What is Annex IV of the EU AI Act?

Annex IV is the part of the EU AI Act that specifies the technical documentation a provider of a high-risk AI system must draw up before the system is placed on the market. It lists the minimum content the technical file must contain — from a general description of the system to its risk management and post-market monitoring plan — and is the core evidence examined during conformity assessment.

Who has to prepare Annex IV documentation?

The provider of a high-risk AI system — the organisation that develops the system (or has it developed) and places it on the EU market under its own name or trademark — must prepare and keep the Annex IV technical documentation. Deployers do not prepare it, but they rely on the provider's instructions for use, which are derived from it.

How long must Annex IV documentation be kept?

The technical documentation, along with the EU declaration of conformity, must be kept for ten years after the high-risk AI system is placed on the market or put into service, and made available to national competent authorities on request.

Can SMEs provide simplified Annex IV documentation?

Yes. The EU AI Act directs the Commission to provide a simplified technical documentation form for SMEs and start-ups. Smaller providers may use this simplified form, provided it still contains all the information required by Annex IV and gives authorities and notified bodies what they need to assess conformity.

What is the difference between Annex IV and the instructions for use?

Annex IV technical documentation is the internal, comprehensive evidence file the provider keeps for regulators. The instructions for use (Article 13) are the outward-facing document given to deployers, explaining how to operate the system safely, its capabilities and limitations, and the human-oversight measures. The instructions are derived from the technical documentation but are not the same thing.

EU AI Act Annex IV Technical Documentation: Full Guide 2026

Why Annex IV Is the Heart of Compliance

For a high-risk AI system, Annex IV technical documentation is the compliance evidence. The conformity assessment examines it, the regulator requests it, and the EU declaration of conformity rests on it. If your documentation is thin, your compliance is thin — no amount of good engineering rescues a missing technical file. The good news is that Annex IV is a defined list, so you always know what “done” looks like.

The Nine Content Areas of Annex IV

1. General description of the system. Its intended purpose, the provider, versions, how it interacts with hardware or other software, the forms in which it is placed on the market, and the hardware it runs on. This is the orientation section a regulator reads first.

2. Detailed description of the elements and development process. The methods and steps used to develop the system, design choices and rationale, system architecture, computational resources, data requirements, human-oversight measures, and pre-determined changes. This is the largest and most technical section.

3. Monitoring, functioning and control. The system's capabilities and limitations, expected accuracy for specific persons or groups, foreseeable unintended outcomes and risks to health, safety, and fundamental rights, and the human-oversight measures and technical measures that mitigate them.

4. Performance metrics. A description of the appropriateness of the performance metrics used, and the system's accuracy, robustness, and cybersecurity.

5. Risk management system. A detailed description of the Article 9 risk management system — how risks are identified, evaluated, and mitigated across the lifecycle.

6. Lifecycle changes. A description of relevant changes made through the system's lifecycle, so that the documentation stays a living record rather than a launch snapshot.

7. Standards applied. A list of the harmonised standards applied in full or in part, and where they were not applied, a description of the solutions adopted to meet the requirements.

8. EU declaration of conformity. A copy of the signed declaration of conformity for the system.

9. Post-market monitoring plan. A detailed description of the system in place to evaluate the system's performance in the post-market phase, in line with Article 72.

A Practical Build Order

Annex IV is listed as a content specification, but you do not have to write it in that order. The most efficient sequence starts with the general description (section 1), because it forces clarity on intended purpose — which drives everything downstream. Then build the risk management system (section 5) and the development description (section 2) in parallel, since they share inputs. Performance metrics and the monitoring/control narrative (sections 3 and 4) follow naturally from testing. Standards (section 7), the declaration (section 8), and the post-market plan (section 9) come last, once the substance is settled. Treat lifecycle changes (section 6) as an ongoing log from day one.

Common Mistakes to Avoid

The two failures regulators see most are snapshot documentation — a file written at launch and never updated, which breaks section 6 immediately — and narrative without evidence, where the file asserts the system is accurate and robust but contains no test results, datasets descriptions, or metrics to back it up. Annex IV rewards traceability: every claim should point to an artefact. The third common gap is forgetting the post-market monitoring plan, which is genuinely required content, not an optional extra.

Make It Easier

GeraCompliance provides an Annex IV technical documentation template structured around these nine sections, so you fill in evidence rather than design a document from scratch. Pair it with the conformity assessment guide and the compliance checklist to keep the whole high-risk programme on track. For a deadline build, the AI Act sprint assembles an assessment-ready Annex IV file in days.

EU AI Act Annex IV Technical Documentation: Full Guide