You are responsible for the technical accuracy of the governance record — but nobody has told you exactly what needs to be documented, in what format, or what happens if it is incomplete at audit time.
“Technical documentation that is assembled on request is not a compliance record. It is a reconstruction — and reconstructions have gaps that auditors are trained to find.”
As the AI system owner, your role in EAB begins when the Business Operator hands off a registered system for technical completion. EAB provides a structured, guided documentation flow — architecture, intended purpose, training data sources, testing methodology, performance metrics, human oversight mechanisms, and cybersecurity measures. The structure is derived from EU AI Act obligations, not invented by whoever fills in the form.
When you need operational context that only the Business Operator can provide — the intended deployment scope, the affected user groups, the business function the system serves — you return the record with a documented question. This creates a governed exchange in the audit trail, not an email thread that disappears after the audit. The operator responds, the record is updated, and you continue.
Once you submit the technical profile for screening, it is locked. The Supervisor initiates the screening session against the profile you completed. If the system requires re-screening after a legal change, the original profile is preserved as a version snapshot — you do not start from scratch, you start from what was already governed.
From technical intake to screening-ready profile — structured, attributed, and locked when it matters.
EAB walks you through the structured technical documentation the EU AI Act requires — system architecture, training data sources, testing and validation methodology, performance metrics, and intended deployment context. The fields are derived from the Act, not invented. You know when you are done.
Article 9 requires a documented risk management process for high-risk AI systems. EAB structures the risk management record — identified risks, mitigation measures, residual risk acceptance, and the review cycle. Each entry is attributed to your role and timestamped in the governance record.
When the technical profile requires business context you do not have, you return the record to the Business Operator with a specific documented question. The return is a governance event — logged, attributed, and part of the audit trail. The operator responds in the same record. No email threads. No lost context.
Article 15 requires high-risk AI systems to be resilient against attempts to alter their performance. You document the cybersecurity measures in place — access controls, input validation, adversarial robustness measures, and incident response provisions. These become part of the technical governance record.
Article 14 requires that high-risk AI systems are designed to allow effective human oversight. You document the oversight mechanisms — who can intervene, how outputs are monitored, how the system can be stopped or overridden. These are governance statements, not product features: they belong in the compliance record.
When you submit the technical profile for screening, EAB creates a version snapshot — a sealed copy of the profile as it stood at submission. If the system changes, the original profile is preserved. If re-screening is triggered by a legal change, you start from the last version, not from a blank form.
From technical intake to screening-ready profile — every step structured and attributed.
You receive a notification that the Business Operator has registered a system and handed it off for technical completion. You open the system record and review what the operator has documented — business purpose, deployment context, affected user groups. This context is the foundation for everything you document technically.
You work through the structured technical documentation flow — architecture, training data, testing methodology, performance metrics, cybersecurity measures, human oversight mechanisms, and transparency requirements. EAB guides you through each section. When a field requires business context you do not have, you flag it and send a documented question to the operator.
If you returned the record to the operator, you receive a notification when they respond. You review the answer, update the relevant field, and continue completion. The full exchange — question, response, and field update — is part of the audit trail. When all fields are complete, you mark the profile ready for screening.
You submit the technical profile for screening. EAB creates a version snapshot — the profile is locked at submission. The Supervisor sees the notification and initiates the screening session. Your part is complete. If re-screening is triggered later, the sealed snapshot is the baseline for the new session — not a blank form.
The technical governance record is built once, versioned on submission, and available at every re-screening and audit — without reassembly.
EU-hosted · Anchored to CELEX 32024R1689
Tell us about your organization and what you’re looking to address. We’ll follow up with the relevant information.
