Source: OJ L, 2024/1689, 12.7.2024Current language: EN
- Artificial intelligence act
Basic legislative acts
- AI act regulation
Article 49 Registration
Summary What does Article 49 of the AI act regulation say?
This article establishes the registration obligations that must be fulfilled before high-risk AI systems are placed on the market or put into service.
It connects directly to Article 71, which sets up the EU database where these registrations take place, and to Article 6(3), which governs how providers self-classify systems as non-high-risk.
The article covers three distinct groups of actors — providers, authorised representatives, and public authority deployers — each of whom must register themselves and their systems in that central database before proceeding.
A notable carve-out exists for sensitive areas such as law enforcement, migration, asylum, and border control, where registrations are confined to a restricted, non-public section of the database accessible only to the Commission and designated national authorities.
Important points:
- Register yourself and your high-risk AI system in the EU database (Article 71) before placing it on the market or putting it into service.
- Public authority deployers are also required to register their use of high-risk AI systems in the EU database before deployment.
- For systems in law enforcement, migration, asylum, and border control areas, registration is held in a secure non-public section of the EU database, with access limited to the Commission and specific national authorities.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Before placing on the market or putting into service a high-risk AI system listed in Annex III, with the exception of high-risk AI systems referred to in point 2 of Annex III, the provider or, where applicable, the authorised representative shall register themselves and their system in the EU database referred to in Article 71.
Before placing on the market or putting into service an AI system for which the provider has concluded that it is not high-risk according to Article 6(3), that provider or, where applicable, the authorised representative shall register themselves and that system in the EU database referred to in Article 71.
Before putting into service or using a high-risk AI system listed in Annex III, with the exception of high-risk AI systems listed in point 2 of Annex III, deployers that are public authorities, Union institutions, bodies, offices or agencies or persons acting on their behalf shall register themselves, select the system and register its use in the EU database referred to in Article 71.
For high-risk AI systems referred to in points 1, 6 and 7 of Annex III, in the areas of law enforcement, migration, asylum and border control management, the registration referred to in paragraphs 1, 2 and 3 of this Article shall be in a secure non-public section of the EU database referred to in Article 71 and shall include only the following information, as applicable, referred to in:
Section A, points 1 to 10, of Annex VIII, with the exception of points 6, 8 and 9;
Section B, points 1 to 5, and points 8 and 9 of Annex VIII;
points 1, 2, 3 and 5, of Annex IX.
Only the Commission and national authorities referred to in Article 74(8) shall have access to the respective restricted sections of the EU database listed in the first subparagraph of this paragraph.
High-risk AI systems referred to in point 2 of Annex III shall be registered at national level.
Relevant recitals
Recital 131 EU database of high-risk AI systems
In order to facilitate the work of the Commission and the Member States in the AI field as well as to increase the transparency towards the public, providers of high-risk AI systems other than those related to products falling within the scope of relevant existing Union harmonisation legislation, as well as providers who consider that an AI system listed in the high-risk use cases in an annex to this Regulation is not high-risk on the basis of a derogation, should be required to register themselves and information about their AI system in an EU database, to be established and managed by the Commission. Before using an AI system listed in the high-risk use cases in an annex to this Regulation, deployers of high-risk AI systems that are public authorities, agencies or bodies, should register themselves in such database and select the system that they envisage to use. Other deployers should be entitled to do so voluntarily. This section of the EU database should be publicly accessible, free of charge, the information should be easily navigable, understandable and machine-readable. The EU database should also be user-friendly, for example by providing search functionalities, including through keywords, allowing the general public to find relevant information to be submitted upon the registration of high-risk AI systems and on the use case of high-risk AI systems, set out in an annex to this Regulation, to which the high-risk AI systems correspond. Any substantial modification of high-risk AI systems should also be registered in the EU database. For high-risk AI systems in the area of law enforcement, migration, asylum and border control management, the registration obligations should be fulfilled in a secure non-public section of the EU database. Access to the secure non-public section should be strictly limited to the Commission as well as to market surveillance authorities with regard to their national section of that database. High-risk AI systems in the area of critical infrastructure should only be registered at national level. The Commission should be the controller of the EU database, in accordance with Regulation (EU) 2018/1725. In order to ensure the full functionality of the EU database, when deployed, the procedure for setting the database should include the development of functional specifications by the Commission and an independent audit report. The Commission should take into account cybersecurity risks when carrying out its tasks as data controller on the EU database. In order to maximise the availability and use of the EU database by the public, the EU database, including the information made available through it, should comply with requirements under the Directive (EU) 2019/882.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
conformity assessment
Definition
instructions for use
Definition
provider
Definition
law enforcement
Definition
market surveillance authority
Definition
authorised representative
Definition
substantial modification
Definition
critical infrastructure
Definition
deployer
Definition
law enforcement authority
- any public authority competent for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; or
- any other body or entity entrusted by Member State law to exercise public authority and public powers for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
Definition
intended purpose
Definition
placing on the market
Definition
AI system
Definition
risk
Definition
putting into service
Definition
general-purpose AI model