EU AI Act Technical Documentation: What to Include and How to Structure It
A practical guide to Annex IV technical documentation under the EU AI Act — what it must contain, how to structure it, and how long to keep it.
If you are developing or deploying a high-risk AI system in the EU, technical documentation is not optional. Under Article 11 of Regulation (EU) 2024/1689 — the EU AI Act — providers must draw up technical documentation before placing a high-risk system on the market or putting it into service. That documentation must be kept up to date throughout the system's lifecycle.
This guide breaks down exactly what Annex IV requires, how to structure each section, who can request the documentation, and what the rules are for smaller businesses.
Why Technical Documentation Is a Legal Obligation
Article 11 of the EU AI Act states plainly that providers of high-risk AI systems shall draw up technical documentation in accordance with Annex IV. The purpose is twofold: to demonstrate compliance with the Act's requirements and to give national market surveillance authorities the information they need to assess that compliance.
Without complete technical documentation, a provider cannot obtain a CE marking, register the system in the EU database, or issue a valid EU Declaration of Conformity. In other words, technical documentation is the foundation that every other compliance step builds on.
The documentation must be updated whenever a high-risk AI system is substantially modified — meaning changes that affect the system's compliance status or performance beyond the parameters validated during the original conformity assessment.
The 8 Elements of Annex IV
Annex IV sets out eight mandatory sections. Each one serves a distinct compliance function, and together they give regulators a complete picture of what your system is, how it was built, and how it behaves in the real world.
1. General Description of the AI System
This section covers the intended purpose of the system, the version information, and a high-level explanation of how the system works. It should also identify the category of high-risk use under Annex III that applies to your system, and name any prior technical documentation if the system is an update to an existing one.
Think of this section as the executive summary for regulators: clear, concise, and unambiguous about what the system does and for whom.
2. Detailed Description of the Development Process
This section documents the design choices made during development, including the overall architecture, the type of AI approach used (machine learning, logic-based, etc.), and the computational resources used. It should explain what assumptions were made, what trade-offs were accepted, and how design decisions relate to the system's intended purpose.
If third-party components, pre-trained models, or tools were used, they must be identified here.
3. Information on Training Data
Under Article 10, high-risk AI systems must use training data that meets quality criteria including relevance, representativeness, and freedom from errors. Annex IV requires you to document those datasets: their provenance, the collection methodology, any preprocessing steps, and the criteria used to select training, validation, and test data.
This section is particularly important for systems that may affect protected groups. Regulators will scrutinise whether your data choices could introduce or amplify bias.
4. Validation and Testing Information
You must document the testing procedures used to validate the system before deployment. This includes the metrics used to evaluate performance, the test datasets, the outcomes of testing, and any known limitations or failure modes identified during validation.
This section should also address how the system performs across different demographic groups and operating conditions.
5. Monitoring, Functioning, and Control of the System
This covers the technical measures in place to allow human oversight of the system as required by Article 14. It should describe the logging mechanisms, the ability to interrupt or override the system, and any automatic shut-off features.
6. Logging Capabilities
Logging is addressed as a standalone element in Annex IV because the EU AI Act places significant weight on traceability. Your documentation must describe what events the system logs, at what level of granularity, for how long logs are retained, and how they can be accessed by deployers and authorities.
Article 12 separately requires that high-risk AI systems automatically log events over their lifetime "to the extent technically feasible." What you document here must align with what the system actually does.
7. Instructions for Use
The technical documentation must include a copy of the instructions for use that will accompany the system when it is placed on the market or put into service. Under Article 13, those instructions must cover the identity and contact details of the provider, the system's capabilities and limitations, performance metrics, any circumstances that could affect performance, and information to help deployers apply human oversight correctly.
8. Detailed Description of the System's Design
This final section goes deeper than the general description in Section 1. It covers the mathematical or logical structure of the system, the optimisation objectives, the key design parameters, and any modifications made during development. For machine-learning systems, it should include details of the training approach, the architecture of the model, and the parameters used.
How Long Must You Keep the Documentation?
