EU Database Registration Under Article 71

Article 71 establishes a publicly accessible EU database for registering high-risk AI systems listed in Annex III. The database is managed by the European Commission, with data entered by providers, authorised representatives, and public authority deployers. It must be user-friendly, easily navigable, and machine-readable. The database serves multiple purposes: it provides public transparency about which high-risk AI systems are operating in the EU market, it enables market surveillance authorities to identify and monitor systems within their jurisdiction, and it creates a public record that affected persons can consult to understand whether AI systems are involved in decisions affecting them.

The Conformity Assessment Coordinator completes registration before the system is placed on the market or put into service. The information required is specified in Annex VIII and is divided into three sections covering provider registration, non-high-risk assessment registration, and deployer registration, plus a separate regime for real-world testing under Article 60.

Providers of high-risk systems under Annex III must submit twelve categories of information under Article 49(1). These include the provider's name, address, and contact details; the authorised representative's details where applicable; the AI system's trade name and any additional unambiguous reference allowing identification and traceability; a description of the intended purpose; the system's status covering whether it is on the market, in service, no longer available, or recalled; certificate details for any notified body assessment; the member states where the system is deployed; and a concise description of the means by which training, validation, and testing data was collected. Electronic instructions for use must also be submitted, except for law enforcement, migration, or border control systems.

Each item demands careful preparation. The description of the intended purpose must be precise and consistent with the aisdp Module 1 wording. The concise description of data collection means must be factually accurate without disclosing commercially sensitive details. The Technical SME prepares the electronic instructions for use in a format suitable for digital publication.

Providers who have concluded under Article 6(3) that their Annex III system is not high-risk must still register under Section B. They submit identification details, the intended purpose, the conditions under Article 6(3) justifying the determination, and a short summary of the grounds. This registration is particularly important because it creates a public record of the provider's self-assessment. If a market surveillance authority later disagrees with the classification, the registered justification becomes central evidence.

Public authority deployers must register themselves and the system's use under Article 49(3), Section C. The registration provides the deployer's contact details, the URL of the system's existing entry in the EU database linking to the provider's registration, a summary of the Fundamental Rights Impact Assessment findings under Article 27, and a summary of the DPIA under GDPR Article 35 where applicable. This creates a chain from the provider's system entry to each public authority's specific use, enabling oversight of how high-risk systems are deployed across the public sector.

Article 60 permits providers to test high-risk AI systems in real-world conditions before market placement, provided specific safeguards are met. The threshold is exposure to real-world conditions with real subjects: internal testing on historical or synthetic data does not trigger Article 60. Before commencing testing, the provider registers in the EU database under Article 71(4) with Annex IX information covering a unique test identification number, provider and deployer details, a system description, a summary of the testing plan, and information on any suspension or termination.

Article 61 requires informed consent from test subjects. The consent must be freely given, specific, informed, and unambiguous, explaining the system's purpose, what data will be collected, and the right to withdraw. Article 60(4) imposes conditions: the test must not adversely affect health or safety, outputs must be reversible or disregardable by a human, and qualified personnel must supervise throughout. Testing results feed into the risk assessment, fairness evaluation, and post-market monitoring baseline.

High-risk AI systems under Annex III points 1, 6, and 7 covering biometric identification for law enforcement, migration, asylum, and border control management are registered in a secure, non-public section of the EU database. Only the Commission and national authorities designated under Article 74(8) can access this section. The information submitted is a subset of the full Section A requirements.

Critical infrastructure systems under Annex III point 2 are registered at national level, outside the EU database, reflecting their sensitivity and the national security considerations involved. The Legal and Regulatory Advisor determines the registration pathway based on the system's Annex III classification and engages with the relevant national authority for critical infrastructure registration.