Art. 72 Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems | AI act regulation | AI act

This article places a clear obligation on providers of high-risk AI systems to establish and maintain a post-market monitoring system.

The core idea is that the obligations on providers do not end once a system is placed on the market — providers must actively and systematically collect and analyse data on their system's performance throughout its lifetime to ensure ongoing compliance with the requirements set out in the regulation.

The article also notes a practical integration option for providers already subject to post-market monitoring obligations under other Union harmonisation legislation or Union financial services law, allowing them to fold the requirements of this article into their existing frameworks rather than building entirely separate ones.

Important points:

Establish and document a post-market monitoring system that actively collects, documents, and analyses performance data on your high-risk AI system throughout its lifetime.
The monitoring system must be based on a post-market monitoring plan, which forms part of the technical documentation required under the regulation.
Providers of high-risk AI systems already subject to post-market monitoring obligations under other applicable Union legislation, including financial institutions under Union financial services law, may integrate the requirements of this article into their existing systems and plans.

1. Providers shall establish and document a post-market monitoring system in a manner that is proportionate to the nature of the AI technologies and the risks of the high-risk AI system.
1. The post-market monitoring system shall actively and systematically collect, document and analyse relevant data which may be provided by deployers or which may be collected through other sources on the performance of high-risk AI systems throughout their lifetime, and which allow the provider to evaluate the continuous compliance of AI systems with the requirements set out in Chapter III, Section 2. Where relevant, post-market monitoring shall include an analysis of the interaction with other AI systems. This obligation shall not cover sensitive operational data of deployers which are law-enforcement authorities.
1. The post-market monitoring system shall be based on a post-market monitoring plan. The post-market monitoring plan shall be part of the technical documentation referred to in Annex IV. The Commission shall adopt an implementing act laying down detailed provisions establishing a template for the post-market monitoring plan and the list of elements to be included in the plan by 2 February 2026. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 98(2).
1. For high-risk AI systems covered by the Union harmonisation legislation listed in Section A of Annex I, where a post-market monitoring system and plan are already established under that legislation, in order to ensure consistency, avoid duplications and minimise additional burdens, providers shall have a choice of integrating, as appropriate, the necessary elements described in paragraphs 1, 2 and 3 using the template referred in paragraph 3 into systems and plans already existing under that legislation, provided that it achieves an equivalent level of protection.
2. The first subparagraph of this paragraph shall also apply to high-risk AI systems referred to in point 5 of Annex III placed on the market or put into service by financial institutions that are subject to requirements under Union financial services law regarding their internal governance, arrangements or processes.

Article 72 Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems

Relevant recitals