Europe AI & Data Rules Hub

Operational Compliance: Monitoring, Updates, and Change Control

UpdatedJuly 29, 2025

ByIuliia Gorshkova

Compliance for high-risk artificial intelligence systems does not conclude with market entry or the issuance of a CE mark. Under the EU Artificial Intelligence Act (AI Act), the moment a provider places an an AI system on the market or puts it into service, a new operational phase begins—one defined by continuous obligations to monitor performance, govern updates, and manage incidents. This operational compliance is not a passive administrative burden; it is an active, risk-based control framework designed to ensure that safety and fundamental rights protections remain intact throughout the entire lifecycle of the system. For providers, importers, distributors, and deployers across Europe, the challenge is to translate static regulatory requirements into dynamic, living processes that can adapt to changing data, evolving use cases, and emerging risks.

The AI Act introduces a paradigm shift from a “design-and-forget” mentality to one of “continuous assurance.” This is achieved through a combination of post-market surveillance (PMS), update governance, incident reporting, and periodic review cycles. These mechanisms are interlocking; data from PMS informs update decisions, incident reports trigger corrective actions, and periodic reviews validate the overall compliance posture. Understanding how these components interact, and how they are implemented in practice, requires a synthesis of legal interpretation, systems engineering, and risk management. This article examines the operational machinery that keeps compliance alive after launch, focusing on the practical steps required to meet regulatory expectations and maintain trust in high-risk AI systems.

Post-Market Surveillance: The Foundation of Continuous Compliance

Post-market surveillance (PMS) is the systematic process for collecting and analyzing data on the performance, safety, and conformity of an AI system once it is in use. It is a core obligation for providers of high-risk AI systems, mandated by Article 61 of the AI Act. The objective is to proactively identify risks and patterns of misuse that were not anticipated during the conformity assessment, and to detect systemic failures that could emerge from the interaction between the AI system and its environment. PMS is not simply about logging errors; it is about establishing a feedback loop that feeds into risk management, quality management, and the decision-making processes for updates and incident response.

Legal Obligations and Scope

The AI Act requires providers to establish, document, and implement a PMS system that is proportionate to the risk level of the AI system. This is not a one-size-fits-all requirement. The Act explicitly links the intensity of PMS to the risk category of the system. For high-risk AI systems listed in Annex III (e.g., biometric identification, critical infrastructure management, employment selection), the obligations are stringent. For other high-risk systems falling under existing sectoral legislation (e.g., medical devices, machinery), the PMS requirements must align with the PMS framework of that specific legislation, but they must also satisfy the AI Act’s provisions on data collection and reporting.

Article 61(1) AI Act: “Providers of high-risk AI systems shall establish and document a post-market monitoring system in a manner that is proportionate to the nature of the AI systems and the risks associated with them.”

The PMS system must be based on a post-market surveillance plan, which is part of the technical documentation. This plan must outline the methods and procedures for proactively collecting, recording, and analyzing data. It is not a static document; it must be updated as the system evolves and as new risks are identified. The data collected must be relevant for the identification and mitigation of risks, and it must be systematically reviewed to assess the continued conformity of the AI system.

Practical Implementation: Data Sources and Methodologies

Implementing an effective PMS system requires a multi-source data collection strategy. Providers should not rely solely on internal performance metrics. A robust PMS framework integrates several data streams:

System Performance Logs: This includes data on accuracy, robustness, false positives/negatives, and system failures. For AI systems that operate in dynamic environments (e.g., autonomous mobile robots in warehouses), this also includes data on environmental interactions and edge cases.
User Feedback and Error Reports: Deployers are a critical source of real-world performance data. Providers must establish clear channels for users to report unexpected behavior, errors, or difficulties. This is particularly important for AI systems used in high-stakes domains like healthcare or finance, where subtle errors can have significant consequences.
Adverse Event Reporting: This is distinct from general error reporting. An adverse event is any incident that led or could have led to a breach of fundamental rights, a violation of safety requirements, or a significant disruption. The PMS plan must define what constitutes an adverse event for the specific AI system.
Model Drift and Data Distribution Monitoring: For machine learning systems, the statistical properties of input data can change over time, leading to performance degradation (model drift). PMS must include monitoring for such drift, comparing real-world data distributions to the data used for training and validation.
Cybersecurity Incident Logs: Data from security monitoring, including attempted or successful unauthorized access, must be integrated into the PMS process, as security vulnerabilities can directly impact the safety and conformity of the AI system.

