18 May 2026

EU AI Act · Article 9 · Risk Management · Compliance

Article 9 Risk Management Under the EU AI Act: What Compliance Officers Need to Do Now

The Scenario That's Keeping You Up at Night

It's Tuesday morning. Your CTO just forwarded you a memo: the credit-scoring model your fintech has been running for three years uses behavioral data and payment history to approve or decline loan applications. Someone on the legal team flagged it. Annex III of the EU AI Act lists "AI systems used to evaluate the creditworthiness of natural persons" as high-risk. The December 2027 deadline for high-risk compliance is closer than it looks. You don't have a documented risk management system. You don't have a conformity assessment. You're not even sure if the model qualifies. So: what do you actually do next?

What Article 9 Requires

Article 9 is the spine of the EU AI Act's high-risk framework. If your system is classified as high-risk, this is the provision that defines how you manage it, document it, and prove it's safe enough to operate.

Here's what the law actually says, in plain terms.

You need a documented risk management system. Article 9(1) requires providers of high-risk AI systems to establish, implement, document, and maintain a risk management system. Not a policy document. Not a slide deck. A live, maintained system with records that show it's working.

It's a continuous process, not a one-time exercise. Article 9(2) is explicit: the risk management system runs throughout the entire lifecycle of the AI system. That means from design through deployment through decommissioning. You can't run a risk assessment at launch and call it done. You're committed to an iterative loop, which Article 9(2)(b) describes as requiring you to evaluate risks that may emerge when the system is used in accordance with its intended purpose and under conditions of reasonably foreseeable misuse.

You need both technical and organisational measures. Article 9(4) requires you to adopt risk management measures that correspond to the risks identified. These measures must be the most appropriate and targeted at eliminating or reducing risks as far as possible. Where risks can't be eliminated, you mitigate. Where you can't mitigate, you accept the residual risk and document it explicitly. That last part matters: residual risks that you've knowingly accepted must be recorded and disclosed to users in your instructions for use.

Testing is mandatory before deployment. Article 9(7) requires that high-risk AI systems are tested for the purpose of identifying the most appropriate and targeted risk management measures. Testing must happen prior to placing the system on the market or putting it into service. It must be performed against defined metrics and probabilistic thresholds appropriate to the intended purpose. This isn't unit testing. This is structured evaluation against the specific risks the system poses to affected people.

Validation doesn't stop at launch. Post-market monitoring, required under Article 72, feeds back into Article 9. If you discover new risks through real-world use, your risk management system must respond. The loop is closed by design.

The takeaway: Article 9 isn't a checkbox. It's an ongoing operating discipline that requires genuine institutional commitment.

The Practical Implications for Compliance Officers

The timeline is more compressed than most compliance officers realize, and it's non-linear.

Prohibited AI practices were banned from August 2, 2024. If you're using real-time remote biometric identification in publicly accessible spaces, or AI that exploits psychological vulnerabilities, you're already out of time. That ship has sailed.

Transparency obligations under Article 50 came into force on February 2, 2025. If you're deploying AI that interacts with people (chatbots, for instance) without disclosing it's AI, you're already non-compliant.

High-risk system obligations, including Article 9, apply from August 2, 2026. That's your current horizon. Eighteen months sounds like a lot until you account for the work involved.

What "high-risk" actually means. Annex III lists the categories: biometric systems, critical infrastructure management, education and vocational training, employment and worker management, access to essential private and public services (including credit scoring), law enforcement, migration and asylum, and administration of justice. If your system falls into one of these categories and is used to make or significantly influence decisions affecting people, it's high-risk.

The credit-scoring scenario from earlier? Annex III(5)(b) explicitly lists AI systems "intended to be used to evaluate the creditworthiness of natural persons or establish their credit score." That's a direct hit. There's no ambiguity to hide in.

The IS versus MIGHT BE distinction matters enormously. A system that IS high-risk requires the full Article 9 treatment plus conformity assessment, CE marking (if placed on the EU market), registration in the EU database, and ongoing post-market monitoring. A system that MIGHT be high-risk needs a documented classification decision, not the full compliance stack. If you've done a reasoned analysis concluding your system doesn't meet Annex III criteria, that analysis is itself a compliance asset. Document it properly and keep it current.

