What post-market monitoring does the EU AI Act require for high-risk AI systems?
The provided sources do not directly detail the post-market monitoring requirements of the EU AI Act for high-risk AI systems. However, they do emphasize the Act's requirement for human oversight of such systems.
The EU AI Act Article 14 mandates that high-risk AI systems must be designed and developed to allow for effective oversight by natural persons during their operational period. This aligns with the NIST AI Risk Management Framework's "Govern" function, which also includes human oversight as a requirement. Furthermore, ISO 42001, the AI management system standard, necessitates defined human oversight roles.
To ensure effective human oversight, several controls can be implemented. These include risk-based routing for approvals, decision quality monitoring to identify suspicious approval patterns, and explicit attestation language to prevent mass approvals. For high-stakes situations, multi-party override and periodic review of override patterns can mitigate misuse of override authority. To maintain accountability, every consequential action should have a traceable human accountability path, whether through approval, override, or authorization of the agent's autonomy boundary. Finally, structured logging of all human decisions in the same audit stream as agent actions ensures comprehensive observability.
- Designing Agentic AI Systems with the ORCHIDEAS Framework
How does your AI agent score?
Get a free, instant AI agent security readiness snapshot — mapped to NIST, OWASP & ISO — then unlock the full report with a prioritized, cited fix-list.
This AI-generated answer is for guidance only — not a certification, audit, or penetration test. Grounded in the NIST AI RMF, OWASP LLM Top 10, and ISO/IEC 42001 control text; verify applicability to your environment.