EU AI Act Article 9: risk management, line by line

01 · § 9(1) · ESTABLISH

The four operative verbs.

A risk management system shall be established, implemented, documented and maintained in relation to high-risk AI systems. Regulation (EU) 2024/1689 · Article 9(1) · 13 June 2024

One sentence. Four verbs. Each carries its own evidence burden, and a regulator examining a provider under Article 21 can ask for proof of any one of them in isolation.

Established is the act of bringing the risk management system into existence with a defined scope. The provider must be able to point to a date on which the RMS for a given system was first stood up, and to the document of authority that constituted it. Implemented is the operational layer. The procedures named in the document must run in the organisation, with named owners and a defined cadence. Documented is the artefact layer. The RMS exists in writing, the writing is current, and the writing is producible on request. Maintained is the temporal layer. The RMS does not stop at first deployment. It runs across the lifetime of the system.

Article 9(1) does not say the RMS must be perfect. It says it must exist, run, be written down, and keep running. An undocumented risk register held in a senior engineer's head fails the third verb. A documented register that has not been updated since the model went into production fails the fourth.

"Four verbs. Four evidence burdens. A regulator can demand proof of any one in isolation."Warrant Compliance · 2026-05-11

02 · § 9(2) · FOUR STEPS

The four-step process and the lifecycle clause.

The risk management system shall be understood as a continuous iterative process planned and run throughout the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating. It shall comprise the following steps:

(a) the identification and analysis of the known and the reasonably foreseeable risks that the high-risk AI system can pose to health, safety or fundamental rights when the high-risk AI system is used in accordance with its intended purpose;

(b) the estimation and evaluation of the risks that may emerge when the high-risk AI system is used in accordance with its intended purpose, and under conditions of reasonably foreseeable misuse;

(c) the evaluation of other risks possibly arising, based on the analysis of data gathered from the post-market monitoring system referred to in Article 72;

(d) the adoption of appropriate and targeted risk management measures designed to address the risks identified pursuant to point (a). Regulation (EU) 2024/1689 · Article 9(2) · 13 June 2024

The opening clause carries more weight than the four sub-points it introduces. Continuous iterative process planned and run throughout the entire lifecycle rules out the most common compliance pattern in 2025 and 2026: a one-time risk assessment performed before launch, archived in a SharePoint folder, and consulted again only when a regulator asks. The text does not allow for that pattern.

Continuous means the process runs at all times, not at intervals. Iterative means the output of each cycle feeds the next. Planned and run throughout the entire lifecycle means from the moment intended purpose is fixed through to the moment the last instance of the system is withdrawn from service. Regular systematic review and updating implies a defined cadence, defined owners, and defined triggers for off-cadence review.

The four steps then describe the substantive content of each iteration. They are not optional. They are not in priority order. They run in sequence and they run again.

9(2)(a)

Identification and analysis of known and reasonably foreseeable risks to health, safety or fundamental rights, under intended purpose. SCOPE · the three protected interests are statute-defined. Fundamental rights imports the Charter of Fundamental Rights of the European Union and is broader than the protected categories most engineering teams reach for.

9(2)(b)

Estimation and evaluation of risks that may emerge under intended purpose plus reasonably foreseeable misuse. SCOPE · misuse is defined at Article 3(13). The standard is foreseeability, not certainty. The provider cannot avoid the duty by saying the operator was not supposed to use the system that way.

9(2)(c)

Evaluation of other risks possibly arising from post-market monitoring data per Article 72. SCOPE · this is the closed-loop step. The output of Article 72 is the input to 9(2)(c). A risk register that does not ingest production telemetry fails this clause.

9(2)(d)

Adoption of measures appropriate and targeted, designed to address the risks identified pursuant to point (a). SCOPE · measures must be both appropriate to the risk and targeted at the specific identified risk. A blanket disclaimer is neither appropriate nor targeted.

The four steps form a register, an evaluation, a feedback channel, and a treatment plan. Together they constitute the substance of the risk management system. The continuous iterative clause then governs how often each step runs.

03 · § 9(3) · REASONABLY MITIGATED

The boundary on what risks the article reaches.

The risks referred to in this Article shall concern only those which may be reasonably mitigated or eliminated through the development or design of the high-risk AI system, or the provision of adequate technical information. Regulation (EU) 2024/1689 · Article 9(3) · 13 June 2024

Paragraph 3 narrows the scope of paragraph 2. Article 9 is not a duty to manage every conceivable risk a high-risk AI system might raise. It is a duty to manage those that the provider can reasonably reach through one of three levers: development, design, or technical information.

