Does EU AI Act require Risk Assessment?

European Union • phased enforcement

Yes — 1 provision

Requirements at a glance

This regulation imposes 9 specific requirements for Risk Assessment across 1 provision:

Risk Management (Article 9) #

Obligation:
Risk Assessment
enacted
Effective:
Dec 2, 2027
Risk tier:
high-risk
Scope:
providers

Requirements

RequirementDetails
Risk management systemEstablish and maintain throughout AI lifecycle (Article 9(1))
Identify and analyzeIdentify known and reasonably foreseeable risks to health, safety, and fundamental rights during intended use (Article 9(2)(a))
Estimate and evaluateEstimate and evaluate risks that may emerge under intended use and reasonably foreseeable misuse conditions (Article 9(2)(b))
Post-market evaluationEvaluate risks based on data from post-market monitoring (Article 9(2)(c))
Risk mitigationTake appropriate and targeted mitigation measures addressing identified risks (Article 9(2)(d))
Design-based reductionEliminate or reduce risks through adequate design and development where technically feasible (Article 9(5)(a))
Residual riskEnsure residual risk associated with each hazard and overall residual risk is judged acceptable (Article 9(5))
TestingTest to identify appropriate risk management measures and ensure consistent performance and compliance; tested against prior defined metrics and probabilistic thresholds (Article 9(6)-(8))
Continuous monitoringOngoing performance monitoring throughout the system lifecycle

Penalties

ViolationFine
High-risk non-complianceUp to EUR 15M or 3% global turnover
View full regulation View obligation Obligation matrix