Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Guide

Post-market monitoring (Article 72) after deployment

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

Article 72 of the AI Act requires providers of high-risk AI to keep actively monitoring systems after deployment. A post-market monitoring system collects and analyses performance data throughout the lifetime and feeds risk management. Compliance does not end at market launch.

Short answer: Article 72 of the AI Act requires providers of high-risk AI to maintain a post-market monitoring system after market launch. Through it they systematically collect and analyse data on how the system performs in practice throughout its lifetime. Those signals feed back into risk management and can trigger corrective measures. Compliance is therefore not an endpoint at deployment.

Why monitoring after the market

An AI system behaves differently in practice than in the test environment. Usage patterns shift, data changes, and risks not visible up front can still emerge. Article 72 closes that loop: the provider must keep actively checking whether the system still performs as intended and whether the risk estimates still hold. This keeps the pre-market conformity assessment connected to the reality that follows.

What the monitoring system does

The post-market monitoring system must, proportionate to the nature and risks of the system:

  • Collect relevant data on the performance of the high-risk system throughout its lifetime.
  • Document and analyse that data, including data supplied by deployers.
  • Evaluate continuous compliance with the AI Act's requirements based on what happens in practice.

The provider records this in a monitoring plan that forms part of the technical documentation (Annex IV). The Commission provides a template for such a plan.

Feedback to risk management

Post-market monitoring does not stand alone. Findings feed directly into the risk management system (Article 9): new or changed risks that emerge in practice must be re-estimated and mitigated where needed. Where things go wrong, this can lead to an update, a warning to users, or in the extreme a recall.

Relation to incident reporting

Monitoring is broader than incident reporting but linked to it. The AI Act has a separate obligation to report serious incidents to the supervisor. The monitoring system is the structure through which you notice such incidents and broader performance problems in the first place. See also the high-risk obligations overview.

What to do

  • Draw up a monitoring plan before the system goes live, not after.
  • Collect performance data in a structured way, including signals from deployers.
  • Analyse periodically whether the system still performs and complies as intended.
  • Feed findings back into risk management and documentation.
  • Prepare corrective measures: update, warning or recall.

A high-risk system without monitoring is a blind spot that only becomes visible once harm has already occurred.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act), Article 72: mandatory post-market monitoring system for providers of high-risk systems.
  2. https://artificialintelligenceact.eu/article/72/
    Article 72 AI Act: setting up a monitoring system that collects, documents and analyses performance after deployment.

Share on LinkedIn

Read next

A

DPIA for HR AI: when is it mandatory and how do you combine it with the FRIA?

A DPIA (Art. 35 GDPR) is mandatory for large-scale, systematic monitoring and for high-risk AI in HR. This article explains what it must contain and how to combine the DPIA with the FRIA (fundamental rights assessment, Art. 27 AI Act) into one process. With a practical step plan.

W

Setting up and maintaining the risk management system (Article 9)

Article 9 of the AI Act requires providers of high-risk AI to run a continuous risk management system: identify, estimate, mitigate and keep monitoring risks throughout the system's lifetime. It is an iterative process, not a one-off analysis, and sits at the heart of the compliance regime.

U

Right to explanation of an AI decision: what Article 86 of the AI Act gives you

If you are affected by a decision based (in part) on a high-risk AI system, Article 86 of the AI Act gives you the right to a clear explanation of the AI system's role and the main elements of the decision โ€” from the deployer, on top of your GDPR rights.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.