In our previous article, we explained what Article 12 requires — the three purposes of logging, the role responsibilities, the biometric exception, and the unresolved GDPR tension. Now the question is: how do you actually build it? Article 12 is a technical construction requirement. That means the answer is not a document — it is an architecture. In this article, we walk through the complete logging system for TalentMatch AI, layer by layer: from infrastructure through event

Your AI system works. It passes internal tests. Your team is confident. But can you prove — on paper, to a regulator — that it meets every requirement the EU AI Act sets out? That is what Article 11 demands. Not a product description. Not a slide deck. A comprehensive technical documentation that demonstrates compliance with every requirement in Chapter 2 of the AI Act — before your system reaches the market. Article 11 turns your compliance work into evidence. And Annex IV t

In our previous article, we explained what Article 11 requires — the 9 chapters of Annex IV, the SME track, and how the technical documentation connects to almost every other obligation in the AI Act. Now the question is: how do you actually build it? Theory is useful. But when you sit down to create your technical documentation, you need a concrete process — not just a list of requirements. In this article, we walk through the entire documentation process step by step, using

Article 10 in Practice: How to Build Compliant Data Governance for High-Risk AI Article 10 tells you what compliant data governance looks like. But knowing the requirements and actually implementing them are two different things. How do you document design decisions in practice? How do you examine datasets for bias? How do you map your data to the stakeholders it affects? This guide answers those questions with a step-by-step methodology you can follow today. We'll use a runn

Article 10 EU AI Act: Data and Data Governance Explained If Article 9 is the heart of high-risk AI compliance, Article 10 is the bloodstream. It governs everything that flows into your AI system: the data that trains it, validates it, and tests it. Get data governance wrong, and no amount of risk management will save you. Article 10 establishes requirements for data and data governance that apply to all high-risk AI systems — and it's the article with the closest connection t

You've run the analysis. Your AI system is classified as High-Risk . Now what? If you've followed our KI-Verordnung Framework guide, you know the four steps to clarity: 1. Scope Check — Does the AI Act apply? ✓ 2. Risk Classification — What's the risk level? ✓ 3. Role Determination — Provider, Deployer, or both? ✓ 4. Obligations — What must you do? ← You are here For High-Risk AI systems, one of the most critical obligations is Article 9: the Risk Management System (RMS) . In

Policy sent. E-learning completed. Quiz done. And then? Nothing. Or almost nothing. The policy sits unread in the inbox. The quiz gets clicked through in under three minutes. And the next day, everything continues exactly as before. This is not a fictional scenario. Research published in the Compliance Manager confirms what many practitioners already sense: employees forget up to 80% of what they learn in one-off training sessions within just a few days. The result is high e

180 pages. 113 articles. And if you're building a High-Risk AI system, Article 9 might be the most important one you need to understand. Why? Because Article 9 doesn't ask you to tick a box once. It requires you to build and maintain a Risk Management System (RMS) — a continuous, adaptive process that spans the entire lifecycle of your AI system. If Article 50 is about transparency (telling people they're interacting with AI), Article 9 is about responsibility: systematicall