Article 9 of EU AI Act Regulation 2024/1689 is the backbone of high-risk AI compliance. It requires providers of high-risk AI systems to establish, implement, document, and maintain a risk management system. Not a risk assessment document. Not an annual review. A system -- continuous, operational, and active throughout the entire lifecycle of the AI system.
Most compliance teams get this wrong. They produce a risk register in a spreadsheet, review it once a year, and call it done. That is not Article 9 compliance. Here is what the obligation actually requires.
The Four Components Article 9 Mandates
1. Identification and Analysis of Known and Foreseeable Risks
Article 9(2)(a) requires identification and analysis of risks that the high-risk AI system can pose to health, safety, or fundamental rights -- both when used as intended and when used in reasonably foreseeable conditions of misuse. This means you must document:
- Risks from the intended use case as defined in Annex IV
- Risks from reasonably foreseeable misuse (not just edge cases you consider unlikely)
- Risks arising from interactions with other systems
- Risks from changes to the system over time (model drift, data distribution shift)
2. Estimation and Evaluation of Risk
Article 9(2)(b) requires that identified risks be estimated and evaluated, including risks that may arise from the use of the system in accordance with its intended purpose and under conditions of reasonably foreseeable misuse. This is a quantitative or at minimum a structured qualitative assessment -- not a checkbox.
3. Adoption of Risk Management Measures
Article 9(2)(c) requires adoption of suitable risk management measures under Article 9(4). These measures must be prioritised and applied only to residual risks judged acceptable. Critically, these measures must be implemented in the system itself -- technical controls, not policy statements.
4. Testing to Evaluate Risk Management Effectiveness
Article 9(9) requires that risk management measures be tested to verify they actually work. Testing must be done before market placement and must be sufficient to ensure the system performs consistently for its intended purpose across foreseeable conditions.
Why "Continuous" Is the Critical Word
The regulation states the risk management system "shall be a continuous iterative process run throughout the entire lifecycle" of the high-risk AI system. This creates obligations that extend well beyond initial deployment:
- Every model retrain must trigger a fresh risk analysis
- Every change to training data must be assessed for distributional risk
- Every deployment to a new context or user group must be re-evaluated
- Post-market monitoring data (Article 72) must feed back into the risk management system
A document written in 2024 does not satisfy Article 9 in 2026 if your AI system has changed since then.
What Regulators Will Ask For
A market surveillance authority investigating Article 9 compliance will not accept a PDF risk assessment. They will request evidence that:
- Risk was assessed at each stage of the AI lifecycle
- Identified risks had documented mitigations
- Those mitigations were implemented in the system and tested
- The system was monitored post-deployment and findings were fed back into the risk process
- All of the above is timestamped and traceable to specific system versions
Common Gaps in Current Practice
| What teams do | What Article 9 requires |
|---|---|
| Annual risk review meeting with a slide deck | Continuous process triggered by every system change |
| Risk register in a spreadsheet | Documented system with version control and timestamps |
| General GDPR DPIA repurposed | AI-specific risk analysis covering fundamental rights, not just data privacy |
| Risk mitigations in policy documents | Technical controls implemented and tested in the system |
| One-off pre-launch testing | Ongoing testing including post-deployment monitoring feedback |
The Engineering Implication
Article 9 is an engineering obligation that has been handed to legal teams. The only way to satisfy continuous lifecycle risk management at scale is to wire it into the engineering workflow -- at the CI/CD level, where every release triggers a risk check, generates timestamped evidence, and produces a traceable record. Policy documents cannot satisfy a regulation that requires operational continuity.
This is precisely what Vigilens implements via the Guaranteed Safe AI framework: Rules-as-Code running at every release, evidence collected automatically from your engineering tools, and an audit pack generated on demand.
Frequently Asked Questions
Does Article 9 require a specific format for the risk management system?
No. Article 9 specifies four mandatory components -- risk identification, estimation, mitigation measures, and testing -- but does not mandate a specific format. The system must be documented and evidenced, but the implementation is flexible. The key requirement is that it is continuous and covers the full lifecycle.
How often must the risk management system be updated?
The regulation requires the system to be a continuous iterative process. In practice, any material change to the AI system -- model retrain, new data source, deployment to a new context -- must trigger a review. There is no minimum frequency specified, but annual reviews alone will not satisfy the obligation for actively developed systems.