距离欧盟人工智能法案生效还有 28 天
了解更多 →

EU AI Act Article 11 & Annex IV: Technical Documentation

Article 11 requires providers of high-risk AI systems to draw up technical documentation before the system is placed on the market and to keep it up to date. Annex IV defines exactly what that documentation must contain. This page walks through each Annex IV element, the ten-year retention rule, and how technical documentation connects to the Article 12 logs it references.

Article 11 + Annex IV Deep Dive

EU AI Act Article 11 & Annex IV: Technical Documentation

Article 11 requires providers of high-risk AI systems to draw up technical documentation before the system is placed on the market and to keep it up to date. Annex IV defines exactly what that documentation must contain. This page walks through each Annex IV element, the ten-year retention rule, and how technical documentation connects to the Article 12 logs it references.

上次更新: 2026年7月4日

What Article 11 Requires

The provider of a high-risk AI system must draw up technical documentation before that system is placed on the market or put into service, and keep it up to date throughout the system's lifecycle.

The documentation must demonstrate that the system complies with the requirements of Chapter III, Section 2 of the EU AI Act (risk management, data governance, logging, transparency, human oversight, accuracy and robustness), and it must give national competent authorities and notified bodies the information they need to assess conformity. Article 11 sets the obligation; Annex IV sets the required contents. The two are read together.

What Annex IV Must Contain

Annex IV lists the minimum elements the technical documentation must include:

  • General system description — intended purpose, provider, versions, how the system interacts with hardware or other software, and the forms in which it is placed on the market
  • Detailed description of the development process — design specifications, system architecture, key design choices and their rationale, computational resources used, and the data requirements and datasheets for training, validation and testing data
  • Monitoring, functioning and control — the system's capabilities and limitations, expected accuracy, foreseeable unintended outcomes, and the human oversight measures in place under Article 14
  • Performance metrics — the accuracy, robustness and cybersecurity metrics used, the test data and validation procedures, and the results obtained
  • Risk management system — a description of the Article 9 risk management system and the residual risks that remain after mitigation
  • Post-market monitoring plan — the system in place to collect and review real-world performance data after deployment, as required by Article 72
  • Standards and declarations — the harmonised standards applied (or the solutions adopted where they were not) and a copy of the EU declaration of conformity

Keep the Documentation for Ten Years

Technical documentation is not a one-time deliverable. Under Article 18, the provider must keep the technical documentation, the Article 47 EU declaration of conformity, and related records at the disposal of national competent authorities for ten years after the AI system has been placed on the market or put into service.

Because the documentation must also be kept up to date across that decade, providers need a living records system rather than a static PDF. Every material change to the model, the data, or the oversight arrangements should be reflected in the documentation and preserved through the full retention window.

For SME providers, the AI Act allows a simplified technical-documentation format, but the ten-year retention obligation still applies.

Relationship to Article 12 Logs

Annex IV documentation describes how the system is designed to record events; Article 12 requires the system to actually generate those event logs during operation.

The two are complementary evidence. The technical documentation explains the logging capabilities, retention approach and traceability design, while the automatically generated logs are the running record that proves the system behaved as documented. When a regulator asks you to demonstrate conformity, they will expect the Annex IV description and the Article 12 logs to line up. Treat technical documentation and logging as a single, continuously maintained evidence workstream.

How AIAgentree helps

AIAgentree produces the operational evidence that feeds the Annex IV logging and records requirements — it does not replace your engineering documentation, but it supplies the traceable decision-and-oversight record that documentation must point to:

  • Tamper-evident decision records capture each input, intermediate step, output and human-oversight action, giving you the running evidence that the Annex IV monitoring and control description promises
  • Audit-fit retention and one-click exports (via REST, MCP, A2A and OpenTelemetry, plus Python and TypeScript SDKs) let you preserve and produce records across the ten-year window, with EU data residency in Germany
  • Outcome tracking and precedent search turn those records into the post-market performance signal Annex IV and Article 72 expect, and you can start on the 25-trace free tier before committing

Frequently Asked Questions

Who has to prepare Article 11 technical documentation?

The provider of the high-risk AI system — the entity that develops the system and places it on the market or puts it into service under its own name or trademark. Deployers do not draw up the Annex IV documentation, though they rely on it and on the provider's instructions for use.

How long must the technical documentation be kept?

Ten years. Under Article 18 the provider must keep the technical documentation, the EU declaration of conformity and related records available to national competent authorities for ten years after the system is placed on the market or put into service.

Is Annex IV a fixed checklist or a minimum?

It is a minimum. Annex IV lists the elements the documentation must contain 'at least'. Depending on the system, notified bodies or authorities may reasonably expect additional detail to assess conformity.

Can small providers use a lighter format?

Yes. The AI Act provides for a simplified technical documentation form for SMEs and start-ups, which the Commission is to specify. The substantive requirements and the ten-year retention obligation still apply.

How does technical documentation relate to the Article 12 logs?

Annex IV documentation describes the system's logging and traceability design; Article 12 requires the system to automatically generate the logs during operation. Together they form the evidence that a system both was designed for compliance and actually operated in compliance.

Continue exploring the EU AI Act guide

EU AI Act Compliance Guide

The complete guide to EU AI Act compliance for AI agents — start here.

Article 12 — Record-Keeping & Logging

What every high-risk AI system must log, and how to capture it.

Article 14 — Human Oversight

Designing effective human-in-the-loop controls for AI decisions.

Annex III — High-Risk AI Systems

Which AI use cases the Act classifies as high-risk.

EU AI Act Compliance Checklist

A step-by-step checklist to reach and document compliance.

Compliance Cost Calculator

Estimate your EU AI Act compliance effort and cost.

Deadlines & Timeline

Key enforcement dates, including the August 2, 2026 deadline.

Fines & Penalties

Penalty tiers up to €35M or 7% of global annual turnover.

Transparency Obligations (Art. 13 & 50)

Disclosure duties for AI systems and their outputs.

Risk Management & Conformity Assessment

Build a risk management system and assess conformity.

GPAI Obligations

Rules for providers of general-purpose AI models.

EU AI Act for US Companies

Extraterritorial scope and what US providers must do.

Omnibus Update

The latest changes to the EU AI Act timeline and rules.

Penalty Calculator

Estimate your maximum fine under the Article 99 tiers.

Article 26: Deployer Obligations

What deployers of high-risk AI must do, including log retention.

Article 17: Quality Management

The QMS providers of high-risk AI must document.

Article 10: Data Governance

Data quality, bias mitigation, and governance duties.

Article 4: AI Literacy

The staff AI-literacy duty in force since February 2025.

Deployer vs Provider

Who bears which obligation — and when a deployer becomes a provider.

FRIA (Article 27)

Who must run a Fundamental Rights Impact Assessment, and how.

Who Does It Apply To?

Scope, operators, and the extraterritorial reach of the EU AI Act.

Post-Market Monitoring

Articles 72–73: ongoing monitoring and incident reporting.

ISO 42001 vs EU AI Act

How the voluntary standard and the binding law fit together.

NIST AI RMF vs EU AI Act

A practical crosswalk between the framework and the law.

EU AI Act for Healthcare

High-risk medical AI, MDR/IVDR interplay, and clinician oversight.

EU AI Act for Financial Services

Credit scoring, insurance pricing, and existing financial regulation.

EU AI Act for HR & Employment

Hiring AI as high-risk, plus NYC LL144 and EEOC overlap.