Annex IV checklist: what startups actually need to prepare

Not all Annex IV sections carry equal weight during initial market surveillance review. Regulators typically start with Section 1 (general description of the AI system and its intended purpose), Section 4 (risk management system), and Section 6 (standards applied and how each Article 8-15 requirement is addressed).

If these three sections are incomplete or vague, the review stops there. Prioritize them: detailed AI system description with version history, a documented risk management process per Article 9, and a clear mapping of which harmonised standards or common specifications you follow.

Section 1: System identity, intended purpose, all use scenarios, hardware/software dependencies, version history. Section 2: Development methodology, training data provenance and characteristics, data sheets, algorithm description and key design choices. Section 3: Known accuracy levels, foreseeable unintended outcomes, human oversight measures, input data specifications.

Section 4: Risk identification, analysis, evaluation, and residual risk assessment. Section 5: Pre-determined changes and version control. Section 6: Standards mapped to each Chapter III requirement. Section 7: EU Declaration of Conformity and contact details. For startups, focus on substance over polish — regulators value accurate technical content over formatted templates.

Annex IV documentation must be retained for 10 years and updated after any significant system modification. Build documentation into your development workflow rather than treating it as a one-time deliverable. Track changes, date every update, and log who made modifications.

ActLoom auto-fills Annex IV sections from your system registration data and flags when changes to your AI system require documentation updates — so small teams can maintain compliance without a dedicated documentation role.