EU AI Act

How to Register a High-Risk AI System in the EU Database

4 min readUpdated 2 May 2026

The EU AI Act requires all high-risk AI systems to be registered in a public EU database before they can be deployed in the EU. For most companies, this is a new compliance requirement with no equivalent in prior regulation. This article explains the registration obligation, who must register, what information is required, and the timeline.

What Is the EU AI Database?

The EU AI database is a centralised registry maintained by the European Commission. Its purpose is to give regulators, authorities, and the public visibility over high-risk AI systems in operation in the EU.

The database is publicly accessible for most categories. The primary information recorded is not the technical details of your model — it is the metadata: who you are, what the system does, where it is deployed, and how to contact you.

Who Must Register

AI System Providers

If you develop and place a high-risk AI system on the EU market, you are a provider and must register before deployment.

This applies to:

  • SaaS companies offering high-risk AI features (recruitment screening, credit scoring, medical diagnosis support, etc.)
  • Companies with AI embedded in physical products (robots, medical devices) — but registration for these may run through the product's CE marking process
  • Companies offering high-risk AI to public authorities

AI System Deployers (Employers, Public Bodies)

If you are an organisation deploying a high-risk AI system from a third-party provider, you generally do not need to register the system separately — the provider registers it. However, deployers that use AI systems to make decisions about individuals in certain high-stakes contexts (e.g., public authorities using AI for benefit eligibility decisions) have additional registration obligations.

For most B2B SaaS deployments, the vendor registers; the customer does not.

What Must Be Registered

For each high-risk AI system, registration requires:

Provider information:

  • Provider name, registered address, and contact details
  • Name and contact of EU authorised representative (if provider is based outside the EU)

System information:

  • System name, version, and description
  • Intended purpose — what the system does and in what context
  • Category under Annex III (the high-risk classification)
  • Countries where deployed
  • Whether the system is placed on the market or put into service by the provider directly

Status information:

  • Status: available on market / withdrawn / recalled
  • Date of registration
  • Link to relevant conformity assessment information

The database does not require uploading your model weights, training data, or full technical documentation. It requires the identifying and operational metadata.

Exceptions and Special Cases

General Purpose AI models (GPAI): These are separately regulated under Articles 51–56. Registration requirements for GPAI models differ and are the obligation of the GPAI model provider, not downstream deployers.

Systems in CE-marked products: High-risk AI embedded in products regulated under MDR, IVDR, or Machinery Regulation may register through the existing CE marking notified body route. The AI Act database registration is still required, but the conformity assessment process is aligned with the product regulation.

Small providers: Microenterprises and startups may qualify for reduced documentation requirements under the Act, but not for exemption from registration.

The Registration Timeline

DateObligation
2 August 2026High-risk AI system requirements fully in force
2 August 2026Registration required before deployment
NowClassify your systems and begin technical documentation
6–12 months before deadlineBegin conformity assessment process

Registration without completed conformity assessment is not valid. The sequence is:

  1. Classify the system as high-risk
  2. Prepare technical documentation
  3. Complete conformity assessment (self-assessment or notified body, depending on category)
  4. Affix CE marking (where applicable)
  5. Register in the EU AI database
  6. Deploy in EU

How to Register

The EU AI database is managed by the European Commission. Access is through the EASA-managed EUDAMED equivalent being built for AI systems, or through a Commission-operated portal. As of early 2026, the registration portal is being finalised — the Commission has confirmed it will be accessible before the August 2026 deadline.

Steps to prepare for registration now:

  1. Maintain an internal register of all your AI systems
  2. For each system, identify the Annex III category that applies
  3. Begin technical documentation so you have the required information ready
  4. Designate an EU authorised representative if your company is based outside the EU

What Happens If You Don't Register

Deploying an unregistered high-risk AI system is a violation of the AI Act. Penalties:

  • Fines of up to €15 million or 3% of global annual turnover (whichever is higher) for non-compliance with registration requirements
  • Market access may be blocked — authorities can require withdrawal of non-compliant systems

For companies selling to public authorities, registration is likely to become a procurement requirement, enforced before contract award rather than by regulator after breach.

ComplyOne classifies your AI systems against the EU AI Act risk tiers and generates the required documentation automatically.

Run your AI Act risk assessment →

Related guides

AI Act for Companies Using Third-Party AI APIs

Most SaaS companies building AI features are not training their own models. They are calling the OpenAI API, Anthropic's API, Google's Gemini API, or similar.

AI Act Article 13: Transparency Obligations Explained

Article 13 of the EU AI Act is the core transparency provision for high-risk AI systems.

What Is a Conformity Assessment Under the EU AI Act?

Before a high-risk AI system can be deployed in the EU, it must undergo a conformity assessment.

View all guides in this module