The analysis of this data must be periodic and systematic. The PMS plan should define the frequency of analysis (e.g., weekly, monthly, quarterly) and the thresholds for triggering further action. For example, a sustained drop in accuracy below a predefined level for a specific user group should automatically trigger a risk assessment and potentially a corrective action.

Interaction with Risk Management and Quality Management

PMS is not a standalone process. It is the primary input for the risk management system required by Article 9 of the AI Act. The risk management system must be a continuous loop: identify risks, analyze and evaluate them, and then adopt risk management measures. PMS provides the real-world evidence needed to validate risk assessments and to identify new, previously unknown risks. If PMS data reveals that a mitigation measure is ineffective or that a new risk vector has emerged, the risk management file must be updated, and new or strengthened measures must be implemented. This may include changes to the AI system itself (an update), changes to the instructions for use, or additional training for deployers.

Similarly, PMS data must feed into the provider’s quality management system (QMS). The QMS, which is a broader framework for ensuring conformity and consistency, must incorporate processes for handling PMS data, including procedures for deciding when to initiate a corrective action or a preventive action (CAPA). In essence, the PMS system operationalizes the QMS in the post-launch phase.

Governance of Updates and Continuous Learning

AI systems, particularly those based on machine learning, are rarely static. They are updated to improve performance, patch security vulnerabilities, adapt to new data, or comply with changing legal requirements. The AI Act recognizes this reality and establishes a specific regulatory framework for updates. An update is not just a technical change; it is a regulatory event that can trigger new conformity assessments or require notification to market surveillance authorities.

Defining an “Update” Under the AI Act

Article 3(2) of the AI Act defines an update as a “change to the high-risk AI system following its placing on the market or putting into service, which is not a maintenance or a security patch, and which alters the intended purpose or the performance of the system, including correcting a bias.” This definition is crucial. It distinguishes between:

Maintenance: Routine, non-substantive changes that do not affect the system’s conformity. These do not require a new conformity assessment.
Security Patches: Changes made to address a cybersecurity vulnerability. These are treated as a special category of update, often subject to lighter requirements unless they fundamentally alter the system’s function.
Updates: Substantive changes that affect the system’s performance, purpose, or bias profile. These are the focus of regulatory scrutiny.

The key question for providers is whether a planned change constitutes an “update” in the regulatory sense. A change that improves accuracy by 2% might be an update. A change that re-routes processing to a different cloud server might not be, unless it affects data security or performance in a way that impacts conformity. This requires a formal change control process within the QMS.

The “Substantial Change” Test and Conformity Assessment

For high-risk AI systems, an update that constitutes a “substantial change” requires the provider to initiate a new conformity assessment. The AI Act does not explicitly define “substantial change,” but it refers to the concept in the context of the CE marking procedure. A change is likely to be considered substantial if it affects the system’s compliance with the essential requirements set out in Annex II. For example:

A change to the underlying algorithm or model architecture that affects robustness or accuracy.
A change in the intended purpose of the system (e.g., using a medical diagnostic AI for triage purposes instead of diagnosis).
A change in the data processing logic that affects the fairness or non-discrimination requirements.
An update to the system’s self-learning logic that could introduce new, uncontrolled biases.

If an update is deemed substantial, the provider must repeat the relevant conformity assessment procedure. This could mean involving a Notified Body again, especially if the original assessment was based on third-party verification. The provider must also update the EU declaration of conformity and the technical documentation to reflect the changes. Failure to conduct a new conformity assessment for a substantial update is a direct violation of the AI Act and can lead to the withdrawal of the product from the market.