Article 18 of the EU AI Act requires providers to retain technical documentation for ten years after the high-risk AI system has been placed on the market or put into service. If the provider goes out of business, this obligation transfers to any legal successor.
The ten-year rule also applies to the EU Declaration of Conformity, which must reference and be consistent with the technical documentation.
Simplified Documentation for SMEs
Article 63(3) of the EU AI Act provides that microenterprises and small enterprises may draw up technical documentation in a simplified form. The European AI Office is expected to publish guidance on what "simplified form" means in practice, but the core intent is to reduce the administrative burden for smaller providers while maintaining the substance of what regulators need to assess compliance.
This does not mean SMEs are exempt from documenting their systems — it means the format and level of detail may be proportionate to the size and resources of the organisation.
When Authorities Can Request Your Documentation
Under Article 74, national market surveillance authorities have the power to request access to technical documentation as part of market surveillance activities. They can also request access to training datasets and source code where necessary and proportionate to assess compliance.
If you receive such a request, you are legally required to make the documentation available. Incomplete or missing documentation can trigger enforcement action, including orders to withdraw the system from the market.
Technical Documentation and the EU Declaration of Conformity
The EU Declaration of Conformity (Article 47) and the technical documentation are linked but distinct. The Declaration is a formal statement that the system complies with the AI Act. It references the technical documentation but does not replace it.
A common mistake is treating the Declaration as a summary of the documentation. It is not. The Declaration confirms compliance; the technical documentation proves it. Both must exist, and both must be consistent with each other.
Practical Tips for Structuring Your Documentation
| Tip | Why It Matters |
|---|---|
| Start drafting during development, not after | Retrospective documentation is harder to write and easier to challenge |
| Assign a documentation owner | Ensures the documentation is updated when the system changes |
| Version-control the documentation | Allows you to demonstrate what was in place at any given point in time |
| Cross-reference your risk management records | Article 9 requires a risk management system — link it to the relevant Annex IV sections |
| Align your instructions for use with actual deployer needs | Regulators check whether deployers can meaningfully apply human oversight |
How DilAIg Helps
Annex IV documentation is demanding to produce from scratch. DilAIg's 50-question audit walks you through every element required by Annex IV and generates a structured Technical Documentation draft automatically. The output covers all eight sections, is formatted for regulatory review, and can be updated as your system evolves.
Start your compliance audit and get your Annex IV draft →
FAQ: EU AI Act Technical Documentation
Does every AI system need Annex IV technical documentation?
No. Only providers of high-risk AI systems as defined in Article 6 and Annex III are required to draw up technical documentation under Annex IV. General-purpose AI models have separate documentation requirements under Articles 53 and 55.
What happens if my documentation is incomplete?
Market surveillance authorities can require you to bring the system into compliance, impose restrictions on its use, or order its withdrawal from the market. Fines for non-compliance with documentation obligations can reach €15 million or 3% of global annual turnover, whichever is higher.
Can I use a template for Annex IV documentation?
Yes, templates are permitted. What matters is that the content is accurate and complete for your specific system. A generic template that does not reflect your actual system's architecture, training data, and testing results will not satisfy regulatory requirements.
Does technical documentation need to be in a specific language?
The documentation must be available in a language that the relevant national authority can understand, which in practice means the official language(s) of the member state where the system is placed on the market or used.
When must documentation be updated?
After any substantial modification — defined as a change that affects the system's compliance with the Act or alters the system's performance beyond what was validated during the conformity assessment.
Key Takeaways
- Article 11 requires all providers of high-risk AI systems to draw up Annex IV technical documentation before market placement
- Annex IV has eight mandatory sections covering system description, development process, training data, testing, monitoring, logging, instructions for use, and detailed design
- Documentation must be retained for ten years (Article 18) and updated after substantial modifications
- Microenterprises and small enterprises may use a simplified form under Article 63(3)
- Market surveillance authorities can request access to documentation under Article 74
- Technical documentation and the EU Declaration of Conformity are distinct but must be mutually consistent