What obligations follow from AI Act risk classification?
Risk classification tells an organization the regulatory direction but not what to do next. The obligations that follow depend on the combination of risk category and actor role. High-risk systems face requirements across risk management, data governance, technical documentation, transparency, human oversight, accuracy and robustness, and conformity assessment.
The translation from classification to concrete obligations is a separate governance step. Many tools stop at producing a risk label without connecting it to what the organization must actually do. That gap is where compliance failures originate.
Key points
- High-risk obligations include risk management (Art. 9), data governance (Art. 10), technical documentation (Art. 11/Annex IV), transparency (Art. 13), human oversight (Art. 14), accuracy and robustness (Art. 15), and conformity assessment.
- Each obligation requires specific evidence. Knowing an obligation exists is not compliance — demonstrating it with structured evidence is.
- Obligations differ by actor role. A provider's documentation obligations differ substantially from a deployer's oversight obligations.
- Some obligations may be not applicable for a specific system — but only after documented review, not by default assumption.
Why it matters
An organization that classifies a system as high-risk but does not map the resulting obligations has completed only half the governance path. Auditors will not ask whether you knew the system was high-risk — they will ask what you did about each obligation, what evidence exists, and who was responsible. The obligation-to-evidence connection is where governance becomes operational.
How EAB approaches this
EAB's Obligation Matrix automatically translates the screening result and actor role into concrete obligation areas. Each obligation is connected to an evidence requirement. Evidence Readiness shows what can be demonstrated and what remains missing. Applicability Documentation handles the structured review of non-applicable obligations.