OverviewArticle 9 — Risk ManagementArticle 10 — Data GovernanceArticle 11 — Technical DocsArticle 14 — Human OversightArticle 50 — Transparency
HR & RecruitmentFintech & CreditHealthcare AIEdTech & AssessmentLegal TechnologyInsurance AIPropTech & Real EstateCustomer Service AI
BlogGlossary
Nytivo vs ConsultantsNytivo vs Vanta
Free Assessment
Pricing
Start free trialSign in
Article 9 · EU AI Act

Risk Management System

Article 9 of the EU AI Act requires providers of high-risk AI systems to establish, implement, document, and maintain a risk management system throughout the entire lifecycle of their AI system. It is not a checklist or a one-time assessment — it is a continuous process that must evolve as the system and its deployment context change.

Applies to: Providers of high-risk AI systems listed in Annex III (HR tools, credit scoring, biometrics, education, critical infrastructure, and more). Not required for limited-risk or minimal-risk AI systems.

What Article 9 Actually Requires

Article 9(1) states that providers must establish, implement, document, and maintain a risk management system for high-risk AI systems. The requirement is not simply to produce a risk assessment document — it is to implement a functioning system of ongoing risk identification and mitigation.

Article 9(2) specifies that the risk management system must consist of a continuous and iterative process run throughout the entire lifecycle of a high-risk AI system. “Entire lifecycle” means from initial development through to decommissioning — including all updates, fine-tuning, and changes in deployment context that occur after the system enters service.

Article 9(7) adds a requirement that is often overlooked: providers must specifically consider reasonably foreseeable misuse when identifying risks.

The Four Steps Article 9 Requires

Article 9(2) establishes a four-part structure for the risk management process.

1

Identification

Identify all known and foreseeable risks associated with the high-risk AI system across its entire lifecycle — including risks that arise from intended use, from reasonably foreseeable misuse, and from interaction with other systems or human operators.

2

Analysis and evaluation

Analyse the probability of each identified risk occurring and the severity of its potential impact. The Act does not prescribe a specific risk scoring methodology, but your approach must be documented, reproducible, and defensible. Consider both individual harm and broader societal harm.

3

Mitigation

Adopt appropriate and targeted risk management measures. Where risks cannot be fully eliminated, reduce them to the lowest level reasonably achievable without degrading the system's intended performance. Technical mitigations take precedence over procedural ones wherever possible.

4

Residual risk evaluation

After mitigation, evaluate remaining residual risks. These must be judged acceptable — meaning the benefits of the system outweigh the remaining risks and the risks are as low as reasonably practicable. Document this judgment explicitly. Acceptable residual risk is not the same as no risk.

What “Continuous and Iterative” Means in Practice

The phrase “continuous and iterative” rules out a common compliance pattern: completing a thorough risk assessment at development time and treating the obligation as discharged.

  • System changes: Any material change to the model, training data, feature set, or deployment configuration triggers a reassessment of the affected risk areas.
  • Post-market monitoring findings: Article 9(2)(c) explicitly links the risk management system to data gathered from the post-market monitoring system.
  • Deployment context changes: If the system is deployed in a new sector, jurisdiction, or use case — even without technical changes — the risk profile changes.
  • New information: Published research, regulatory guidance, or incidents affecting similar AI systems can reveal risks not previously identified.

Residual Risk and the Acceptable Risk Threshold

Article 9(4) states that residual risks — risks that remain after mitigation measures have been applied — must be judged acceptable. Document the residual risk judgment explicitly in the risk management system file.

Frequently Asked Questions

What counts as a 'risk' under Article 9?

Article 9 defines risk broadly: any potential harm that could arise from the AI system's operation, including physical, psychological, financial, and societal harm to individuals or groups. This covers direct harms (a biased hiring decision) and indirect harms (systemic discrimination from repeated biased decisions at scale). You must also consider reasonably foreseeable misuse — how the system could be used in ways not explicitly intended but predictable given the deployment context.

Does Article 9 require a third-party audit?

No. For most high-risk AI systems covered by Annex III, the risk management system is part of the self-assessment conformity procedure. A third-party notified body is required only for biometric identification systems and AI safety components in certain regulated products under Annex I. That said, the documentation must be thorough enough that an external auditor or market surveillance authority could verify it independently.

How often does the risk management system need to be updated?

Article 9 requires the process to be continuous and iterative — meaning it must be updated whenever the system changes materially, when new risks are identified through post-market monitoring, when the deployment context changes, or when new information about the system's behaviour becomes available. There is no fixed review cadence prescribed, but a static risk assessment document completed at launch does not satisfy the requirement.

What is the relationship between Article 9 and Article 14 (human oversight)?

They are complementary requirements. Article 9 requires you to identify risks and implement mitigations. Article 14 requires you to design the system so that human operators can effectively monitor it, understand its outputs, and intervene when necessary. In practice, human oversight is often itself a risk mitigation measure under Article 9 — but the design of the oversight mechanism must satisfy Article 14's specific requirements independently.

Is Article 9's risk management system the same as ISO 31000?

ISO 31000 is a general risk management standard, and its principles are broadly consistent with Article 9's requirements. However, ISO 31000 alone does not constitute compliance. Article 9 contains specific requirements about foreseeable misuse, residual risk thresholds, and integration with the broader compliance documentation that go beyond the ISO standard. You can reference ISO 31000 methodology in your documentation, but you must explicitly address Article 9's requirements.

Related articles

Article 10 — Data GovernanceArticle 11 — Technical DocumentationArticle 14 — Human OversightEU AI Act overview

Document your Article 9 risk management system

Nytivo guides you through the 4-step risk management process and generates the documentation Section 4 of Annex IV requires.

Start free trial