Home/EU AI Act/Article 16

Article 16 — Obligations of Providers

Article 16 establishes the obligations of providers of high-risk AI systems, including ensuring compliance with Articles 8-15, maintaining quality management, keeping documentation, performing conformity assessment, and cooperating with authorities.

Art. 16(a)

Ensure compliance with Section 2 requirements (Articles 8-15)

Artifacts: All 13 artifacts

The AI Attest pipeline is the compliance mechanism. It will not reach DONE without every gate requirement met. Cascade invalidation prevents stale compliance — any change triggers re-evaluation of affected artifacts.

Art. 16(b)

Provider name and contact on system or documentation

Artifacts: DEPLOYER_GUIDE.md §1, DEPLOY.md

Provider identity is a required field in the deployer guide. The deployment plan references provider contact for operational purposes.

Art. 16(c)

Quality management system per Article 17

Artifacts: See Article 17

AI Attest itself is the quality management system. See Article 17 mapping for detailed coverage.

Art. 16(d)

Keep documentation per Article 18 (10-year retention)

Artifacts: All artifacts + audit chain

The event-sourced audit chain retains all documentation permanently. Events are append-only and immutable. Content hashes provide integrity verification.

Art. 16(k)

Demonstrate conformity upon request of competent authority

Artifacts: Compliance report

The AI Attest compliance report generates a regulator-ready document from the audit chain, mapping every requirement to specific evidence with timestamps and content hashes.

← Article 15Article 17 →

See where your AI system stands

Upload your documentation and get a gap report in minutes. Free during beta.

Start your free audit