EU AI Act Article 11: technical documentation requirements
EU AI Act Article 11: technical documentation requirements
Article 11 of the EU AI Act is where compliance becomes tangible for engineering teams. It requires providers of high-risk AI systems to prepare and maintain a comprehensive technical documentation package that covers the design, development, and functioning of the system. This documentation is not written for users; it is written for conformity assessment bodies and market surveillance authorities. For CTOs at EU startups, Article 11 is effectively the specification for your compliance engineering deliverable: a structured artefact that proves your system was built to the required standard.
What the EU AI Act requires
Article 11(1) requires that technical documentation be drawn up before a high-risk AI system is placed on the market and kept up to date throughout its lifecycle. The content requirements are defined in Annex IV, which lists the following mandatory components: a general description of the system and its intended purpose; a detailed description of the system components, including algorithms, training methodologies, model architecture, and training data; information on monitoring, functioning, and control; a description of the risk management process conducted under Article 9; data governance documentation as required by Article 10; a description of changes made across the system's lifecycle; a copy of the EU declaration of conformity; and post-market monitoring plans under Article 72. For systems that undergo substantial modification after market placement, the documentation must be updated accordingly.
What this means for your business
For a startup with a single high-risk AI product, Article 11 documentation is a significant engineering and legal writing effort, typically spanning dozens of pages. Many teams underestimate this because they conflate it with a product specification or an API reference. The distinction is critical: Annex IV documentation must be structured to satisfy a regulatory audit, not to onboard a developer. If you rely on a foundation model or third-party AI component, you must document how that component was integrated, what its known limitations are, and how your risk management process accounts for its behaviour. Startups using open-source base models should pay particular attention, as model cards from open-source providers often lack the granularity required by Annex IV. The compliance deadline for Annex III high-risk systems is December 2, 2027.
Steps to get compliant
1. Obtain Annex IV of the EU AI Act and map each of its numbered requirements to an owner in your organisation, creating a documentation workplan with assigned responsibilities and target dates.
2. Begin capturing technical documentation artefacts during active development rather than retrospectively; integrate Annex IV sections into your sprint documentation and architecture decision records.
3. Engage legal counsel familiar with EU product regulation to review draft documentation for completeness before any conformity assessment submission.
4. Establish a version-control system for your technical documentation, linked to software releases, so that any material change to the system automatically triggers a documentation review and update cycle.
Free EU AI Act risk assessment
Not sure where your AI system stands? The free ActComply risk screener classifies your system in under 5 minutes. No sign-up required.