What documents are needed for Annex IV of the EU AI Act?

Annex IV requires 7 sections: (1) general description of the AI system, (2) detailed description of system elements and development process, (3) monitoring, functioning and control information, (4) risk management system description, (5) changes throughout the lifecycle, (6) standards and conformity with requirements, and (7) EU Declaration of Conformity.

How technical does Annex IV documentation need to be?

Annex IV documentation must be detailed enough for national competent authorities and notified bodies to assess compliance. It should include specific algorithms, data specifications, accuracy metrics, testing results, and risk assessments — not just high-level descriptions.

How long must Annex IV documentation be retained?

Documentation must be retained for at least 10 years after the AI system is placed on the market or put into service. It must be kept up to date throughout the system’s lifecycle and made available to national competent authorities upon request.

What is the penalty for missing Annex IV documentation?

Non-compliance with Annex IV documentation requirements falls under Tier 2 penalties: up to €15 million or 3% of global annual turnover. Without proper documentation you cannot obtain CE marking or register the system in the EU database.

EU AI Act Guide

Annex IV Technical Documentation

Annex IV of the EU AI Act defines the mandatory technical documentation that providers of high-risk AI systems must prepare and maintain. This documentation must be drawn up before the system is placed on the market and kept updated throughout its lifecycle.

Last updated: March 2026·Reviewed by the ActLoom Compliance Team·Official EU AI Act text (Regulation 2024/1689)

Why technical documentation is critical

Annex IV documentation is the primary evidence artifact that regulators, notified bodies, and market surveillance authorities review to determine compliance. Without it, you cannot obtain CE marking, issue an EU Declaration of Conformity, or register your system in the EU database.

Non-compliance with documentation requirements falls under Tier 2 penalties: up to €15 million or 3% of global turnover. Documentation must be retained for at least 10 years after the system is placed on the market.

What the AI Act requires

Article 11 mandates that providers of high-risk AI systems draw up technical documentation in accordance with Annex IV before placing the system on the market. The documentation must demonstrate compliance with every requirement in Chapter III, Section 2 (Articles 8-15).

The documentation must be kept up to date and made available to national competent authorities upon request. For providers established outside the EU, the authorised representative must hold a copy.

Who must prepare Annex IV documentation?

Providers of high-risk AI systems bear primary responsibility. This includes any organisation that develops, commissions, or places a high-risk AI system on the EU market under its own name or trademark.

Deployers do not prepare Annex IV directly, but must verify that the provider has completed it. Deployers of certain high-risk systems must also prepare a Fundamental Rights Impact Assessment (FRIA). If a serious incident occurs, the documentation feeds directly into the Article 73 incident reporting process. All staff handling documentation should have completed AI literacy training.

What to include: Annex IV content structure

General description of the AI system

Intended purpose and intended use scenarios
Versions and relation to previous versions
How the system interacts with hardware or software not part of the system itself
Versions of relevant software or firmware and requirements for updates

Detailed description of system elements and development process

Methods and steps for development, including use of pre-trained systems or third-party tools
Design specifications: general logic, algorithms, key design choices and assumptions
System architecture and computational resources used
Data requirements (data sheets, training methodologies, data sets used, origin, scope, characteristics)
Human oversight measures built into the system

Monitoring, functioning, and control

Capabilities and limitations of the system, including expected accuracy levels
Foreseeable unintended outcomes and sources of risk
Human oversight measures, including technical measures to facilitate interpretation of system outputs
Input data specifications

Risk management system

Description of the risk management process applied (Article 9)
Risk identification and analysis for each hazard
Risk evaluation and residual risk assessment
Risk control measures selected and applied

Changes throughout the lifecycle

Pre-determined changes and the system's capability for self-learning
Impact of changes on the system and its compliance status
Version control and change logs

Standards and conformity with requirements

List of harmonised standards applied (or common specifications / technical standards used)
Article-by-article description of how each requirement in Chapter III Section 2 is addressed
Testing procedures and validation results, including benchmarks and metrics used

EU Declaration of Conformity

Copy of the EU Declaration of Conformity (Article 47)
Contact details of the person responsible for the declaration

Common documentation mistakes

Writing documentation after the system is deployed — it should be maintained throughout development.
Documenting only the final model, not the training process, data choices, and iterative decisions.
Failing to update documentation after significant system modifications.
Missing residual risk analysis — documenting only identified risks without evaluating what remains.
Not including data provenance and representativeness analysis for training datasets.

