EU AI Act · governance
Article 8 of the EU AI Act, read for an operating board
Article 8 is the governance article the rest of the Act depends on. If the board controls fail here, the rest does not stand.
You will see the four obligations Article 8 places on the deploying organisation, the documentation each obligation produces, and the audit question each is meant to answer.
We list the controls a board should expect to see in the first quarterly governance pack. Where the controls are missing, the board paper template flags them as red.
The governance pack is open-access. You can take it, brand it and run it without us. We make money when boards decide that running the pack on their own is harder than retaining a principal to chair the meeting.
The four Article 8 obligations
- Pending bill
record-keeping for high-risk AI
All deployers · EU
Stand up a centralised log of high-risk AI systems with version, scope, and assessment evidence.
- Pending bill
post-market monitoring
All deployers · EU
Document a monitoring plan with thresholds for incident reporting and a named owner.
- Pending bill
human oversight
All deployers · EU
Define oversight roles and authority to intervene; map to the existing operating-committee structure.
- Pending bill
information to deployers
All deployers · EU
Confirm vendor instructions are sufficient for safe deployment; collect them with the procurement file.
“If you can run this without us, you should.”