AnnexesArticle Annex VIII

Annex VIII: Information for Registration of High-Risk AI Systems

Applies from 2 Aug 20264 min readEUR-Lex verified Apr 2026

Annex VIII specifies the information that providers and deployers must submit when registering high-risk AI systems in the EU database under Article 49. It is divided into Section A (information from providers) and Section B (information from deployers that are public authorities or EU institutions/bodies). The data covers system identification, provider identity, conformity status, intended purpose, risk category, Member State availability, and more.

Start free assessment All articles

Who does this apply to?

-Providers registering high-risk AI systems in the EU database before market placement
-Deployers that are public authorities or EU institutions registering their use of high-risk systems
-Authorised representatives registering on behalf of non-EU providers
-Compliance teams preparing registration data packages

Scenarios

A provider of a high-risk biometric identification system fills in all Section A fields before registering in the EU database.

System appears in the public EU database with provider identity, conformity certificate, intended purpose, and Member States where available.

Ref. Annex VIII, Section A + Art. 49

A national police authority deploying a high-risk AI system for crime analytics registers its use under Section B.

Public authority deployer registration appears in the restricted-access section of the database.

Ref. Annex VIII, Section B + Art. 49

Section A — Provider registration information

Providers must submit:

1. Provider name, address, and contact details 2. Name and contact of the authorised representative (if applicable) 3. Trade name and any additional unambiguous reference for the AI system 4. Description of intended purpose of the AI system 5. Status of the AI system (on the market, in service, no longer available) 6. Type, number, and expiry date of the conformity assessment certificate and notified body name (Annex VII cases) 7. Member States where the system is placed on the market or put into service 8. Type of the system — standalone or integrated into a product 9. EU declaration of conformity URL or identification 10. Annex III area and sub-area classification 11. Instructions for use access (URL or equivalent) 12. URL of further information (voluntary)

The full numbered list appears on EUR-Lex Annex VIII.

Section B — Deployer registration information (public authorities)

When the deployer is a public authority or EU institution, body, office or agency, it must separately register:

1. Deployer name and contact details 2. Name of the person responsible for the deployment 3. The system's Annex III category and sub-category 4. Description of intended use (specific to the deployer's context) 5. Member State where the system is used 6. Fundamental rights impact assessment status (Article 27)

This data populates a non-public section of the EU database, accessible to market surveillance and data protection authorities.

How Annex VIII connects to the rest of the Act

Article 49 — The registration obligation that references Annex VIII.
Article 16(i) — Provider duties include registration.
Article 26(8) — Deployer registration duties.
Article 27 — FRIA referenced in Section B.
Annex V — EU declaration of conformity referenced in Section A.
Annex III — Risk categories that structure registration fields.

Compliance checklist

Map all Section A fields against your product metadata before attempting registration.
Ensure conformity assessment certificate details are finalised before registration.
If authorised representative: include their details in Section A.
Register before placing the system on the market or putting it into service.
Public-authority deployers: complete Section B with FRIA status.
Update registration when the system's status, conformity, or availability changes.
Archive registration submissions alongside the EU declaration of conformity.

Read the official text on EUR-Lex

Prepare your EU database registration—free assessment.

Start Free Assessment

Article 16: Obligations of Providers of High-Risk AI Systems

Article 26: Obligations of Deployers of High-Risk AI Systems

Article 27: Fundamental Rights Impact Assessment

Article 49: EU Database Registration

Article 71: Guidance from the Commission

Article 99: Penalties for AI Act Infringements

Article 113: Entry into Force and Application Dates

Annex III: High-Risk AI System Areas

Annex V: EU Declaration of Conformity — Content Requirements

Related annexes

Annex III — High-risk AI system areas
Annex V — EU declaration of conformity content

Frequently asked questions

Is the EU database public?

Provider registrations under Section A are public. Deployer registrations under Section B (public authorities) are in a restricted-access section visible only to authorities.

When must I register — before or after market placement?

Before. Article 49 requires providers to register before placing the system on the market or putting it into service.

What if registration data changes?

The registration must be kept up to date. Update entries when conformity status, Member State availability, or system status changes.

On this page

Key terms

EU database: The publicly accessible Union database for high-risk AI systems, managed by the Commission under Article 71, populated with Annex VIII data.
Section A registration: The publicly accessible provider registration data in the EU database (Annex VIII Section A), including system name, intended purpose, conformity status, and Member State of registration.
Section B registration: The restricted deployer registration data for law enforcement, migration, and border control uses (Annex VIII Section B), accessible only to the Commission and market surveillance authorities.

At a glance

Article: Annex VIII
Status: Upcoming
Timeline: 2 Aug 2026
Updated: 11 Apr 2026

Recommended next step

Run the short assessment to map risk class and obligations to your specific AI use case in minutes.

Start assessment now