Documentation you need in place before December 2027:

How to Get Compliant: Five Steps

Step 1: Inventory every AI system in use or development.

You can't classify what you haven't found. Run a systematic audit across every business unit. Include third-party systems you're relying on, not just ones your team built. A vendor telling you their system is compliant isn't the same as you verifying it. Ask for their technical documentation under Article 11. If they can't produce it, that's your risk, not theirs.

Your inventory should capture: what the system does, who built it, what data it uses, what decisions it influences, and who the affected population is.

Step 2: Classify each system against Annex III.

Take each system from your inventory and work through Annex III methodically. The question isn't "could this theoretically be high-risk." The question is: does it fall within a listed category AND does it pose a significant risk to health, safety, or fundamental rights?

The Act provides a proportionality anchor in Article 7: some systems within Annex III categories may be low-risk if the AI component poses minimal risk in context. Don't assume every AI system touching credit is automatically high-risk. Do the analysis. Record it.

Step 3: For high-risk systems, document the risk management process.

This is where Article 9 becomes operational. You need a written risk management plan covering:

The identification and analysis of known and reasonably foreseeable risks (Article 9(2)(a)). Estimation and evaluation of those risks in intended use and foreseeable misuse (Article 9(2)(b)). Evaluation based on post-market data (Article 9(2)(c)). The risk management measures you've adopted (Article 9(4)). Testing protocols and results (Article 9(7)). Residual risks accepted and why (Article 9(4)).

Don't make this a theoretical document. It needs to connect to actual processes: who reviews it, how often, what triggers an update, who's accountable.

Step 4: Establish ongoing monitoring and incident reporting.

Article 72 requires post-market monitoring. You need a system to collect and analyze performance data in real-world conditions. For credit scoring, this means tracking not just model accuracy but disparate impact across protected groups, drift in data distributions, and edge cases that surface through customer complaints or appeals.

Serious incidents (as defined in Article 3(49)) must be reported to national authorities without undue delay. Build that reporting path before you need it.

Step 5: Prepare for conformity assessment if required.

Most high-risk AI systems under Annex III require internal conformity assessment under Article 43(2), meaning you self-assess against the requirements and generate a declaration of conformity. Some categories, including certain biometric systems, require third-party assessment. Know which category you're in before December 2027, not after.

CE marking is required for systems placed on the EU market. Registration in the EU AI database is mandatory before deployment for most high-risk categories.

What This Looks Like in Practice

One financial services company with operations in three EU member states ran their AI inventory and found 23 AI systems in active use. Fourteen were immediately classifiable as low-risk or general purpose. Seven were clearly high-risk under Annex III: two credit scoring models, three fraud detection systems with automated decision outputs, and two employment screening tools. Two remained genuinely ambiguous and required legal analysis before classification.

For the seven high-risk systems, the compliance team spent roughly four months building out Article 9-compliant risk management documentation. The fraud detection systems were the most complex because the residual risks involved false positives that could freeze legitimate customer accounts. Those residual risks are now documented and disclosed in the systems' instructions for use.

Total cost: approximately 600 person-hours across legal, compliance, data science, and product. The team estimated that a supervisory investigation finding inadequate documentation would have triggered fines in the range of 3% of global annual turnover under Article 99. For their revenue base, that comparison made the compliance investment straightforward to justify.

Your Next Step

If you're reading this and still not certain whether your AI systems are high-risk under Annex III, that uncertainty is itself your immediate compliance problem. You need a clear classification decision in writing before December 2027, and ideally well before.

Better Societies runs EU AI Act Diagnostic sessions specifically for compliance officers who need to work through exactly this question. In a structured two-hour session, you'll map your AI inventory against Annex III criteria, identify which systems require Article 9 risk management systems, and get a prioritized action plan for your specific situation.

Book your diagnostic session at bettersocieties.world/qualify. The December 2027 deadline is fixed. The time to start is now.