The first two levers are obvious. Build the system differently. Design the input pipeline differently. The third is more subtle. Adequate technical information reaches forward into Article 13 and the instructions for use. Where a risk cannot be eliminated in the artefact, the provider may discharge the Article 9 duty by communicating the risk and the mitigations clearly enough that a competent deployer can manage it. The lever shifts from product to documentation, but the duty remains the provider's.

What paragraph 3 does not do: it does not licence the provider to declare a risk unreachable simply because reaching it is expensive or commercially inconvenient. The standard is reasonably mitigated, which is a proportionality standard that imports cost, technical feasibility, and the severity of the underlying risk. Severity scales the duty. A risk to fundamental rights at the high end of the severity spectrum imports a higher reasonableness threshold than a risk to operational performance at the low end.

04 · § 9(4) · COMBINED APPLICATION

The interaction with the rest of Section 2.

The risk management measures referred to in paragraph 2, point (d), shall give due consideration to the effects and possible interaction resulting from the combined application of the requirements set out in this Section, with a view to minimising risks more effectively while achieving an appropriate balance in implementing the measures to fulfil those requirements. Regulation (EU) 2024/1689 · Article 9(4) · 13 June 2024

Paragraph 4 is the integration clause. This Section is Section 2 of Chapter III, which contains Articles 8 through 15. Those articles run in sequence: requirements (8), risk management (9), data and data governance (10), technical documentation (11), record-keeping (12), transparency and information to deployers (13), human oversight (14), and accuracy, robustness and cybersecurity (15). They are not silos. They are facets of the same compliance posture, and paragraph 4 says the risk management measures must take their interaction into account.

The practical reading: a risk management measure adopted under 9(2)(d) cannot be evaluated only against the specific risk it targets. It must also be evaluated against its effect on the other Section 2 obligations. A measure that improves robustness under Article 15 by aggressive input filtering may degrade transparency under Article 13. A measure that improves human oversight under Article 14 by inserting a manual review step may slow throughput in a way that defeats the intended purpose declared under Article 9(2)(a).

Paragraph 4 does not resolve those tradeoffs. It requires the provider to make them visibly, with the interaction documented and the balance argued. The risk management system must be able to show its work on tradeoffs across the whole of Section 2, not only on the risk it is treating.

05 · § 9(5) · RESIDUAL RISK

Residual risk acceptability and the three measures.

The risk management measures referred to in paragraph 2, point (d), shall be such that the relevant residual risk associated with each hazard, as well as the overall residual risk of the high-risk AI systems is judged to be acceptable. In identifying the most appropriate risk management measures, the following shall be ensured:

(a) elimination or reduction of risks identified and evaluated pursuant to paragraph 2 in as far as technically feasible through adequate design and development of the high-risk AI system;

(b) where appropriate, implementation of adequate mitigation and control measures addressing risks that cannot be eliminated;

(c) provision of information required pursuant to Article 13 and, where appropriate, training to deployers. With a view to eliminating or reducing risks related to the use of the high-risk AI system, due consideration shall be given to the technical knowledge, experience, education, the training to be expected by the deployer, and the presumable context in which the system is intended to be used. Regulation (EU) 2024/1689 · Article 9(5) · 13 June 2024

Paragraph 5 sets the substantive test for risk management measures. Two thresholds, two operands.

The first threshold is relevant residual risk associated with each hazard. Per-hazard, after measures, the residual must be acceptable. The second threshold is overall residual risk. Across the whole system, the total residual must also be acceptable. A provider cannot pass the first test by treating each hazard in isolation while the cumulative effect of those treatments still leaves the system unsafe overall. The two thresholds run together.

The text does not define acceptable. The acceptability judgement is the provider's, made in light of the intended purpose, the protected interests under 9(2)(a), and the reasonableness boundary under 9(3). The conformity assessment under Article 43 then validates that judgement. Where a notified body is engaged, the body examines the residual-risk reasoning. Where self-assessment applies, the provider must be ready to defend the reasoning to a national competent authority.

The three sub-points in 9(5) form a hierarchy. Eliminate or reduce through design comes first. Mitigate and control what cannot be eliminated comes second. Inform and train deployers comes third. The order is statutory. A provider whose primary mitigation is a warning in the user manual, where elimination through design was technically feasible, has inverted the hierarchy and fails the test in 9(5)(a).