Practical Governance: The Update Management Lifecycle

To manage this in practice, providers need a robust update governance framework integrated into their QMS. This framework should include the following stages:

Proposal and Impact Assessment: Any proposed change must be formally documented. An initial impact assessment determines if the change is a maintenance activity, a security patch, or a potential update. This assessment should consider the change’s impact on the intended purpose, performance, and risk profile.
Technical and Regulatory Review: If the change is classified as a potential update, a deeper review is required. This involves engineering teams assessing the technical impact and legal/compliance teams assessing the regulatory implications (e.g., does it trigger a new conformity assessment? Does it affect the information in the technical file?).
Validation and Testing: The updated system must be re-validated against the essential requirements. This includes re-testing for accuracy, robustness, security, and bias. The scope of testing should be proportionate to the significance of the update.
Approval and Documentation: Formal approval must be obtained from the relevant internal stakeholders (e.g., Head of Compliance, Head of Engineering). The technical documentation, risk management file, and PMS plan must be updated to reflect the new version of the system.
Deployment and Communication: The update must be deployed in a controlled manner. Crucially, the provider must inform the deployer of the update and provide any necessary instructions or retraining materials. If the update is substantial, the provider must also notify the relevant market surveillance authority.
Post-Update Monitoring: The PMS system must be configured to specifically monitor the performance of the updated system, looking for any unintended consequences or new risks introduced by the change.

This lifecycle ensures that updates are not just technically sound but also legally compliant. It creates an auditable trail demonstrating that the provider has exercised due diligence in modifying a high-risk system.

Incident Handling and Serious Incident Reporting

Despite best efforts in design and monitoring, incidents can occur. The AI Act establishes a formal, time-bound procedure for reporting “serious incidents” to market surveillance authorities. This is a critical mechanism for systemic oversight, allowing authorities to identify widespread risks, patterns of non-compliance, and emerging threats posed by AI systems in the market.

What Constitutes a “Serious Incident”?

Article 3(23) defines a serious incident as an incident that either: (a) led or could have led to the death or serious injury of a person, a serious disruption of public services, or significant damage to property or the environment; or (b) constitutes a breach of fundamental rights under the EU Charter. The inclusion of “could have led” is significant; it means that providers must report near-misses and incidents that did not result in actual harm but had the potential to do so. This proactive reporting is essential for preventing future harm.

Examples of serious incidents could include:

An autonomous vehicle system causing a near-miss with a pedestrian due to a misclassification.
A recruitment AI system that systematically discriminates against a protected group, leading to a large-scale denial of opportunities.
A medical diagnostic AI providing a consistently incorrect output for a specific demographic, leading to a risk of misdiagnosis.
A critical failure in an AI system managing industrial machinery that could have caused a major accident.

The determination of whether an incident is “serious” requires a risk-based judgment. Providers should have clear internal criteria to guide this decision, which should be documented in their incident response plan.

Reporting Timelines and Procedures

The AI Act sets out strict timelines for reporting, which are designed to enable swift regulatory intervention. The clock starts when the provider becomes aware of the incident.

Initial Notification: The provider must report the serious incident to the relevant market surveillance authority without undue delay and in any event within 15 days of becoming aware of it. This initial report must include at least a summary of the incident and the provider’s initial assessment.
Final Report: Following the initial notification, the provider must submit a more detailed final report. This must include the causes of the incident, the measures taken to mitigate the risks, and any relevant information for the market surveillance authority’s assessment.

These timelines are tight and require a well-oiled internal process. “Without undue delay” implies that a provider cannot wait to gather all possible information before making the initial notification. The initial notification is about alerting the authority; the detailed analysis can follow.

The reporting must be done through the single reporting platform designated by the European Commission. Until that platform is operational, reporting will be done to the national market surveillance authorities of the Member State where the incident occurred or where the provider is established.

Setting Up an Internal Incident Response Plan

To meet these obligations, providers must establish an internal incident response plan. This plan should be part of the QMS and should be tested regularly (e.g., through tabletop exercises). Key elements of the plan include:

Detection and Triage: Mechanisms for detecting incidents (e.g., PMS alerts, user reports) and a clear process for triaging them to determine if they meet the “serious incident” threshold.
Escalation Path: A defined chain of command for escalating a potential serious incident to the legal and compliance teams, and ultimately to the designated person responsible for regulatory reporting.
Containment and Mitigation: Procedures for containing the incident to prevent further harm (e.g., taking a system offline, disabling a feature) and for mitigating its effects (e.g., notifying affected deployers).
Investigation and Root Cause Analysis: A process for investigating the incident to understand its root cause. This is crucial for both the final report to the authority and for implementing corrective actions.
Reporting Template: A pre-prepared template for the initial and final reports to ensure all required information is collected and presented consistently.

