How to Register Your AI System in the EU Database (Article 71)
Article 71 of the EU AI Act requires providers and, in some cases, deployers of high-risk AI systems to register in the EU database before placing their system on the market. This step-by-step guide covers who must register, what data to submit, and the most common mistakes to avoid.
The EU database for high-risk AI systems is one of the AI Act's most concrete transparency mechanisms — and one of the obligations that cannot be deferred until after market placement. Article 71 requires registration before a high-risk AI system is placed on the market or put into service. Yet many organisations discover the registration requirement late in their compliance process, leaving them scrambling to meet the deadline.
This guide explains who must register, when, what data to submit, how public versus confidential information is handled, and the most common mistakes that delay or invalidate registration.
What Is the EU AI Database?
The EU database (sometimes called EUAIDB or EUIDB in Commission documentation) is a publicly accessible EU-wide register of high-risk AI systems. It is established under Article 71 and maintained by the European Commission. Its purpose is twofold:
- Transparency: Allow affected persons, civil society, and regulators to identify which high-risk AI systems are operating in the EU market.
- Market surveillance: Give national authorities a searchable reference point to identify providers and their systems for investigation and enforcement.
The database is not a certification registry. Registration does not constitute approval, CE marking, or a declaration of compliance. It is an administrative transparency obligation that runs in parallel to conformity assessment.
Who Must Register?
Registration obligations fall on different actors depending on which Annex III category the system falls into.
Providers — Always Required
All providers of high-risk AI systems listed in Annex III must register their systems before placing them on the EU market or putting them into service. There are no exceptions based on company size — the SME and micro-enterprise provisions (Article 62) reduce some conformity assessment burdens but do not waive the registration requirement.
Deployers — Required for Annex III §1–7 in Non-Public Contexts
Here is the element most organisations miss. For AI systems listed in Annex III, points 1 to 7 (which covers biometrics, critical infrastructure, education, employment, access to services, law enforcement, migration, and administration of justice — but not general-purpose AI), deployers are also required to register when the system is not supplied commercially and the deployer has substantially modified it.
More practically, under Article 71(4), deployers of AI systems in the Annex III §1–7 categories that operate in a non-public context (i.e., internal enterprise deployments not placed on the open market) must register independently if no provider registration exists. This catches companies that build high-risk AI systems in-house for their own use.
Who Is Exempt from Registration?
- Providers and deployers of high-risk AI systems used exclusively for national security, military, or defence purposes (Article 2(3))
- High-risk AI systems used by competent authorities for listed law enforcement purposes subject to separate Article 49 rules
- General-purpose AI models (covered under Title VII, not Article 71)
When Must Registration Occur?
Registration must be completed before placing the high-risk AI system on the EU market or putting it into service. Article 71(1) is explicit: registration is a precondition for market placement, not a post-placement administrative task.
In practice, this means registration should be planned during the conformity assessment phase, so that when the technical documentation is finalised and the declaration of conformity is signed, the registration can be submitted immediately.
Following the AI Omnibus provisional agreement (7 May 2026), the deadline for Annex III high-risk obligations — including registration — has been extended to 2 December 2027 for standalone systems and 2 August 2028 for systems embedded in Annex I regulated products. For systems already in service that remain unchanged, the Article 111(2) transitional provisions continue to apply.
What Data Must Be Submitted?
Article 71(6) specifies the information that providers must submit. The required fields include:
| Field | Description |
|---|---|
| Provider name and contact details | Legal name, registered address, authorised representative (for non-EU providers) |
| AI system name and version | Commercial name and version/release identifier |
| Intended purpose | Precise description of what the system is designed to do |
| Status on the market | Whether the system is being placed on the market, put into service, or updated |
| Member States of operation | All EU Member States where the system will be deployed or used |
| Conformity assessment procedure | Reference to which conformity assessment route was used (Annex VI or Annex VII) |
| Notified body details | Name and registration number of the notified body, if applicable |
| EU declaration of conformity | Reference number and date |
| Technical documentation reference | Reference to the location of the technical documentation |
| Instructions for use | Summary or reference |
| High-risk category | Specific Annex III entry that applies |
Providers must also indicate whether the system is intended to interact with persons and, if so, in what context.
Public Access vs. Confidential Information
Not all registration data is publicly accessible. Article 71(8) allows certain information to be marked as confidential where public disclosure would harm the provider's legitimate commercial interests or compromise the security of the system.
Practically, the following data points are typically public:
- Provider name and country
- AI system name and intended purpose
- High-risk category
- Member States of deployment
- Status (active, withdrawn, updated)
The following may be designated confidential:
- Detailed technical architecture descriptions
- Specific training data sources
- Proprietary performance metrics
- Detailed instructions for use where these reveal competitive information
Providers must still submit confidential information to the database — the Commission and national market surveillance authorities have full access. The confidentiality designation only restricts public visibility, not regulatory access.
The Link to EUIDB
The EUIDB (EU Internal Database) is the operational platform maintained by the Commission. As of mid-2026, the Commission is finalising the interface for public registration submissions following the implementing acts under Article 74(3).
Providers and deployers should monitor the EUIDB portal at the Commission's AI portal (ai.ec.europa.eu) for registration guidance, field specifications, and technical submission instructions as they are published. The interface is expected to be fully operational by Q3 2026.
Step-by-Step Registration Process
Step 1: Confirm scope. Verify that your system qualifies as high-risk under Annex III and that you are the provider or qualifying deployer required to register.
Step 2: Complete technical documentation. Registration cannot be meaningfully completed without the technical documentation required under Article 11 and Annex IV being finalised — many registration fields directly reference the technical documentation.
Step 3: Complete conformity assessment. If your system requires third-party conformity assessment (Annex VII), this must be complete before registration, as the notified body reference number and EU declaration of conformity reference are required fields.
Step 4: Prepare registration data. Compile all required fields (see table above) and determine which fields to designate as confidential under Article 71(8).
Step 5: Submit on the EUIDB portal. Create an account on the Commission's EUIDB portal, complete the registration form, and submit. Keep the assigned registration number for inclusion in your technical documentation and declaration of conformity.
Step 6: Maintain registration currency. Registration is not a one-time submission. Any substantial modification to the AI system, change in intended purpose, withdrawal from the market, or update to conformity assessment status must be reflected by updating the registration within a reasonable timeframe.
Common Mistakes
Registering after market placement. Article 71 requires registration before placing the system on the market. Companies that treat registration as a post-launch administrative task are immediately non-compliant.
Incomplete intended purpose description. The intended purpose field must match the technical documentation precisely. Vague entries like "AI for business processes" are insufficient and will require correction.
Failing to register in all relevant Member States. Registration covers the EU market, but the list of Member States where the system operates must be accurate and updated when deployment expands.
Missing deployer registration. In-house developers of high-risk AI systems for their own use frequently overlook that they may qualify as deployers required to register independently under Article 71(4).
Not updating registration after modifications. A substantial modification to a high-risk AI system triggers a new conformity assessment and an update to the registration. Treating the initial registration as permanent is a compliance gap.
Confusing registration with CE marking. Registration confirms your administrative transparency obligation is met. It is not equivalent to CE marking and does not signal conformity. Both are required, but they are distinct procedures.
DILAIG's compliance platform includes an Article 71 registration readiness checklist that maps your technical documentation fields to the required EUIDB data points, flags gaps before submission, and maintains a registration history log. Prepare your registration package at dilaig.com.