Which EU regulations does LandingRed cover?

LandingRed covers the EU AI Act, GDPR, NIS2, DORA, the Cyber Resilience Act and the Data Act, plus ISO/IEC 42001 readiness. You enable only the frameworks that apply to your organisation, and the platform keeps obligations, evidence and deadlines for all of them in one place.

When do EU AI Act obligations actually apply?

The obligations are phased. Bans on prohibited practices and AI-literacy duties have applied since February 2025, and general-purpose AI rules since August 2025. Following the Digital Omnibus, most high-risk system obligations are expected to apply from December 2027 (Annex III use cases) and August 2028 (regulated products). The platform tracks each deadline against your AI inventory.

Who is the platform for?

SMEs and mid-market teams that deploy or provide AI systems and need to demonstrate compliance without a dedicated regulatory department. Consultancies and legal advisors also use it to run assessments for their clients.

How does the free trial work?

Every plan starts with a 14-day free trial — no credit card required. You get guided onboarding, a working AI inventory and AI-assisted document generation, so you see real output on your own use cases before paying.

Where is our data stored?

All customer data is hosted in EU data centres and processed under GDPR. Our sub-processor list and technical and organisational measures are published on our Trust page.

Can we change frameworks or plans later?

Yes. Framework applicability can be toggled at any time, and you can move between plans as your inventory grows — your data, evidence and audit trail carry over.

Back to home

Template5 min read

Annex IV Technical Documentation Template

Article 11 of the EU AI Act requires providers of high-risk AI systems to draw up technical documentation before the system is placed on the market or put into service. The documentation must be kept up to date and made available to competent authorities upon request.

Annex IV specifies exactly what must be included. Below is the complete template with all 9 required sections and guidance on what each one should contain.

Section 1: General Description of the AI System

This section establishes the identity and scope of the system. Include:

Intended purpose — What the system does, who it's for, and the specific context of use
Provider identification — Name, address, and contact details
System version — Current version and its relationship to previous versions
Hardware and software interactions — How the system interacts with other hardware, software, or AI systems not part of the system itself
Software and firmware versions — All relevant version numbers and update requirements
Distribution forms — How the system is delivered (software package, embedded in hardware, API, download, etc.)
Hardware requirements — The hardware on which the system is intended to run
User interface — Basic description of the interface provided to the deployer
Instructions for use — Reference to the instructions for use provided to deployers

Section 2: Detailed Description of System Elements & Development Process

The most substantial section. Document:

Development methods — Steps taken, including use of pre-trained systems or third-party tools and how they were integrated or modified
Design specifications — General logic, key design choices with rationale, assumptions made, classification choices, optimisation targets, and expected output quality
System architecture — How software components build on each other, integration into overall processing, and computational resources used
Data requirements — Training methodologies, dataset descriptions, provenance, scope, characteristics, acquisition methods, labelling procedures, and data cleaning methods
Human oversight assessment — Measures needed per Article 14 and technical measures for output interpretation
Pre-determined changes — If applicable, describe any planned changes to the system and how continuous compliance will be maintained
Validation and testing — Procedures used, data and main characteristics, metrics, discriminatory impact assessment, and signed test reports
Cybersecurity measures — Technical protections put in place

Section 3: Monitoring, Functioning & Control

Detail the system's operational characteristics:

Capabilities and limitations in performance
Degrees of accuracy for specific persons or groups the system is intended for, and overall expected accuracy
Foreseeable unintended outcomes and sources of risk to health, safety, fundamental rights, and discrimination
Human oversight measures per Article 14
Technical measures enabling deployers to interpret output
Input data specifications where appropriate

Section 4: Performance Metrics Appropriateness

Describe why the chosen performance metrics are appropriate for the specific AI system. This should explain the rationale for selecting certain metrics over alternatives and how they meaningfully capture the system's performance in its intended context.

Section 5: Risk Management System

Provide a detailed description of the risk management system established per Article 9. This is a continuous, iterative process that runs throughout the entire lifecycle and must include:

Identification and analysis of known and reasonably foreseeable risks
Estimation and evaluation of risks from intended use and reasonably foreseeable misuse
Evaluation of risks from analysis of data gathered through post-market monitoring
Adoption of appropriate risk management measures

Section 6: Lifecycle Changes

Document all relevant changes made to the system by the provider throughout its lifecycle. This creates a change history that auditors and authorities can review.

Section 7: Standards & Technical Specifications

List all harmonised standards applied, either in full or in part, with references to their publication in the Official Journal of the EU. Where no harmonised standards were applied:

Provide a detailed description of the solutions adopted to meet the requirements of Chapter III, Section 2
List any other relevant standards and technical specifications applied

Section 8: EU Declaration of Conformity

Include a copy of the EU Declaration of Conformity as drawn up per Article 47. This must be kept up to date and made available to competent authorities for 10 years after the system is placed on the market.

Section 9: Post-Market Performance Evaluation

Describe the system in place to evaluate the AI system's performance in the post-market phase, as required by Article 72. This must include:

A post-market monitoring plan that is proportionate to the nature of the AI system and the risks it presents
Procedures for collecting, analysing, and acting on data about the system's performance after deployment

Skip the blank page. LandingRed's documentation engine generates Annex IV-compliant drafts from your actual system data using AI. Every section is pre-structured and populated with context from your risk classification and system inventory.

LandingRed automates all of this

Stop managing compliance in spreadsheets. Classify, document, assess, and monitor your AI systems from one platform.