EU AI Act Annex IV: the technical documentation file explained (2026)
Published July 12, 2026 · 5 min read
If your AI system is high-risk under the EU AI Act, Article 11 requires you to draw up and keep up to date a technical documentationfile before the system is placed on the market — and to keep it current for its whole life. Annex IV sets out what that file must contain: nine sections that together prove the system meets the Act's requirements. Here is each section in plain English, plus the simplified route for SMEs most guides forget to mention.
Who has to produce it?
Only providers of high-risk AI systems (Annex III use cases such as HR, credit scoring, or biometric ID, and Annex I product-safety systems). If you are unsure whether your system is high-risk, start with our Annex III high-risk guide — or run the free EU AI Act Snapshot to get your risk tier in two minutes. Minimal-risk and limited-risk systems do not need an Annex IV file.
The nine sections of Annex IV
- General description of the system — intended purpose, provider name, version, how it interacts with other hardware/software, the forms in which it is distributed, and the instructions for use given to deployers.
- Development process & data governance — the design methods and steps, system architecture, and the datasets used (their provenance, labelling, cleaning) plus how bias was examined.
- Monitoring, functioning & control— the system's capabilities and limitations, its expected accuracy, the foreseeable unintended outcomes and risks to health, safety and fundamental rights, and the human oversight measures required under Article 14.
- Performance metrics — a justification of why the chosen accuracy, robustness and cybersecurity metrics are appropriate for the system.
- Risk management system — the Article 9 risk management process, run continuously across the lifecycle.
- Lifecycle changes — a record of the relevant changes made to the system through its life.
- Harmonised standards applied — the list of standards you followed (or, where none were applied, the other solutions used to meet the requirements).
- EU declaration of conformity — a copy of the signed declaration under Article 47.
- Post-market monitoring plan — the system you have in place to evaluate performance after deployment, per Article 72.
Good news for SMEs: a simplified file
Article 11(1) explicitly lets SMEs, including start-ups, provide the Annex IV elements in a simplified manner. The Commission is establishing a simplified technical-documentation form aimed at small and micro enterprises — so you are not held to the same volume of paperwork as a large provider. You still have to cover the nine areas; you just get to do it proportionately.
It is a living document, not a one-off
The single most common mistake is treating Annex IV as a launch checkbox. Article 11 says the file must be kept up to date — every model retrain, dataset change or new deployment context should be reflected. National authorities and notified bodies can ask to see it, and it must be retained for 10 years after the system is placed on the market.
How SetAIComply helps
SetAIComply generates a structured Annex IV file mapped to these nine sections from your system declarations, keeps it versioned as the system changes, and pairs it with the risk management, DPIA and post-market monitoring records the file cross-references — in all 24 EU languages. You can see what each plan includes on the pricing page, and the deadlines behind all of this are covered in our 2027–2028 deadlines guide.
Start with your risk tier
You only need an Annex IV file if your system is high-risk — so the first step is knowing where you stand. The free EU AI Act Snapshot returns your risk classification and likely documentation gaps in about two minutes, with no signup.