How ActLoom generates Annex IV documentation

Auto-generated drafts — ActLoom pre-fills Annex IV sections from your system registration data, risk classification, and gap analysis results.
Completeness checker — validates every required section is present and flags gaps before submission.
Version control — tracks every change to documentation with timestamps and author attribution.
Export-ready formats — generate PDF documentation packages ready for regulator submission or notified body review.

Related resources

AI Risk Classification Guide FRIA Report Guide AI Incident Reporting (Article 73)AI Literacy Training (Article 4)

Frequently asked questions

What documents are needed for Annex IV?: Annex IV requires 7 sections: general system description, detailed development process, monitoring and control, risk management system, lifecycle changes, standards conformity, and the EU Declaration of Conformity.
Who must prepare Annex IV documentation?: Providers of high-risk AI systems bear primary responsibility. Deployers must verify the provider has completed it.
How technical does the documentation need to be?: It must be detailed enough for competent authorities and notified bodies to assess compliance: specific algorithms, data specifications, accuracy metrics, testing results, and risk assessments — not just high-level descriptions.
How long must the documentation be retained?: At least 10 years after the system is placed on the market. It must be kept up to date and available to authorities upon request.
What happens if documentation is incomplete?: Without proper Annex IV documentation, you cannot obtain CE marking or register in the EU database. Non-compliance is a Tier 2 penalty: up to €15 million or 3% of global turnover.

Generate your Annex IV documentation in 45 minutes

ActLoom auto-fills your technical documentation from system registration data and validates completeness before export.

Start free assessment

Annex IV Technical Documentation

Why technical documentation is critical

What the AI Act requires

The documentation must be kept up to date and made available to national competent authorities upon request. For providers established outside the EU, the authorised representative must hold a copy.

Who must prepare Annex IV documentation?

What to include: Annex IV content structure

General description of the AI system

Intended purpose and intended use scenarios
Versions and relation to previous versions
How the system interacts with hardware or software not part of the system itself
Versions of relevant software or firmware and requirements for updates

Detailed description of system elements and development process

Methods and steps for development, including use of pre-trained systems or third-party tools
Design specifications: general logic, algorithms, key design choices and assumptions
System architecture and computational resources used
Data requirements (data sheets, training methodologies, data sets used, origin, scope, characteristics)
Human oversight measures built into the system

Monitoring, functioning, and control

Capabilities and limitations of the system, including expected accuracy levels
Foreseeable unintended outcomes and sources of risk
Human oversight measures, including technical measures to facilitate interpretation of system outputs
Input data specifications

Risk management system

Description of the risk management process applied (Article 9)
Risk identification and analysis for each hazard
Risk evaluation and residual risk assessment
Risk control measures selected and applied

Changes throughout the lifecycle

Pre-determined changes and the system's capability for self-learning
Impact of changes on the system and its compliance status
Version control and change logs

Standards and conformity with requirements

List of harmonised standards applied (or common specifications / technical standards used)
Article-by-article description of how each requirement in Chapter III Section 2 is addressed
Testing procedures and validation results, including benchmarks and metrics used

EU Declaration of Conformity

Copy of the EU Declaration of Conformity (Article 47)
Contact details of the person responsible for the declaration

Common documentation mistakes

Writing documentation after the system is deployed — it should be maintained throughout development.

Documenting only the final model, not the training process, data choices, and iterative decisions.

Failing to update documentation after significant system modifications.

Missing residual risk analysis — documenting only identified risks without evaluating what remains.

Not including data provenance and representativeness analysis for training datasets.

How ActLoom generates Annex IV documentation

Auto-generated drafts — ActLoom pre-fills Annex IV sections from your system registration data, risk classification, and gap analysis results.

Completeness checker — validates every required section is present and flags gaps before submission.

Version control — tracks every change to documentation with timestamps and author attribution.

Export-ready formats — generate PDF documentation packages ready for regulator submission or notified body review.

Frequently asked questions

What documents are needed for Annex IV?

Annex IV requires 7 sections: general system description, detailed development process, monitoring and control, risk management system, lifecycle changes, standards conformity, and the EU Declaration of Conformity.

Who must prepare Annex IV documentation?

Providers of high-risk AI systems bear primary responsibility. Deployers must verify the provider has completed it.

How technical does the documentation need to be?

It must be detailed enough for competent authorities and notified bodies to assess compliance: specific algorithms, data specifications, accuracy metrics, testing results, and risk assessments — not just high-level descriptions.

How long must the documentation be retained?

At least 10 years after the system is placed on the market. It must be kept up to date and available to authorities upon request.

What happens if documentation is incomplete?

Without proper Annex IV documentation, you cannot obtain CE marking or register in the EU database. Non-compliance is a Tier 2 penalty: up to €15 million or 3% of global turnover.