Sub-point 9(5)(c) imports Article 13 by reference. The information required pursuant to Article 13 includes the instructions for use, the characteristics of the system, the human-oversight measures under Article 14, and the expected lifetime and maintenance measures. The cross-reference matters: a deficient Article 13 instruction set is not only an Article 13 failure, it is also a 9(5)(c) failure, because the residual-risk argument relies on the deployer being adequately informed.

06 · § 9(6) · TESTING

Testing for the purpose of identifying measures.

High-risk AI systems shall be tested for the purpose of identifying the most appropriate and targeted risk management measures. Testing shall ensure that high-risk AI systems perform consistently for their intended purpose and that they are in compliance with the requirements set out in this Section. Regulation (EU) 2024/1689 · Article 9(6) · 13 June 2024

Paragraph 6 ties testing to the risk management process. Testing under Article 9 has a defined purpose: identify the most appropriate and targeted measures. It is not testing for its own sake, and it is not the model-evaluation testing that an ML team runs to satisfy itself that a model is good. It is testing scoped to inform the risk register and the measures attached to that register.

The second sentence widens the purpose. Testing must also ensure consistent performance under intended purpose, and compliance with the whole of Section 2. Consistent performance is not statistical accuracy alone. It includes stability across runs, across operating conditions defined in the intended purpose, and across the deployment population the provider has anticipated. A model that performs at 95 percent accuracy on average but degrades sharply for a subpopulation identified in the intended purpose has not been tested for consistent performance.

07 · § 9(7) · REAL-WORLD TESTING

Testing in real-world conditions under Article 60.

Testing procedures may include testing in real-world conditions in accordance with Article 60. Regulation (EU) 2024/1689 · Article 9(7) · 13 June 2024

Paragraph 7 is short and operates as a permission, not a mandate. The provider may include real-world testing in the testing procedures, and where it does, Article 60 governs the conditions.

Article 60 sets out a substantial procedural regime: a real-world testing plan filed with the relevant market surveillance authority, informed consent of subjects where applicable, registration in the EU database, statistical safeguards, suspension powers, and time limits. Real-world testing is permitted but it is gated. The default is testing in controlled conditions; real-world testing is the exception requiring justification.

The cross-reference matters operationally. A provider that runs A/B experiments on production users without filing the Article 60 plan is, on most readings, conducting unauthorised real-world testing. The line between routine production rollout and Article 60 testing is whether the deployment is being used to inform the risk management system under 9(6). Where it is, Article 60 attaches.

08 · § 9(8) · METRICS + THRESHOLDS

Testing throughout development against prior defined metrics.

The testing of high-risk AI systems shall be performed, as appropriate, at any time throughout the development process, and, in any event, prior to their being placed on the market or put into service. Testing shall be carried out against prior defined metrics and probabilistic thresholds that are appropriate to the intended purpose of the high-risk AI system. Regulation (EU) 2024/1689 · Article 9(8) · 13 June 2024

Paragraph 8 carries two distinct rules. The first is temporal. Testing happens throughout development, and at minimum before placing on the market or putting into service. The second is methodological. Testing is against prior defined metrics and probabilistic thresholds appropriate to the intended purpose.

The temporal rule rules out testing only at the gate. A provider that runs the full test suite once, on the eve of conformity assessment, satisfies the second clause but not the first. Testing must occur throughout development, which implies at design milestones, after data changes, after model retraining, and after architectural changes.

The methodological rule is the more demanding of the two. Prior defined means the metrics and thresholds are fixed before the test runs. A provider cannot pick the metric after seeing the result. Probabilistic thresholds imports statistical reasoning into the test design. A pass-fail boundary on a deterministic metric is not enough. The provider must define what level of confidence at what threshold constitutes a pass, and must be able to defend that confidence level as appropriate to the intended purpose.

The Commission has not, as of May 2026, published a definitive metric catalogue for any high-risk system class. The harmonised standards under Article 40, currently being developed under CEN-CENELEC mandate M/593, are expected to fill that gap. Pending those, providers are reaching for ISO/IEC 23894:2023 procedural guidance and the substantive metrics implied by Article 15: accuracy, robustness, and cybersecurity. The defensible posture in 2026 is to document the metric, document why the threshold was chosen, document when the threshold was set, and ensure all three precede the test run.

09 · § 9(9) · MINORS

Minors and other vulnerable groups.

