AIGP Study Guide
Module 4: AI Regulation · BoK IV.C

The eight requirements for high-risk AI

Major AI laws converge on eight obligations for high-risk AI: risk management, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy/robustness/cybersecurity, and impact/conformity assessment. EU Art. 14 governs human oversight - humans must be able to interpret, intervene or override.

Common obligations across major AI laws. Learn all eight headers, plus the standout detail inside each.

  1. Risk management → a life cycle risk-management system to identify, assess and mitigate foreseeable risks (EU Art. 9, SK Art. 34, Colorado developer duty).
  2. Data governance & quality → training, validation and test data must be relevant, representative and regularly checked for errors or bias (EU Art. 10); in some jurisdictions sensitive data may be processed only to monitor and correct bias.
  3. Technical documentation → transparent documentation of purpose, design, training and testing methods, risk controls (EU Annex IV, California AB 2013 for GPAI), plus clear deployment instructions so deployers can meet their own obligations.
  4. Record-keeping & logging → log key events (inputs, outputs, data sources, human interventions) and retain records for regulator inspection or audit (EU Art. 12).
  5. Transparency & user information → inform individuals when they are subject to AI decision-making, disclose AI-generated or manipulated content, and provide instructions for safe use including capabilities and limitations.
  6. Human oversight → design so humans can interpret outputs, intervene or override (EU Art. 14, Japan's human-in-the-loop guidance), and train staff for meaningful oversight.
  7. Accuracy, robustness & cybersecurity → test regularly for accuracy, resilience and cybersecurity, ensuring consistent performance for the intended purpose (EU Art. 15).
  8. Impact / conformity assessment → pre-market assessments (EU conformity assessment plus fundamental rights impact assessment for public deployers, Colorado algorithmic impact assessment, China safety assessment before public GenAI release) → update on major modifications
Pin the article

EU Art. 14 is the human-oversight article: humans must be able to interpret, intervene or override.