EveryAILaw.comDoes EU AI Act require Risk Assessment?
European Union • phased enforcement
Yes — 1 provision
Requirements at a glance
This regulation imposes 9 specific requirements for Risk Assessment across 1 provision:
- Risk management system — Establish and maintain throughout AI lifecycle (Article 9(1))
- Identify and analyze — Identify known and reasonably foreseeable risks to health, safety, and fundamental rights during intended use and foreseeable misuse (Article 9(2)(a))
- Estimate and evaluate — Estimate and evaluate risks that may emerge under intended use and misuse conditions (Article 9(2)(b))
- Post-market evaluation — Evaluate risks based on data from post-market monitoring (Article 9(2)(c))
- Risk mitigation — Take appropriate and targeted mitigation measures addressing identified risks (Article 9(2)(d))
- Design-based reduction — Eliminate or reduce risks through adequate design and development where technically feasible (Article 9(4)(a))
- Residual risk — Ensure residual risks are judged acceptable (Article 9(4)(b))
- Testing — Test to ensure consistent performance and compliance; test against risk measures (Article 9(5))
- Continuous monitoring — Ongoing performance monitoring throughout the system lifecycle
Risk Management (Article 9) #
Requirements
| Requirement | Details |
|---|---|
| Risk management system | Establish and maintain throughout AI lifecycle (Article 9(1)) |
| Identify and analyze | Identify known and reasonably foreseeable risks to health, safety, and fundamental rights during intended use and foreseeable misuse (Article 9(2)(a)) |
| Estimate and evaluate | Estimate and evaluate risks that may emerge under intended use and misuse conditions (Article 9(2)(b)) |
| Post-market evaluation | Evaluate risks based on data from post-market monitoring (Article 9(2)(c)) |
| Risk mitigation | Take appropriate and targeted mitigation measures addressing identified risks (Article 9(2)(d)) |
| Design-based reduction | Eliminate or reduce risks through adequate design and development where technically feasible (Article 9(4)(a)) |
| Residual risk | Ensure residual risks are judged acceptable (Article 9(4)(b)) |
| Testing | Test to ensure consistent performance and compliance; test against risk measures (Article 9(5)) |
| Continuous monitoring | Ongoing performance monitoring throughout the system lifecycle |
Penalties
| Violation | Fine |
|---|---|
| High-risk non-compliance | Up to EUR 15M or 3% global turnover |