Summary of Article 18
- Documentation Retention: Providers must retain technical and quality management documentation, notified body records, and the EU declaration of conformity for 10 years after the high-risk AI system is placed on the market or put into service.
- Continuity and Special Provisions: Member States must ensure documentation remains accessible if providers go bankrupt or cease activity, while financial institutions may integrate these obligations into existing governance frameworks under Union financial services law.
Documentation Retention
1. The provider shall, for a period ending 10 years after the high-risk AI system has been placed on the market or put into service, keep at the disposal of the national competent authorities:
(a) the technical documentation referred to in Article 11;
(b) the documentation concerning the quality management system referred to in Article 17;
(c) the documentation concerning the changes approved by notified bodies, where applicable;
(d) the decisions and other documents issued by the notified bodies, where applicable;
(e) the EU declaration of conformity referred to in Article 47.
Continuity and Special Provisions
2. Each Member State shall determine conditions under which the documentation referred to in paragraph 1 remains at the disposal of the national competent authorities for the period indicated in that paragraph for the cases when a provider or its authorised representative established on its territory goes bankrupt or ceases its activity prior to the end of that period.
3. Providers that are financial institutions subject to requirements regarding their internal governance, arrangements or processes under Union financial services law shall maintain the technical documentation as part of the documentation kept under the relevant Union financial services law.
