EU AI Act Article 13: transparency requirements for high-risk AI
EU AI Act Article 13: transparency requirements for high-risk AI
Article 13 of the EU AI Act addresses a practical gap that has caused real harm in deployed AI systems: the people operating AI tools often do not have adequate information about what those tools can and cannot do. For providers of high-risk AI systems, Article 13 creates a legal obligation to fix this. It requires that your system is designed and built to enable deployers to understand it sufficiently to use it responsibly, and that you provide instructions that make this possible. For product teams, this obligation shapes what must be shipped alongside the model.
What the EU AI Act requires
Article 13(1) requires that high-risk AI systems be designed and developed to ensure that their operation is sufficiently transparent to enable deployers to interpret the system's output and use it appropriately. Article 13(3) specifies the minimum content of instructions for use, which must accompany every high-risk AI system. These instructions must include: the identity and contact details of the provider; the system's capabilities and intended purpose; the level of accuracy and performance metrics, including any known limitations and circumstances under which the system may fail or perform below its stated level; human oversight measures required under Article 14; the computational resources and technical infrastructure required; the expected lifetime of the system and maintenance requirements; and any technical measures required for safe deployment. For biometric systems, additional disclosure requirements apply under Article 13(3)(f).
What this means for your business
If you sell an AI-powered credit risk tool to a bank, Article 13 means you must provide that bank with documented information about the conditions under which your model underperforms, the demographic groups for which accuracy may vary, and what the bank's operators need to do to exercise appropriate human oversight. This is not optional liability language in a contract; it must be embedded in the product's instructions for use as a formal compliance document. For B2B SaaS startups, this also has implications for your customer onboarding and support processes: keeping instructions for use current as your model evolves is an ongoing obligation, not a one-time deliverable. Startups that deploy their own high-risk AI directly to end users carry the combined obligations of provider and deployer under Articles 13 and 26.
Steps to get compliant
1. Draft a structured instructions-for-use document for each high-risk AI system, using the Article 13(3) checklist as your table of contents, and assign ownership to a product or compliance function.
2. Work with your data science team to produce honest, auditable performance metrics by subgroup and context, which will form the accuracy and limitations section of your instructions for use.
3. Establish a release process that requires instructions-for-use to be updated before any material change to the system is deployed to customers.
4. Provide deployer-facing documentation in the official languages of each EU Member State where the system is used, as required under Article 13(4).
Free EU AI Act risk assessment
Not sure where your AI system stands? The free ActComply risk screener classifies your system in under 5 minutes. No sign-up required.