Article 9 of the EU AI Act requires providers of high-risk AI systems to establish, implement, document, and maintain a risk management system throughout the entire lifecycle of their AI system. It is not a checklist or a one-time assessment — it is a continuous process that must evolve as the system and its deployment context change.

Applies to: Providers of high-risk AI systems listed in Annex III (HR tools, credit scoring, biometrics, education, critical infrastructure, and more). Not required for limited-risk or minimal-risk AI systems.

What Article 9 Actually Requires

Article 9(1) states that providers must establish, implement, document, and maintain a risk management system for high-risk AI systems. The requirement is not simply to produce a risk assessment document — it is to implement a functioning system of ongoing risk identification and mitigation.

Article 9(2) specifies that the risk management system must consist of a continuous and iterative process run throughout the entire lifecycle of a high-risk AI system. “Entire lifecycle” means from initial development through to decommissioning — including all updates, fine-tuning, and changes in deployment context that occur after the system enters service.

Article 9(7) adds a requirement that is often overlooked: providers must specifically consider reasonably foreseeable misuse when identifying risks.

The Four Steps Article 9 Requires

Article 9(2) establishes a four-part structure for the risk management process.

What “Continuous and Iterative” Means in Practice

The phrase “continuous and iterative” rules out a common compliance pattern: completing a thorough risk assessment at development time and treating the obligation as discharged.

  • System changes: Any material change to the model, training data, feature set, or deployment configuration triggers a reassessment of the affected risk areas.
  • Post-market monitoring findings: Article 9(2)(c) explicitly links the risk management system to data gathered from the post-market monitoring system.
  • Deployment context changes: If the system is deployed in a new sector, jurisdiction, or use case — even without technical changes — the risk profile changes.
  • New information: Published research, regulatory guidance, or incidents affecting similar AI systems can reveal risks not previously identified.

Residual Risk and the Acceptable Risk Threshold

Article 9(4) states that residual risks — risks that remain after mitigation measures have been applied — must be judged acceptable. Document the residual risk judgment explicitly in the risk management system file.

Related articles

Document your Article 9 risk management system

Nytivo guides you through the 4-step risk management process and generates the documentation Section 4 of Annex IV requires.