When implementing the risk management system as provided for in paragraphs 1 to 7, providers shall give consideration to whether in view of its intended purpose the high-risk AI system is likely to have an adverse impact on persons under the age of 18 and, as appropriate, other vulnerable groups. Regulation (EU) 2024/1689 · Article 9(9) · 13 June 2024

Paragraph 9 is a consideration duty rather than a substantive prohibition. The provider must consider whether the system is likely to have an adverse impact on persons under 18, and on other vulnerable groups as appropriate. The output of that consideration then feeds the risk management measures under 9(2)(d) and the residual-risk acceptability test under 9(5).

The age-18 line is fixed by the article. Other vulnerable groups is open-ended. Recital 56 and related recitals identify persons in vulnerable positions due to socioeconomic situation, disability, or membership in groups historically subject to discrimination as candidates. The judgement is the provider's, made in light of the intended purpose and the deployment context.

Two things to note about the scope. First, paragraph 9 reaches systems that are not specifically designed for minors. The test is not whether the system is targeted at children but whether it is likely to have an adverse impact on them. A general-population recruitment screening system that may be used to evaluate apprenticeship candidates falls inside the consideration. Second, paragraph 9 interacts with the prohibitions in Article 5(1)(b), which prohibits AI systems that exploit vulnerabilities of a specific group due to their age. Article 9(9) does not displace Article 5; it operates alongside it for systems that are not prohibited but raise the consideration.

10 · § 9(10) · OTHER UNION LAW

Combining the RMS with existing risk procedures.

For providers of high-risk AI systems that are subject to requirements regarding internal risk management processes under other relevant provisions of Union law, the aspects provided in paragraphs 1 to 9 may be part of, or combined with, the risk management procedures established pursuant to that law. Regulation (EU) 2024/1689 · Article 9(10) · 13 June 2024

Paragraph 10 permits integration. Providers already running risk management procedures under other Union law, including the Capital Requirements Regulation for credit institutions, the Medical Device Regulation for medical devices, Solvency II for insurance undertakings, and the Digital Operational Resilience Act for financial entities, may incorporate the Article 9 obligations into those existing procedures rather than running a parallel regime.

The permission is not a presumption of conformity. The provider does not satisfy Article 9 by pointing to a CRR risk function. The provider satisfies Article 9 by showing that the integrated procedure substantively covers the four-step process under 9(2), the residual-risk acceptability test under 9(5), the testing regime under 9(6) to (8), and the consideration duty under 9(9). Where the existing procedure does not cover an Article 9 aspect, the provider must extend the procedure to cover it.

Paragraph 10 also distinguishes Article 9 from Article 17. Article 17 governs the quality management system as an organisational regime, and Article 17(1)(g) names the risk management system as a required component. A provider integrating Article 9 with a CRR risk function under paragraph 10 still has to integrate that combined function into the Article 17 QMS. The integration permitted by 9(10) is at the procedural level. The integration required by 17(1)(g) is at the organisational level.

11 · CROSS-REFERENCE WEB

The articles that plug into Article 9.

Article 9 does not stand alone. The risk management system is the procedural layer through which the substantive obligations of the high-risk regime reach the production system. The cross-references are explicit in the text and operationally consequential.

Art. 10

Data and data governance. Training, validation and testing data must satisfy quality criteria. The data risks identified under 10(3) feed Article 9(2)(a) and must be evaluated under 9(2)(b). OPERATIONAL · a data quality issue surfaced under Article 10 is not a separate compliance ticket; it is a risk register entry under Article 9.

Art. 11

Technical documentation. Annex IV(2)(g) requires the technical documentation to include detailed information about the risk management system per Article 9. The RMS is itself a documented input to the conformity assessment. OPERATIONAL · Article 9 generates the substance; Article 11 generates the static record of that substance for conformity assessment under Article 43.

Art. 12

Record-keeping. Automatic event logs over the lifetime of the system. Article 9(2)(c) relies on the data those logs surface, channelled through the post-market monitoring system under Article 72. OPERATIONAL · the runtime evidence stream feeds the risk register. A logging gap is a 9(2)(c) gap.

Art. 13

Transparency and information to deployers. Article 9(5)(c) imports Article 13 by reference. Information adequacy is part of the residual-risk acceptability argument. OPERATIONAL · a deficient instruction set is both an Article 13 failure and an Article 9(5)(c) failure.

