structure documentation to demonstrate conformity with all high-risk AI obligations
Maintain and update documentation throughout the AI system lifecycle
Prepare documentation for conformity assessment and regulatory review
Implement documentation retention and access protocols

Article 11 and Annex IV establish the comprehensive documentation requirements that form the foundation of AI Act compliance. Technical documentation is not merely administrative—it demonstrates that your high-risk AI system was designed, developed, and validated to meet all applicable requirements.

Why Documentation Matters

Compliance Demonstration

Technical documentation is the primary evidence that your AI system complies with Chapter III, Section 2 requirements. Without proper documentation, you cannot:

Complete conformity assessment
Obtain CE marking
Register in the EU database
Defend against enforcement actions

Regulatory Access

Article 11(1) requires that documentation "provide national competent authorities and notified bodies with the necessary information in a clear and comprehensive form to assess the compliance of the AI system." Article 11(2) establishes that for high-risk AI systems related to products covered by Annex I Section A Union harmonisation legislation, a single set of technical documentation shall be drawn up. Inadequate documentation = potential enforcement action.

❗ Critical Timing: Technical documentation must be drawn up BEFORE placing the high-risk AI system on the market or putting it into service. It must be kept up-to-date throughout the system's lifecycle.

Annex IV: Mandatory Documentation Elements

Annex IV specifies nine sections of required documentation:

1. General Description of the AI System

Element	Required Content
Trade name and version	Unique identification of the system
Provider identity	Name, address, contact details
Intended purpose	What the system is designed to do
Version history	All versions placed on market
Hardware requirements	Hardware the system is designed to run on
Product integration	If part of larger product, product description

2. Detailed Description of System Elements

Element	Required Content
Development process	Methods, procedures, techniques used
System architecture	How elements interconnect and process information
Computational resources	Processing requirements
Main classification choices	Key design decisions and rationale
What the system optimises	Objectives and parameters
Expected outputs	What the system produces

3. Detailed Description of Monitoring, Functioning, and Control

Element	Required Content
Operational context	Persons and circumstances of use
Human oversight measures	How human control is implemented
Accuracy specifications	Performance levels and metrics
Robustness specifications	Resilience characteristics
Cybersecurity measures	Protection against threats

4. Appropriateness of Performance Metrics

Element	Required Content
Performance metrics	Description of the metrics used to measure accuracy, robustness, and compliance
Metric appropriateness	Justification for chosen metrics given the intended purpose
Benchmarks	Reference benchmarks and thresholds applied
Validation approach	How the appropriateness of metrics was validated

5. Description of Risk Management System

Element	Required Content
Risk management system	Description of the Article 9 system
Risk identification	Identified risks and their assessment
Risk mitigation	Measures taken to address risks
Testing and evaluation	Procedures used for risk validation

6. Description of Relevant Changes Throughout Lifecycle

Element	Required Content
Version control	Changes made since initial market placement
Modifications	Description of substantial modifications
Update procedures	How system updates are managed

7. Applied Harmonised Standards or Other Specifications

Element	Required Content
Standards applied	List of harmonised standards used
Common specifications	If applicable, Commission specifications
Deviations	Any deviations and justifications

8. EU Declaration of Conformity

Element	Required Content
Declaration reference	Unique identifier
Provider statement	Declaration of compliance
Signature	Authorised signatory

9. Post-Market Monitoring System

Element	Required Content
Monitoring system	Description of Article 72 system
Data collection	What data is collected and how
Analysis procedures	How monitoring data is analysed

Documentation Best Practices

Structure and Organisation

Best Practice	Implementation
Modular structure	Organise by Annex IV category
Version control	Track all documentation changes
Cross-referencing	Link related sections clearly
Index and search	Enable quick navigation
Executive summary	Provide overview for reviewers

Writing Standards

Be Specific: Avoid vague statements; provide concrete details Be Complete: Address all required elements Be Current: Reflect the current state of the system Be Accurate: Ensure technical accuracy Be Accessible: Write for regulatory reviewer audience

Common Pitfalls to Avoid

Pitfall	Why It's a Problem
Generic templates	Doesn't reflect specific system
Outdated information	Non-compliance with lifecycle update requirement
Missing elements	Incomplete compliance demonstration
Inaccessible storage	Authorities can't access when needed
No version control	Can't demonstrate change management

Lifecycle Documentation Updates

When Updates Are Required

Trigger	Action Required
System modification	Update affected sections
Performance change	Update accuracy/robustness specs
New risks identified	Update risk management section
Incident occurs	Document and update as appropriate
Standards change	Review and update standards section

Update Documentation Procedure

Identify change → Determine what changed
Assess impact → Which documentation sections affected?
Update content → Revise affected sections
Version control → Record change with date and reason
Review → Verify accuracy of updates
Archive previous → Retain previous versions

Retention and Access Requirements

Retention Period

Actor	Retention Requirement
Provider	10 years after last AI system placed on market
Deployer (public sector)	Logs retained for appropriate period

Access Obligations

Documentation must be made available to:

National competent authorities (on request)
Market surveillance authorities
Notified bodies (during conformity assessment)

Expert Insight

Consider implementing a document management system with audit trails. This demonstrates not only compliance with content requirements but also with access and update obligations.

Integration with Other Requirements

Requirement	Documentation Connection
Risk Management (Art. 9)	Risk documentation is Annex IV content
Data Governance (Art. 10)	Data governance documented here
Logging (Art. 12)	Logging capabilities documented
Transparency (Art. 13)	Instructions for use documented
Human Oversight (Art. 14)	Oversight measures documented
Accuracy/Robustness (Art. 15)	Performance specifications documented
Conformity Assessment (Art. 43)	Documentation is assessment input

Documentation Compliance Checklist

Annex IV Sections:

General description complete
System elements and development process detailed
Monitoring, functioning, control described
Appropriateness of performance metrics documented
Risk management system documented
Lifecycle changes tracked
Harmonised standards listed
EU declaration of conformity prepared
Post-market monitoring described

Management:

Documentation prepared before market placement
Version control implemented
Update procedures established
10-year retention system in place
Access mechanisms for authorities ready

Technical Documentation