EU AI Act registration is not a single form. It is a multi-step process involving inventory, classification, documentation, assessment, representative appointment, and database submission. Here is exactly what each step requires.
Before you can classify anything, you need a complete picture of every AI system your organization uses, develops, or deploys. This includes third-party AI tools embedded in your products, AI-powered features in SaaS platforms you use, and internal AI systems for decision-making.
Most companies significantly undercount their AI systems. A thorough inventory typically reveals 3–5x more AI systems than initially expected. Document each system's purpose, data inputs, outputs, and where it is deployed geographically.
For each AI system identified, determine whether it falls under one of the eight high-risk categories in Annex III. Consider both direct use cases and indirect impacts — a system that feeds into a hiring decision, even indirectly, may qualify.
Systems that do not fall under Annex III may still have transparency obligations (Article 50) or require registration if the provider has classified them as non-high-risk under the Article 6(3) exception (Article 49(2)).
For each high-risk system, prepare the mandatory technical documentation under Annex IV. This is the most resource-intensive step, requiring input from engineering, data science, legal, and compliance teams. Documentation must cover system design, training data governance, risk management, testing methodology, and human oversight measures.
This step alone typically takes 4–6 weeks per system.
Complete the applicable conformity assessment procedure. For most Annex III systems, this is internal self-assessment under Annex VI. For biometric identification systems, third-party assessment by a Notified Body is required. Upon completion, issue the EU Declaration of Conformity (Article 47) and affix the CE marking (Article 48).
If you are a non-EU provider, appoint an EU Authorized Representative under Article 22 by written mandate. The representative must be established in an EU Member State and empowered to perform the tasks specified in the AI Act.
Submit the required Annex VIII information to the EU AI database. The data required includes the provider's name, authorized representative details, system description, intended purpose, conformity assessment status, and Member States where the system is placed on the market.
The information in the database is publicly accessible (with limited exceptions for law enforcement systems under Article 49(4)), so ensure your submissions are accurate and complete — incorrect information carries its own penalty tier.
Timeline reality: Steps 1–6 take a minimum of 8–12 weeks for a single system. Companies with multiple high-risk systems should plan for 3–6 months. With the August 2, 2026 deadline approaching, starting now is essential.
Does This Apply to US Companies? — extraterritorial scope analysis
Penalties — consequences of incomplete or late registration
Lexara Advisory guides US companies through every step — from classification to database submission.
Contact Lexara Advisory →Lexara Advisory LLC is an AI governance consulting firm, not a law firm. This content is for informational purposes only and does not constitute legal advice.
🤖 AI — not a human or lawyer