
Annex III Classification
Auto-classify every AI system against Annex III categories with audit trail.
Article 11 Documentation
Technical documentation captured continuously per high-risk system - not reconstructed.
Article 73 Incident Reporting
Serious-incident workflows aligned to the regulatory timelines.
Article 71 EU Database
Evidence package ready for EU database registration per high-risk system.
Article 6(3) Exception Path
Document the exception case against the 19 May 2026 Commission guidelines.
Omnibus Readiness
Article 5 transparency + watermarking obligations live in the platform from Dec 2026.
From risk classification to post-market monitoring - Enzai operationalizes EU AI Act compliance.
What EU AI Act compliance actually requires, by article and obligation type
The EU AI Act creates obligations that fall into roughly five operational categories. Each maps to specific articles and to specific work your team has to do - not in theory, but in practice:
Risk classification (Article 6 + Annex III). Every AI system in scope has to be classified - prohibited, high-risk, limited-risk, or minimal-risk. High-risk classification triggers most of the rest of the obligations. The Article 6(3) exception path is narrower than most teams assumed; the 19 May 2026 Commission draft guidelines reduce the exception further by clarifying what "substantially influence" means in practice.
Technical documentation (Article 11 + Annex IV). Per high-risk system: documented system purpose, training-data provenance, validation procedures, risk-management evidence, monitoring outputs, human-oversight mechanism. Continuously maintained, not reconstructed at audit.
Risk and quality management (Articles 9 + 17). Risk-management system + quality-management system operating continuously across the AI lifecycle, with documented review cycles.
Post-market monitoring + incident reporting (Articles 72 + 73). Active monitoring of high-risk systems after deployment; serious incidents reported to authorities within mandated timelines.
Transparency obligations (Article 50 + new Article 5 prohibitions). AI systems that interact with people, generate synthetic content, or produce deepfakes carry transparency obligations. Two new Article 5 prohibitions added by the Digital Omnibus effective 2 December 2026: AI-generated non-consensual intimate imagery, and mandatory watermarking of AI-generated output.
Obligation | Provider | Deployer |
|---|---|---|
Risk classification | Primary | Verify + apply intended use |
Technical documentation (Annex IV) | Primary | Maintain operational records |
Risk + quality management | Primary | Operate within provider's scope |
Post-market monitoring | Required | Required (within deployer scope) |
Incident reporting (Article 73) | Required | Required |
EU database registration (Article 71) | Required | N/A |
Article 50 transparency | Triggered by system type | Triggered by deployment context |

私たちは、お客様が答えを見つけるお手伝いをします
When does the EU AI Act apply to our organisation?
The EU AI Act applies if you place AI systems on the EU market, put them into service in the EU, or use AI systems in the EU as a deployer. Non-EU organisations are in scope if the AI system's output is used in the EU.
What changed with the May 2026 Article 6(3) guidelines?
What are the new Article 5 prohibitions in the Digital Omnibus?
What evidence does Article 11 documentation require?
How does Enzai handle Article 71 EU database registration?
What happens when Commission guidance moves?
24時間以内にご連絡いたします
さらなるソリューション
私たちの製品スイート
組織がAIを採用し、管理し、監視する能力を、企業レベルの信頼性で強化します。規模で運営する規制対象の組織向けに構築されています。












