How to create a post-market monitoring plan for AI systems.
AI Post-Market Monitoring Plan: EU AI Act Template
Overview
How to create a post-market monitoring plan for AI systems. Data collection, analysis, corrective actions, and reporting.
Audit Framework
EU AI Act compliance auditing requires a structured approach that covers technical, organisational, and documentation requirements. Whether conducting internal audits or preparing for external conformity assessment, the audit framework must be comprehensive and evidence-based.
The audit scope depends on the AI system's risk classification. High-risk systems face the most rigorous audit requirements, including conformity assessment (self-assessment or third-party), quality management system evaluation, and ongoing post-market monitoring.
Audit Methodology
An effective AI audit follows a systematic process: scope definition, evidence collection, assessment against requirements, findings documentation, and corrective action tracking. Each EU AI Act obligation maps to specific audit criteria and evidence requirements.
Technical audits assess system performance (accuracy, robustness, bias), security measures, data governance, and logging capabilities. Organisational audits evaluate governance structures, roles and responsibilities, training programmes, and incident response readiness.
Evidence Collection
Compliance evidence falls into several categories: design documentation (specifications, architecture, training data descriptions), testing records (bias tests, accuracy benchmarks, adversarial testing results), deployment documentation (user instructions, risk assessments, human oversight protocols), and monitoring records (performance logs, incident reports, corrective actions).
Evidence should be contemporaneous — created at the time of the activity, not reconstructed later. Audit trails must be tamper-resistant and retained for the periods specified in the AI Act (generally for the system's lifetime plus 10 years).
Common Gaps
Frequent audit findings include incomplete AI system inventories, missing or outdated technical documentation, insufficient bias testing, inadequate human oversight mechanisms, and gaps in post-market monitoring. These gaps are easier and less costly to address proactively than during enforcement investigations.
Continuous Improvement
Audit findings should feed into a continuous improvement cycle. Each finding generates a corrective action, which is tracked to completion and verified for effectiveness. Over time, the audit programme itself should evolve based on lessons learned, regulatory guidance, and enforcement patterns.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.