Article 17 of Regulation (EU) 2024/1689 requires every provider of high-risk AI to put in place a quality management system that ensures compliance with the Regulation. The QMS must be documented in a systematic and orderly manner — written policies, procedures and instructions — and cover at least the 13 aspects listed in Art. 17(1) points (a) to (m). Implementation must be proportionate to the provider's size, but the degree of rigour required to ensure compliance is fixed. Financial institutions subject to Union financial-services internal-governance rules may rely on those frameworks under Art. 17(4) — but only for points (g), (h) and (i). The QMS documentation must be retained for 10 years under Art. 18(1).
€249 one-time payment · 12 PDF documents in ZIP · 45 minutes · 100% in your browser
Art. 17(1) lists 13 aspects in order. Read in pairs with the article each one operationalises — the QMS is the engine that makes the rest of Chapter III work.
Art. 17(3) allows providers subject to sectoral QMS obligations under Union law to include the Art. 17(1) aspects as part of their existing QMS. But the substantive 13 aspects must be addressed. ISO 9001 is a generic quality framework, not a substitute for the AI-specific aspects under Art. 17(1)(f), (g), (h), (i) (data management, AI risk management, post-market monitoring of AI, AI incident reporting). ISO 42001 is closer but does not automatically satisfy Art. 17.
Art. 17(1) requires the QMS to be documented "in the form of written policies, procedures and instructions" — documentation is the form, but the substance is operational systems, procedures and behaviours. An audit will look for evidence that the procedures are followed (records, training logs, incident handling, change management). A binder full of policies that nobody applies is not a QMS.
Art. 17(4) is narrower than that. Providers that are financial institutions subject to internal-governance, arrangements or processes requirements under Union financial-services law have the obligation to put in place a QMS — with the exception of paragraph 1 points (g), (h) and (i) — deemed fulfilled by complying with internal-governance rules. Points (a)–(f) and (j)–(m) of Art. 17(1) still apply on their own terms.
Answer these four questions to determine your obligations.
12 PDF documents generated from your inputs. Each cites the article of Regulation (EU) 2024/1689 it fulfils.
Identifies whether your system is prohibited (Art. 5), high-risk (Art. 6 + Annex III) or subject to transparency obligations (Art. 50).
The 9 blocks of Annex IV in full: system description, training data, validation, performance metrics, risk management, human oversight. Art. 11 + Annex IV.
Signable document conforming to Art. 47 and Annex V.
Key application dates: 2 Feb 2025, 2 Aug 2025, 2 Aug 2026, 2 Aug 2027. Art. 113.
Executive summary of compliance status for authorities or commercial buyers. Art. 43 procedure.
QMS structure covering the 13 aspects required by Art. 17.
Document for the entity deploying your system, conforming to Art. 13.
Verifiable evidence list, cross-referenced to every Annex IV block.
Notification protocol conforming to Art. 73 (15 days general / 10 days death / 2 days widespread).
Training plan conforming to Art. 4, in force since 2 February 2025.
Plan structure required by Art. 72 and integrated into the technical documentation under Annex IV(9).
Template under Art. 27 for public bodies, private entities providing public services, and Annex III 5(b)(c) deployers.
See before you buy — Download a sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Generated from your inputs, in your browser. No data leaves your machine.
12 documents. 45 minutes. €249. The documentation your system needs before being placed on the market.
If your system falls under Art. 43(1) (Annex III point 1 biometrics with notified-body route, or Annex I products), you will need third-party conformity assessment. That is a separate process. AICheck does not replace it.
We do not sell audits. We do not sell consultancy. We sell the tool that structures your documentation under Annex IV.
Article 99 of Regulation (EU) 2024/1689. Chapter XII (Penalties) applies from 2 August 2025.
Art. 99(3). Up to €35 million or 7% of total worldwide annual turnover, whichever is higher. For SMEs and start-ups: whichever is lower (Art. 99(6)).
Art. 99(4). Includes failure to draw up technical documentation under Art. 11 + Annex IV. Covers obligations of providers (Art. 16), deployers (Art. 26), authorised representatives (Art. 22), importers (Art. 23), distributors (Art. 24), notified bodies (Art. 31, 33, 34) and transparency under Art. 50.
Art. 99(5). Applies when information provided to notified bodies or national competent authorities is wrong or misleading.
If you operate multiple AI systems and need to document them all under Annex IV, contact us for volume pricing at hello@solidwaretools.com.
Request volume pricingAICheck produces a document structured under Article 11 and Annex IV of Regulation (EU) 2024/1689 from the information you provide. The accuracy, truthfulness and completeness of that information is your responsibility as provider of the AI system.
We guarantee that the document structure follows Article 11 and Annex IV of Regulation (EU) 2024/1689 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a given case, nor by a commercial buyer in a procurement process.
AICheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Twelve documents. Annex IV fully structured. Regulation (EU) 2024/1689. Your data does not leave your machine. The ZIP you download is yours to keep.