Article 16: Obligations of providers of high-risk AI systems

Article 16 requires providers to ensure their AI systems comply with requirements, implement a quality management system, maintain technical documentation, and affix the CE marking.

Yes, providers must register themselves and their high-risk AI system in the EU database in accordance with Article 49, before placing the system on the market.

Article 16 of the AI Act does not provide a general exemption for SMEs. However, the AI Act includes supportive measures and potentially lighter obligations for small and medium-sized enterprises, depending on their role in the AI value chain.

Article 16 of the AI Act complements the GDPR. While the GDPR protects personal data, the AI Act focuses on the safety and trustworthiness of AI systems. Organisations must comply with both regulations when their AI system processes personal data.

The AI Act follows a phased implementation. Prohibited AI practices apply from February 2025, obligations for high-risk AI systems from August 2026, and other provisions take effect gradually. The specific deadline for Article 16 depends on the category of the obligation.

Yes, Article 16 of the AI Act may also be relevant when you purchase AI systems. As a deployer, you have your own obligations under the AI Act, regardless of whether you developed the system yourself or purchased it from a provider.

Under Article 16 of the AI Act, the provider is the entity that develops or places the AI system on the market, while the deployer is the entity that uses the system under its own authority. Both roles carry different obligations.

Article 16 of the AI Act requires that relevant documentation is maintained as part of the compliance process. This may include technical documentation, instructions for use, logs or declarations of conformity, depending on the classification of the AI system.

Before market placement, the provider must: establish a risk management system (Art. 9), ensure data governance (Art. 10), prepare technical documentation (Annex IV), undergo a conformity assessment (Art. 43), affix the CE marking and register the system in the EU database (Art. 49).

If you substantially modify an AI system or place it on the market under your own name, you are considered a provider under the AI Act. You then bear all Article 16 obligations, including conformity assessment and technical documentation.

Yes, Article 17 (referenced by Article 16) requires providers of high-risk AI to establish a quality management system (QMS). This includes strategies, procedures, rules and instructions for systematically ensuring compliance throughout the entire lifecycle.