Art. 14

Human oversight. Oversight measures are themselves risk management measures under 9(2)(d). The interaction is governed by 9(4). OPERATIONAL · oversight design and risk management design cannot be done in separate workstreams.

Art. 15

Accuracy, robustness and cybersecurity. The substantive performance properties whose thresholds Article 9(8) requires the provider to test against. OPERATIONAL · Article 15 supplies the metric vocabulary; Article 9(8) supplies the testing discipline.

Art. 17

Quality management system. Article 17(1)(g) requires the QMS to include the risk management system referred to in Article 9. OPERATIONAL · the RMS sits inside the QMS. The QMS sits inside the organisation. A provider's compliance regime is layered, not flat.

Art. 60

Testing in real-world conditions. Article 9(7) cross-refers. Where real-world testing is included in the Article 9 testing procedures, Article 60 governs the conditions. OPERATIONAL · A/B production experiments that inform the RMS are Article 60 testing and require the corresponding plan.

Art. 72

Post-market monitoring system. Article 9(2)(c) explicitly cross-refers. Article 72 generates the data that 9(2)(c) requires the provider to evaluate. OPERATIONAL · the post-market monitoring system and the risk management system are two ends of the same closed loop.

Art. 73

Reporting of serious incidents. Serious incidents reported under Article 73 trigger an off-cadence iteration of the Article 9 process. The risk register is updated and the measures are reconsidered. OPERATIONAL · a serious incident is also a forcing function for the next 9(2)(c) cycle.

The shape of the web matters. Articles 10 to 15 supply the substance the risk management system must address. Article 17 supplies the organisational wrapper. Articles 60, 72 and 73 supply the inputs that keep the system iterating. Article 11 captures the static record of the lot for conformity assessment. Article 9 is the verb at the centre.

12 · FIELD MAPPING

Where Warrant maps Article 9.

Warrant produces an evidence package per agent execution trace. The fields below show where each Article 9 clause attaches to the evidence record, so a regulator examining a Warrant package under Article 21 can step from clause to clause without leaving the document.

Article 9 clause	What evidence must show	Warrant evidence field
9(1)	RMS exists and is maintained for this system over its lifecycle.	metadata.rms_id
9(2)(a)	Identified and analysed risks to health, safety, fundamental rights under intended purpose.	metadata.rms_risk_register
9(2)(b)	Estimated and evaluated risks per use case, including reasonably foreseeable misuse.	trace.actions[].risk_estimation
9(2)(c)	Post-market monitoring loop is fed and produces an evaluated input to the register.	metadata.pmm_loop_id
9(2)(d)	Adopted appropriate and targeted risk-management measures per decision.	trace.actions[].risk_measures
9(4)	Combined application of Section 2 requirements considered for each measure.	metadata.section2_interaction_notes
9(5)	Residual risk acknowledged, judged acceptable, and communicated to the deployer.	metadata.residual_risk_disclosure
9(6) to (8)	Tested against preliminarily defined metrics and probabilistic thresholds.	metadata.test_metrics_baseline
9(9)	Considered impact on minors and other vulnerable groups, with reasoning.	metadata.vulnerable_groups_consideration
9(10)	Where integrated with sectoral risk procedures, the integration is documented.	metadata.sectoral_rms_integration

Sample EU evidence package · Warrant registerINDEPENDENTLY VERIFIABLE

→ /v/7de85ceaeac42a47

13 · FAQ

Questions a compliance officer asks first.

What is the difference between an Article 9 risk management system and an Article 17 quality management system?

Article 9 governs how the provider identifies, evaluates and treats risk to health, safety and fundamental rights specific to a single high-risk AI system over its lifecycle. Article 17 governs the provider's overarching quality management system as a written organisational regime covering compliance strategy, design controls, data management, post-market monitoring and accountability. Article 17(1)(g) names the risk management system explicitly as a required component of the QMS, so an Article 9 RMS sits inside an Article 17 QMS. The Article 9 RMS is a per-system process. The Article 17 QMS is an organisation-wide regime.

How does Article 9(2)(c) loop in post-market monitoring data?

Article 9(2)(c) requires the evaluation of other risks possibly arising, based on the analysis of data gathered from the post-market monitoring system referred to in Article 72. Article 72 then requires the provider to establish and document a post-market monitoring system proportionate to the nature of the AI technologies and the risks. The output of Article 72 is the input to Article 9(2)(c). The two articles describe one closed loop. A risk register that is not updated from production telemetry fails 9(2)(c). The frequency of the update is not statutory but the continuous iterative clause in 9(2) implies a cadence aligned to the rate at which the post-market monitoring data changes the risk picture.

