Quick answer

Article 71 of the EU AI Act establishes an EU-wide database for high-risk AI systems maintained by the European Commission. Providers must register their high-risk AI systems before market placement, and deployers who are public authorities must also register. The database is publicly accessible, contains information specified in Annex VIII, and supports market surveillance by national competent authorities.

Updated June 2026 · MmowW AI Compliance

EU Database for High-Risk AI Systems: Article 71 Registration Guide (2026) | MmowW

Purpose and Scope of the EU Database

Article 71 of Regulation (EU) 2024/1689 establishes a Union-wide database for the registration of high-risk AI systems referred to in Annex III that are placed on the market or put into service. The European Commission is responsible for establishing and maintaining this database, in collaboration with Member States.

The database serves multiple purposes that the Regulation treats as interconnected. It provides market surveillance authorities with a centralized resource for identifying and monitoring high-risk AI systems operating within the Union. It creates public transparency about which high-risk AI systems are available on the market. And it enables systematic tracking of conformity assessment status, provider information, and system characteristics across all Member States.

The scope of the database is defined by reference to Annex III, which lists the categories of high-risk AI systems. These categories include AI systems used in biometric identification, critical infrastructure management, education and vocational training, employment and worker management, access to essential services, law enforcement, migration and border control, and the administration of justice and democratic processes. High-risk AI systems that are safety components of products covered by Union harmonization legislation listed in Annex I, Section A are registered through the mechanisms established under that specific legislation rather than directly in the Article 71 database.

Who Must Register

The registration obligation applies to two categories of entities. First, providers of high-risk AI systems listed in Annex III must register their systems in the database before placing them on the market or putting them into service. This obligation is established in Article 49(1) and applies regardless of the provider's location — providers established outside the Union must register through their authorized representative designated under Article 22.

Second, deployers of high-risk AI systems who are public authorities, Union institutions, bodies, offices, or agencies — or entities acting on their behalf — must also register in the database. This deployer registration obligation under Article 49(3) reflects the heightened transparency requirements that apply when public sector entities use high-risk AI systems that may affect fundamental rights and public interests.

The dual registration requirement creates a comprehensive picture. Provider registration captures what high-risk AI systems exist and who is responsible for them. Public deployer registration captures where and by whom those systems are being used in public contexts. Together, these registrations enable both market surveillance and public accountability.

Information Required Under Annex VIII

Annex VIII of the Regulation specifies the information that must be entered in the EU database. The requirements differ for provider registration and deployer registration, reflecting the different roles these entities play in the AI value chain.

For providers, the registration information includes the name, address, and contact details of the provider; where the provider is not established in the Union, the name, address, and contact details of the authorized representative; the trade name of the AI system and any additional unambiguous reference allowing identification; a description of the intended purpose of the AI system; the status of the AI system (on the market, no longer on the market, recalled); the type and procedure of the conformity assessment carried out; the Member States in which the system is placed on the market or put into service; and the URL for the system's entry in any other EU database.

For deployers who are public authorities or EU institutions, the registration information includes the name, address, and contact details of the deployer; the name, address, and contact details of any person acting on behalf of the deployer; the URL of the system's provider registration entry in the database; and a summary of the findings of the fundamental rights impact assessment carried out under Article 27.

The registration information must be kept up to date. Article 49(4) requires that registrants update the information in the database when circumstances change, ensuring that the database reflects the current status of high-risk AI systems operating within the Union.

Public Accessibility and Transparency

Article 71(4) establishes that the information contained in the EU database shall be publicly accessible, with specific exceptions. Certain information may be accessible only to market surveillance authorities and the Commission where justified on grounds of national security, trade secrets, or law enforcement sensitivity.

The public accessibility of the database represents a significant transparency mechanism. Individuals and organizations can consult the database to determine whether a particular high-risk AI system has been registered, who the provider is, what conformity assessment procedure was followed, and — in the case of public deployer registrations — the results of fundamental rights impact assessments.

This transparency serves multiple functions. It enables civil society organizations and researchers to monitor the deployment of high-risk AI systems. It provides downstream deployers with information about the systems they are considering for procurement. And it creates market incentives for compliance, since the absence of a database registration for a high-risk AI system is a visible indication of potential non-compliance.

Relationship to Market Surveillance

The EU database operates as an infrastructure component of the broader market surveillance framework established in Chapter IX of the Regulation. National market surveillance authorities, designated under Article 70, use the database to identify high-risk AI systems within their jurisdiction and to verify compliance with the requirements of the Regulation.

Article 74 establishes that market surveillance authorities have access to the documentation and information necessary for carrying out their activities, including access to the EU database. The database enables authorities to conduct systematic oversight rather than relying solely on complaint-driven or random inspection approaches.

The interaction between the database and market surveillance extends to post-market monitoring. Article 72 requires providers of high-risk AI systems to establish post-market monitoring systems proportionate to the nature of the technology and the risks of the system. The EU database provides a framework for linking post-market monitoring outcomes to the registered system, enabling authorities to track compliance over the system's lifecycle.

Where market surveillance authorities identify non-compliance, the database registration provides the foundation for enforcement action. The registration identifies the responsible provider, the conformity assessment procedure followed, and the Member States where the system has been placed on the market — information essential for coordinated enforcement across multiple jurisdictions.

Timing and Process Considerations

The registration must occur before the high-risk AI system is placed on the market or put into service. Article 49(1) establishes this timing requirement, which means that providers must complete their registration as part of the pre-market compliance process, alongside the conformity assessment, the EU declaration of conformity, and the affixing of the CE marking.

The sequencing matters. Registration in the database follows the completion of the conformity assessment procedure, because the registration information includes details about the conformity assessment that was conducted. However, registration must precede market placement. Providers should therefore plan for the registration process as an integral step in their market access timeline, not as an administrative afterthought.

For deployers who are public authorities, the timing obligation requires registration before putting the high-risk AI system into service. This means that public sector procurement of high-risk AI systems must include the registration step in the deployment timeline, and the fundamental rights impact assessment required under Article 27 must be completed before the registration can be made.

Compliance Implications

The EU database registration requirement underscores the Regulation's emphasis on traceability and accountability throughout the AI lifecycle. For providers, registration is not merely an administrative filing — it is a public declaration of compliance status that is accessible to regulators, deployers, and the general public.

Organizations preparing for registration should ensure that their conformity assessment documentation is complete and accurate before initiating the registration process. The information entered in the database must be consistent with the EU declaration of conformity, the technical documentation, and any notified body certificates. Inconsistencies between the database registration and underlying documentation could trigger market surveillance inquiries.

Maintaining accurate and current records of AI system development, deployment, and compliance status is essential for meeting the registration and update obligations. WnowW Trust OS at mmoww.net/ai/app/ provides a structured framework for maintaining these records as part of daily AI operations, ensuring that registration information reflects the actual status of the AI system at all times.

The database registration requirements, verified against current regulations by Sawai Gyoseishoshi Office, establish a transparency and traceability infrastructure that extends the compliance obligations of the EU AI Act beyond the point of market placement. For providers and public deployers of high-risk AI systems, registration in the EU database is both a legal requirement and a practical tool for demonstrating ongoing conformity with the Regulation.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.