What is an obligation matrix?
An obligation matrix translates the combination of risk classification and actor role into concrete, actionable obligations for a specific AI system. It maps what the organisation must do, what evidence is required for each obligation, what the current evidence state is, and who is responsible for completion.
It is the bridge between knowing the risk class and doing something about it. Without an obligation matrix, risk classification is a label without operational consequence.
Key points
- The matrix connects classification to action. For each obligation area — transparency, human oversight, data governance, risk management, technical documentation — it shows what evidence is needed and what state it is in.
- Obligations differ by actor role. A provider's obligations under Art. 9–15 are different from a deployer's under Art. 26. The matrix must reflect the correct set for each system.
- Evidence states matter: complete, partial, missing, unclear, and documented-not-applicable are all distinct governance states that the matrix must track.
- The matrix feeds into approval: a supervisor cannot meaningfully approve a system without seeing which obligations are met, which are open, and which have been reviewed as not applicable.
- The matrix is dynamic. When re-screening changes the risk classification or actor role, the obligation set must update accordingly.
Why it matters
Many organisations classify their AI systems but stop before mapping obligations. They know a system is high-risk but cannot show which specific obligations apply, what evidence exists for each, and who is responsible for completion. The obligation matrix closes this gap — it transforms classification into an actionable governance structure that drives evidence completion, task assignment, and approval readiness.
How EAB approaches this
EAB's Obligation Matrix automatically maps obligations based on screening result and actor role. Each obligation is linked to evidence requirements with real-time status tracking. Applicability Documentation governs non-applicable obligations. The matrix feeds directly into Supervisor Approval as the evidence basis for the governance decision.