What metrics and probabilistic thresholds satisfy Article 9(8)?

Article 9(8) requires testing against prior defined metrics and probabilistic thresholds appropriate to the intended purpose. The Commission has not published a definitive metric list. The standards-side answer is the harmonised standards adopted under Article 40, currently developed under CEN-CENELEC mandate M/593. Pending those, providers reach for Article 15 (accuracy, robustness, cybersecurity), the joint research output of the AI Office, and ISO/IEC 23894:2023 on AI risk management. Whatever metrics a provider picks, they must be defined before the test, not after. The defensible posture is to document the metric, document why the threshold was chosen, document when the threshold was set, and ensure all three precede the test run.

Does Article 9 apply to general-purpose AI model providers?

Article 9 sits in Section 2 of Chapter III, which scopes to high-risk AI systems. General-purpose AI model providers carry their own risk-management obligations under Articles 53 and 55, which are similar in spirit but procedurally distinct. A general-purpose AI model integrated into a high-risk AI system is pulled into the Article 9 perimeter through the integrating provider, who must extend the risk management system to cover the model's contribution to system-level risk. The Code of Practice for general-purpose AI models published by the AI Office in 2025 sets out voluntary measures the model provider may take to facilitate the integrating provider's Article 9 obligations.

Can a single risk management system cover multiple high-risk AI systems?

Article 9(1) binds the RMS in relation to high-risk AI systems, plural in the regulation but singular in practice for any one risk register. A provider may run one organisational RMS covering multiple systems where the systems share architecture, training data, deployment context and intended purpose. The discipline is per-system traceability of identified risks, evaluation outcomes, and adopted measures. A pooled RMS that cannot answer which risks were evaluated for which system fails the documentation test in 9(1). The clean pattern is one RMS framework at the organisational level, instantiated per system in the technical documentation lodged under Article 11.

What does reasonably foreseeable misuse capture in Article 9(2)(b)?

Article 3(13) defines reasonably foreseeable misuse as the use of an AI system in a way that is not in accordance with its intended purpose, but which may result from reasonably foreseeable human behaviour or interaction with other systems, including other AI systems. The test is not actual observed misuse but misuse that the provider should have anticipated. A recruitment screening system whose intended purpose is shortlisting must contemplate operators using its scores as final hire-or-reject signals. A medical triage model must contemplate clinicians substituting its output for clinical judgement. The threshold is foreseeability, not certainty. The interaction-with-other-systems clause is an important addition: a provider must contemplate misuse arising from the system being chained into a larger pipeline it was not designed for.

How does Article 9(9) on minors interact with GDPR Articles 8 and 22?

Article 9(9) is a sector-neutral consideration duty. The provider must consider whether the system is likely to have an adverse impact on persons under 18 and other vulnerable groups. GDPR Article 8 governs lawful basis for child consent in information society services. GDPR Article 22 governs the right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects. Where the high-risk AI system processes children's personal data and produces decisions caught by Article 22, all three apply in parallel. Article 9(9) compliance is necessary but not sufficient for GDPR compliance and the converse holds. The clean pattern is a single risk register that flags each clause separately, so a regulator examining the system under either regime can see the cross-reference.

What is the relationship between Article 9 and ISO/IEC 23894:2023 on AI risk management?

ISO/IEC 23894:2023, Information technology, Artificial intelligence, Guidance on risk management, adapts ISO 31000:2018 to AI systems. It is a voluntary international standard, not a harmonised standard under Article 40 of the AI Act, and conformity with it does not by itself produce a presumption of conformity with Article 9. It does provide structured language for risk identification, analysis, evaluation and treatment that maps cleanly onto Article 9(2)(a) to (d). Most providers building an Article 9 RMS in 2026 are using 23894 as the procedural backbone and tightening it where Article 9 is more specific, particularly on residual-risk acceptability under 9(5) and on testing under 9(6) to (8). The harmonised standards under Article 40 and CEN-CENELEC mandate M/593 are expected to formalise the connection over time.

14 · READ THE SOURCE

Read the source directly.

Authored by Warrant Compliance, the regulatory-analysis function at Warrant. [email protected]. Editorial commentary on regulatory text. Not legal advice. The verbatim quotations of Article 9 reflect the official English-language text of Regulation (EU) 2024/1689 as published in the Official Journal of the European Union on 12 July 2024.