Quick answer

Article 23 of the EU AI Act requires importers, before placing a high-risk AI system on the market, to verify that the provider carried out the conformity assessment, drew up the technical documentation, affixed the CE marking and provided the EU declaration of conformity and instructions for use, and to add their own name and contact details to the system or its documentation.

Updated June 2026 · MmowW AI Compliance

EU AI Act Article 23: Obligations of Importers of High-Risk AI Systems

What Article 23 Covers

Article 23 of Regulation (EU) 2024/1689 assigns duties to importers, defined in Article 3(6) as natural or legal persons located or established in the Union that place on the market an AI system bearing the name or trademark of a natural or legal person established in a third country. The importer is the first EU-based commercial actor in the chain for foreign systems, and the regulation uses that position as a checkpoint: non-compliant systems should be stopped at the point of import, not discovered in the field.

The Pre-Market Verification Duties

Before placing a high-risk AI system on the market, importers shall ensure that the system is in conformity with the regulation by verifying that:

This is a document-and-marking verification duty, not a duty to re-run the provider's testing. But it must be performed genuinely: an importer that waves systems through without checking has its own liability under the regulation, independent of the provider's.

When Verification Fails

Article 23(2) directs what happens when the check turns up problems. Where an importer has sufficient reason to consider that a high-risk AI system is not in conformity with the regulation, or is falsified, or accompanied by falsified documentation, it shall not place the system on the market until it has been brought into conformity. Furthermore, where the high-risk AI system presents a risk within the meaning of Article 79(1), the importer shall inform the provider of the system, the authorised representative and the market surveillance authorities to that effect.

Identification, Storage and Cooperation Duties

Article 23 continues with a set of ongoing duties:

How to Implement Article 23 in Practice

  1. Build an import compliance checklist that mirrors Article 23(1): conformity assessment evidence, Annex IV technical documentation confirmation, CE marking present and correctly affixed under Article 48, EU declaration of conformity matching the system version, instructions for use in the required languages, and authorised representative appointment where the provider is outside the EU.
  2. Gate the commercial process on the checklist: no listing, shipping or activation of the system for EU customers until the file is complete and reviewed.
  3. Implement the labelling duty: add the importer's name and contact address to the product, packaging or accompanying documentation, which for software typically means the documentation and product information screens.
  4. Set up the ten-year archive for certificates, instructions and declarations of conformity, aligned with the provider-side retention regime of Article 18 and the representative duties of Article 22.
  5. Define an escalation procedure for failed checks and risk findings, including the mandatory notifications to the provider, the authorised representative and market surveillance authorities.
  6. Address Article 23 in supply contracts: documentation delivery, update notices for new versions, and cooperation commitments for authority requests.

A Concrete Example

An Amsterdam-based distributor-importer brings a Singapore provider's AI-based candidate assessment platform to the EU market. Before the first sale, it verifies the internal-control conformity assessment record, receives the Annex IV documentation confirmation and the signed EU declaration of conformity, checks the CE marking on the product information, confirms the provider has mandated an authorised representative in Frankfurt, and files all documents in its ten-year archive. When a later software release changes the system's intended purpose, the importer repeats the verification for the new configuration before continuing sales, because the original declaration no longer covers it.

How Article 23 Connects to Other Provisions

Article 23 is one of three value-chain control provisions, alongside Article 24 for distributors and Article 25, under which an importer that puts its own name or trademark on a high-risk system, substantially modifies it, or changes its intended purpose so that it becomes high-risk, is itself considered a provider with full Article 16 obligations. The verification targets all come from provider duties: Article 43 conformity assessment, Article 11 documentation, Article 47 declaration, Article 48 CE marking and Article 22 representation. Importer failures are independently sanctionable under Article 99, with fines for non-compliance with operator obligations of up to 15 million euros or 3 percent of total worldwide annual turnover.

Actions to Take Before August 2, 2026

Organisations that import AI systems into the EU should map their catalogue against Annex III and Article 6 now to identify which systems will be high-risk, contact third-country providers about documentation readiness, and stand up the verification checklist and archive before the obligations apply on August 2, 2026. Importers who discover at the deadline that their providers have no conformity documentation will face a simple choice: halt sales or carry the risk themselves. This article provides general information about Regulation (EU) 2024/1689 and is not advice for any specific import arrangement.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.