Written by Ana Carolina Teles, AI & GRC Specialist at Palqee Technologies.
If you've been following our series "Decoding AI: The European Union's Approach to Artificial Intelligence," you're likely aware of the comprehensive regulation that's set to impact the AI market – The EU AI Act.
In this article, we discussed the role of high-risk AI systems in the regulatory landscape. Those who provide such systems have a range of responsibilities, placing a particular emphasis on requirements that need to be in place prior to introducing these systems to the EU market.
Now, as we delve deeper into understanding the requirements for implementing high-risk AI systems under the EU AI Act, this post covers everything you need to know regarding technical documentation.
Before we embark, we recommend accessing the Palqee EU AI Act Framework. Our guide offers a methodical approach to compliance requirements under the AI Act for high-risk AI systems. You can obtain it directly through this link!
The Role of Technical Documentation in the EU AI Act
Technical Documentation, as outlined in the EU AI Act, serves as a thorough record of a high-risk AI system. It provides detailed insights into the system's design, development, validation, and deployment.
Rather than just being a procedural step, this documentation acts as a mechanism to ensure the transparency, traceability, and accountability of these systems. It is essential for both upholding and evidencing compliance with the proposed Act, given that it encompasses the details sought by regulatory authorities and notified bodies.
Technical Documentation Requirements
The below gives you an overview on everything high-risk AI system providers need to have included in their technical documentation according to Article 11 and Annex IV in the EU AI Act:
1. General Description of the AI System
The system's purpose, developers, date, and version.
Interaction capabilities with external hardware or software.
Software or firmware versions and update requirements.
How and where the AI system is introduced to the market.
Visual representations if the AI system is a component of other products.
User instructions and, if applicable, installation guidelines.
2. AI System Development Details
Development methods, including the use of pre-trained systems or third-party tools.
Design specifications outline its core logic, algorithms, and key decisions, encompassing target user demographics, optimisation objectives, and selected approaches.
System architecture describing how software elements interact and combine for overall processing, covering the computational resources employed for the AI system's development, training, testing, and validation.
Data requirements, including training methodologies, data sets, and their origins.
Human oversight measures and technical measures for output interpretation.
Description of planned changes to the AI system's performance if relevant, along with technical solutions to maintain its compliance with Title III, Chapter 2 requirements of the Act.
Validation and testing procedures, metrics, and test reports.
3. Monitoring, Functioning, and Control of the AI System
System capabilities, performance limitations, and accuracy levels.
Potential unintended outcomes and associated risks.
Human oversight measures and technical facilitation for output interpretation.
Input data specifications.
4. Risk Management System
A description in line with Article 9 of the EU AI Act. For more information on the requirements read our article about risk management here.
5. System Lifecycle Changes
Any modifications made to the system during its lifecycle.
6. Standards and Specifications
A list of harmonised standards applied.
If no harmonised standards are applied, the description details solutions chosen to meet high-risk system requirements and other relevant standards used.
7. EU Declaration of Conformity
A copy of the declaration confirming compliance with the EU AI Act.
8. Post-Market AI System Performance Evaluation
A description of the system's evaluation after its introduction to the market, including the post-market monitoring plan referred to in Article 61(3) of the Act.
Efficient Implementation Strategies
To meet these requirements, a holistic approach is important. Organisations should devise strategies that simplify and ensure continuous compliance and documentation for high-risk AI systems. We recommend adopting the following measures:
Centralised Repository: Establish a centralised storage platform for Technical Documentation, enabling organised and efficient access.
Collaboration Across Teams: Engage various departments – from development to legal – to contribute to the documentation process. This ensures a holistic view and comprehensive coverage of all necessary details.
Leverage Existing Information: Your organisation likely already possesses much of the information needed for technical documentation, stored within regulatory records or internal documents. Key components like risk management and data governance, which are key elements for high-risk AI systems, can be restructured to align with the technical documentation criteria. Instead of creating entirely new content, focus on refining and adapting what you already have to meet the Act's standards.
Version Control Mechanisms: Implement version control to track changes and updates to Technical Documentation over time.
Automated Tracking Tools: Employ automated tools to track data, metrics, and performance indicators relevant to the documentation.
Routine Review and Updates: Regularly review and update Technical Documentation to reflect changes in the AI system, regulatory updates, and industry best practices.
Training and Awareness: Conduct training sessions for stakeholders, ensuring a comprehensive understanding of the importance of documenting this process for regulatory compliance.
Seek Expert Guidance: While in-house initiatives lay the groundwork for compliance, engaging with external experts can offer invaluable insights. These specialists, with their nuanced understanding of the EU AI Act, can identify gaps in your current approach, introduce proven methodologies specific to AI compliance, and ensure a meticulous adherence to every detail outlined in the Act's provisions.
The EU AI Act's emphasis on technical documentation isn't an isolated instance. Across the globe, various industries and regulatory bodies recognise the significance of maintaining detailed technical records.
For instance, the European Union's medical device industry mandates comprehensive reports to demonstrate conformity to regulatory requirements. This documentation, much like the Act's stipulations, serves as a testament to a product's design, functionality, and safety.
The key challenge will be to make sure technical documentation is maintained and updated regularly. Having the right processes in place can help minimise administrative workload.