Quick answer

Providers of high-risk AI systems must establish post-market monitoring systems under Art.72 that actively collect and analyze data on system performance throughout its lifecycle. When serious incidents occur, Art.73 requires providers to report to the relevant market surveillance authority within 15 days of becoming aware of the incident, or immediately in cases involving death or serious harm.

Updated June 2026 · MmowW AI Compliance

Post-Market Monitoring Requirements for High-Risk AI

Post-Market Monitoring Under Art.72

The EU AI Act recognizes that compliance with high-risk AI requirements is not a one-time assessment but an ongoing obligation. Art.72 requires providers of high-risk AI systems to establish and document a post-market monitoring system that is proportionate to the nature of the AI technology and the risks associated with the system.

The post-market monitoring system must be designed to actively and systematically collect, document, and analyze relevant data that deployers or other third parties may provide throughout the lifetime of the AI system. This requirement extends the traditional product safety concept of post-market surveillance into the specific context of AI, where system behavior can evolve after deployment.

Key Elements of the Monitoring System

A compliant post-market monitoring system under Art.72 must include:

The monitoring plan must be based on a post-market monitoring plan template that the Commission may develop through implementing acts. However, providers should not wait for these templates and should establish systems based on the regulation's substantive requirements.

Serious Incident Reporting Under Art.73

Art.73 establishes specific obligations for reporting serious incidents involving high-risk AI systems. A serious incident is defined as an incident or malfunctioning of an AI system that directly or indirectly leads to any of the following:

Reporting Timelines

The regulation establishes differentiated reporting timelines based on the severity of the incident:

Incident TypeReporting DeadlineRecipient
Death or serious health damageImmediately, no later than 2 daysMarket surveillance authority of member state where incident occurred
Other serious incidentsWithin 15 days of awarenessMarket surveillance authority of member state where incident occurred
Widespread disruptionImmediately, no later than 2 daysMarket surveillance authority + AI Office notification

The initial report may be incomplete if all relevant information is not yet available. In such cases, providers must submit follow-up reports with additional details as they become available. The reporting obligation begins when the provider becomes aware of a causal link between the AI system and the serious incident.

Content of Incident Reports

Incident reports must contain sufficient information to allow the market surveillance authority to assess the situation, including:

Interaction with Other Reporting Obligations

The AI Act's incident reporting requirements operate alongside other sectoral reporting obligations. Art.73 clarifies that reporting under the AI Act does not replace obligations under other Union legislation such as the Medical Devices Regulation (EU) 2017/745, the General Data Protection Regulation (EU) 2016/679, or sector-specific incident reporting frameworks.

Providers operating across multiple regulated sectors must map their reporting obligations to ensure that incidents are reported to all relevant authorities within the applicable timeframes. This mapping exercise should be documented as part of the overall compliance management system.

Building Effective Monitoring Systems

Effective post-market monitoring requires more than passive data collection. Organizations need structured daily workflows that capture performance data, flag anomalies, and enable rapid investigation when issues arise. The transition from pre-market compliance to post-market vigilance represents a fundamental shift in how AI governance operates.

MmowW's AI compliance platform at mmoww.net/ai/app/ supports this transition by providing structured daily logging workflows through the AI Usage Log feature, helping organizations build the operational habits needed for continuous monitoring and timely incident detection.

Start your AI compliance journey with MmowW — Ready before you deploy.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.