Are you ready for the EU AI Act? By August 2026, high-risk AI providers must comply with strict regulations. Here’s a streamlined guide of a possible pathway to help you navigate Annex VI (internal control) compliance and ensure you are prepared without the involvement of a notified body.
Key Takeaways
- Compliance Deadline: August 2026 for high-risk AI providers.
- Annex VI Option: Self-declare compliance, but rigorous internal processes are still required.
- Focus on Quality: A strong Quality Management System (QMS) is essential to meet the EU AI Act’s demands.
- Trustworthiness: Adopting ISO standards (17065:2012, 17021-1:2015) boosts your credibility.
- Prohibited Systems: Must be removed from the market by February 2025.
What is Annex VI?
Annex VI of the EU AI Act allows providers of high-risk AI systems to self-declare conformity without a notified body. While this might seem less burdensome than Annex VII which imposes the involvement of a notified body, it still requires strict internal checks to ensure safety, performance, and compliance.
Steps to Prepare for Annex VI Compliance
1. Build a Strong Quality Management System (QMS)
Your QMS should reflect responsible design, development, and ongoing monitoring of your AI systems. Ensuring compliance with Article 17 of the EU AI Act and aligning with ISO standards improves trustworthiness and operational efficiency.
2. Document Technical Compliance
You must verify and document the design, development, and safety processes of your AI systems to ensure compliance with essential requirements. This includes clear documentation of how your systems meet Chapter III, Section 2 of the EU AI Act.
3. Increase Trustworthiness with ISO Standards
Following ISO/IEC 17065:2012 and ISO/IEC 17021-1:2015 helps align your QMS and technical processes with globally recognized standards. While a notified body isn’t required under Annex VI, adopting these two ISO/IEC EU harmonised standards demonstrates reliability and rigor—boosting market confidence.
Ensuring Trustworthiness in Self-Declaration
Self-declaration under Annex VI, also known as first-party conformity assessment, offers a lower level of trustworthiness compared to third-party assessments. However, your QMS must still meet the same standards a notified body would expect. Article 17(2) of the EU AI Act emphasizes the need for the “degree of rigour” required for high-risk AI systems.
The EU’s 2022 Blue Guide (Annex 4) confirms that under Module A (internal control), providers must perform all the checks that a notified body would do. This ensures that internal assessments meet the same stringent requirements, safeguarding regulatory compliance and market credibility.
Implications of ISO/IEC 17021-1:2015 for Annex VI Compliance
ISO/IEC 17021-1:2015 clause 9 outlines the two-stage audit process critical for Annex VI compliance. While Stage 1 evaluates the design of your QMS, Stage 2 assesses its effective implementation. At least one full QMS internal audit should have taken place before stage 1.
At Stage 2, the final audit report determines whether your AI system is ready for the EU declaration of conformity. Any major noncompliance will prevent the issuance of the declaration, delaying your system’s market entry.
By Stage 2, your QMS must be operational, and you should be able to provide objective evidence like for example management involvement, staff competence, and internal audits (usually following ISO 19011:2018 guidelines). Enough records demonstrating compliance need to be secured ahead and available for review and evaluation by auditors when requested.
Why Invest in a QMS Now?
- Avoid Last-Minute Issues: A robust QMS identifies risks and ensures compliance well ahead of the 2026 deadline.
- Prevent Fines: Non-compliance can lead to costly administrative fines. A well-established QMS mitigates these risks.
- Boost Market Trust: Even for non-high-risk systems, a QMS increases credibility and market acceptance.
Practical Tips for Action
- Start Building Your QMS Early: Begin developing your QMS now to ensure full compliance by August 2026.
- Consider Third-Party Auditors: External auditors, while not required, can provide an additional layer of assurance. There may be a scarcity of competent auditors initially, so securing expertise early is crucial.
- Plan for the Long Term: Compliance is ongoing. Regular internal audits and updates to your QMS will be essential.
Next Steps
Preparing for Annex VI compliance may seem less burdensome than involving a notified body but it might be quite the opposite. The investment in terms of time, human and financial resources is significant. A strong QMS is crucial for long-term success. Start early, follow international and EU harmonised standards, and secure external auditing support if needed.
Are you navigating the complexities of the EU AI Act? I’d love to hear about your experiences and challenges. Connect with me to continue the conversation.
One response
Hi, this is a comment.
To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.
Commenter avatars come from Gravatar.