Assessing High-Risk AI Systems under the EU AI Act: From Legal Requirements to Technical Verification
This work addresses the problem of uneven readiness and compliance verification for high-risk AI systems under the EU AI Act, providing a practical tool for regulators and developers, though it is incremental in building on existing standards and practices.
The paper tackles the challenge of verifying compliance with the EU AI Act by developing a structured mapping that translates high-level legal requirements into concrete, verifiable activities across the AI lifecycle, resulting in reduced interpretive uncertainty and a reusable reference for consistent compliance.
The implementation of the AI Act requires practical mechanisms to verify compliance with legal obligations, yet concrete and operational mappings from high-level requirements to verifiable assessment activities remain limited, contributing to uneven readiness across Member States. This paper presents a structured mapping that translates high-level AI Act requirements into concrete, implementable verification activities applicable across the AI lifecycle. The mapping is derived through a systematic process in which legal requirements are decomposed into operational sub-requirements and grounded in authoritative standards and recognised practices. From this basis, verification activities are identified and characterised along two dimensions: the type of verification performed and the lifecycle target to which it applies. By making explicit the link between regulatory intent and technical and organisational assurance practices, the proposed mapping reduces interpretive uncertainty and provides a reusable reference for consistent, technology-agnostic compliance verification under the AI Act.