Article 17 · Chapter III: High-Risk AI Systems
Quality Management System
High risk
Summary
Providers must put in place a documented QMS proportionate to the size of the organisation, covering compliance strategy, design and verification techniques, data management procedures, risk-management system, post-market monitoring, incident reporting, communication with authorities, record-keeping, resource management, and accountability framework.
Key obligations
- Document a QMS covering all 13 elements listed in Art. 17(1)
- SME-friendly: simplified compliance allowed for micro and small enterprises
- Cover incident reporting and communication with notified bodies