Risk level: high
Title IX — Post-Market Monitoring, Information Sharing, Market Surveillance
Article 72 — Post-Market Monitoring by Providers
Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems 1. Providers shall establish and document a post-market monitoring system in a manner that is proportionate to the nature of the AI technologies and the risks of the high-risk AI system. 2. The post-market monitoring system shall actively and systematically collect, document and...
Article 72
Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems
Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems
1. Providers shall establish and document a post-market monitoring system in a manner that is proportionate to the
nature of the AI technologies and the risks of the high-risk AI system.
2. The post-market monitoring system shall actively and systematically collect, document and analyse relevant data
which may be provided by deployers or which may be collected through other sources on the performance of high-risk AI
systems throughout their lifetime, and which allow the provider to evaluate the continuous compliance of AI systems with
the requirements set out in Chapter III, Section 2. Where relevant, post-market monitoring shall include an analysis of the
interaction with other AI systems. This obligation shall not cover sensitive operational data of deployers which are
law-enforcement authorities.
which may be provided by deployers or which may be collected through other sources on the performance of high-risk AI
systems throughout their lifetime, and which allow the provider to evaluate the continuous compliance of AI systems with
the requirements set out in Chapter III, Section 2. Where relevant, post-market monitoring shall include an analysis of the
interaction with other AI systems. This obligation shall not cover sensitive operational data of deployers which are
law-enforcement authorities.
3. The post-market monitoring system shall be based on a post-market monitoring plan. The post-market monitoring
plan shall be part of the technical documentation referred to in Annex IV. The Commission shall adopt an implementing act
laying down detailed provisions establishing a template for the post-market monitoring plan and the list of elements to be
included in the plan by 2 February 2026. That implementing act shall be adopted in accordance with the examination
plan shall be part of the technical documentation referred to in Annex IV. The Commission shall adopt an implementing act
laying down detailed provisions establishing a template for the post-market monitoring plan and the list of elements to be
included in the plan by 2 February 2026. That implementing act shall be adopted in accordance with the examination
procedure referred to in Article 98(2).
4. For high-risk AI systems covered by the Union harmonisation legislation listed in Section A of Annex I, where
a post-market monitoring system and plan are already established under that legislation, in order to ensure consistency,
avoid duplications and minimise additional burdens, providers shall have a choice of integrating, as appropriate, the
necessary elements described in paragraphs 1, 2 and 3 using the template referred in paragraph 3 into systems and plans
already existing under that legislation, provided that it achieves an equivalent level of protection.
a post-market monitoring system and plan are already established under that legislation, in order to ensure consistency,
avoid duplications and minimise additional burdens, providers shall have a choice of integrating, as appropriate, the
necessary elements described in paragraphs 1, 2 and 3 using the template referred in paragraph 3 into systems and plans
already existing under that legislation, provided that it achieves an equivalent level of protection.
The first subparagraph of this paragraph shall also apply to high-risk AI systems referred to in point 5 of Annex III placed
on the market or put into service by financial institutions that are subject to requirements under Union financial services
law regarding their internal governance, arrangements or processes.
on the market or put into service by financial institutions that are subject to requirements under Union financial services
law regarding their internal governance, arrangements or processes.
SECTION 2
Sharing of information on serious incidents
Previous
Article 71 — EU Database — Requirements and Obl...
Next
Article 73 — Reporting of Serious Incidents
Related Articles in This Chapter
- high Article 73 — Reporting of Serious Incidents
- general Article 74 — Market Surveillance and Control of AI Systems in the Union Market
- general Article 75 — Mutual Assistance, Market Surveillance and Control
- general Article 76 — Supervision of Testing in Real World Conditions
- general Article 77 — Powers of Authorities Protecting Fundamental Rights
Related Blog Articles
HR & Recruitment AI: The Most Common High-Risk Category Under the EU AI Act
How Annex III employment use cases trigger high-risk obligations and what HR teams should impleme...
High-Risk AI Systems: Are You Affected?
Many companies are closer to Annex III obligations than they think. Here is how to assess your ex...
FRIA Guide for High-Risk AI Deployments
What a Fundamental Rights Impact Assessment includes, when it applies, and how SMEs can run FRIA ...
Take our free risk assessment
Find out where your company stands under the EU AI Act in 2 minutes.
Start the Quiz