It is important to note that reporting a serious incident does not absolve the provider of liability. However, failure to report is a separate and serious violation of the AI Act, punishable with significant fines. The incident reporting framework is a cornerstone of the Act’s enforcement mechanism.

Periodic Review Cycles and the Role of the Notified Body

Compliance is not a one-time event, even for systems that are not frequently updated. The AI Act introduces the concept of periodic review for certain high-risk AI systems, particularly those that operate on a “continuous learning” basis. This is a formal check-in to ensure the system remains in conformity over time.

The Requirement for Periodic Review

Article 61(4) states that for high-risk AI systems that operate on a continuous learning basis, the provider must establish a schedule for periodic review. The frequency of these reviews must be appropriate to the intended purpose of the system. The goal of the periodic review is to assess whether the system continues to meet the essential requirements, especially in light of changes in its operating environment or data inputs.

This is distinct from PMS, which is a continuous monitoring activity. The periodic review is a formal, scheduled assessment, the results of which must be documented. It is akin to a scheduled maintenance check for a complex piece of machinery. For AI systems, this involves a comprehensive re-evaluation of the system’s performance, bias, and robustness.

What Does a Periodic Review Involve?

The scope of a periodic review will depend on the system, but it should generally include:

Performance Re-evaluation: Testing the system’s accuracy, precision, and recall against a representative sample of recent real-world data. This helps detect model drift or performance degradation.
Bias and Fairness Audit: Re-running fairness metrics to check for the emergence of new biases or the exacerbation of existing ones. This is especially critical for systems used in hiring, credit scoring, or law enforcement.
Security Assessment: A review of the system’s security posture to identify new vulnerabilities that may have emerged since the last review or update.
Review of PMS Data: A comprehensive analysis of all PMS data collected since the last periodic review to identify trends or recurring issues.
Review of

Previous CE Marking Roadmap for AI-Enabled Products

Next How National Authorities Enforce EU AI Rules

Table of Contents

AI in Education: Fundamentals & Tools

Understanding AI Basics

Practical AI Tools for Educators

Integrating AI into Teaching

Case Studies & Success Stories

Ethical AI & Inclusive Practices

Ethical & Legal Frameworks for AI Systems

Equity & Inclusion

Transparency & Trust

Algorithmic Bias, Discrimination & Legal Risk

AI Errors, Accountability & Legal Responsibility

Institutional AI Governance & Policy Design

AI, Security & GDPR Compliance

Data Protection & Privacy

Cybersecurity in AI

EU Regulations & Policies

Engaging Parents & Guardians

Data Protection, Privacy & AI Governance

Additional Resources

Glossary of Terms

Templates & Guides

Webinars & Research

AI for Administrative & Pedagogical Support

AI for Time Management

AI in Student Performance Tracking

AI for Automated Communication

AI for Document Management

AI, Robotics & Biotech Regulation in Europe

EU AI Act Explained: Scope, Risk Levels, Obligations

AI-Enabled Products: Robots, Medical Software, Smart Devices

Machinery Regulation & Safety Standards for Intelligent Systems

AI in Healthcare & Biotech: MDR, IVDR, EMA

Liability & Responsibility for AI-Driven Systems

Compliance in Practice: From Risk Assessment to CE Marking

Country-Specific AI Regulation & Enforcement

How EU AI Law Is Applied at National Level

Different Compliance Models

National AI Sandboxes & Regulatory Experiments

Public Sector AI Rules Across Europe

Cross-Border AI Deployment Challenges

When National Law Overrides EU Guidance

Legal Cases, Enforcement & Real-World Precedents

AI Act, GDPR & Algorithmic Decision-Making Cases

Liability Disputes Involving Automated Systems

Robotics Accidents & Legal Responsibility

Medical & Biotech AI Failures: Lessons Learned

What Enforcement Trends Tell Us About Future Regulation