《欧盟人工智能法案——附录》（中、英对照）（13份附录）

2024-08-09 00:00:00

《欧盟人工智能法案——附录》（中、英对照）（13份附录）

ANNEX I

List of Union harmonisation legislation

附录一

欧盟统一立法清单

Section A. List of Union harmonisation legislation based on the New Legislative Framework

1. Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (OJ L 157, 9.6.2006, p. 24);

Directive 2009/48/EC of the European Parliament and of the Council of 18 June 2009 on the safety of toys (OJ L 170, 30.6.2009, p. 1);
Directive 2013/53/EU of the European Parliament and of the Council of 20 November 2013 on recreational craft and personal watercraft and repealing Directive 94/25/EC (OJ L 354, 28.12.2013, p. 90);
Directive 2014/33/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to lifts and safety components for lifts (OJ L 96, 29.3.2014, p. 251);

5. Directive 2014/34/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to equipment and protective systems intended for use in potentially explosive atmospheres (OJ L 96, 29.3.2014, p. 309);
Directive 2014/53/EU of the European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/EC (OJ L 153, 22.5.2014, p. 62);
Directive 2014/68/EU of the European Parliament and of the Council of 15 May 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of pressure equipment (OJ L 189, 27.6.2014, p. 164);

8. Regulation (EU) 2016/424 of the European Parliament and of the Council of 9 March 2016 on cableway installations and repealing Directive 2000/9/EC (OJ L 81, 31.3.2016, p. 1);

9. Regulation (EU) 2016/425 of the European Parliament and of the Council of 9 March 2016 on personal protective equipment and repealing Council Directive 89/686/EEC (OJ L 81, 31.3.2016, p. 51);

10. Regulation (EU) 2016/426 of the European Parliament and of the Council of 9 March 2016 on appliances burning gaseous fuels and repealing Directive 2009/142/EC (OJ L 81, 31.3.2016, p. 99);

11. Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC (OJ L 117, 5.5.2017, p. 1);

12. Regulation (EU) 2017/746 of the European Parliament and of the Council of 5 April 2017 on in vitro diagnostic medical devices and repealing Directive 98/79/EC and Commission Decision 2010/227/EU (OJ L 117, 5.5.2017, p. 176).

第A条基于新立法框架的欧盟统一立法清单

1、2006年5月17日，欧洲议会和欧盟理事会《关于机械以及修订第95/16/EC号指令的指令》（第2006/42/EC号）（OJ L 157，2006年6月9日，第24页）；

2、2009年6月18日，欧洲议会和欧盟理事会关于玩具安全的第2009/48/EC号指令（OJ L 170，2009年6月30日，第1页）；

3、2013年11月20日，欧洲议会和欧盟理事会关于娱乐船只和个人船只，并废除第94/25/EC号指令的第2013/53/EU号指令（OJ L 354，2013年12月28日，第90页）；

4、2014年2月26日，欧洲议会和欧盟理事会《关于统一成员国有关电梯和电梯安全部件的法律的指令》（第2014/33/EU号）（OJ L 96，2014年3月29日，第251页）；

5、2014年2月26日，欧洲议会和欧盟理事会《关于统一成员国有关用于潜在爆炸性环境的设备和防护系统的法律的指令》（第2014/34/EU号）（OJ L 96，2014年3月29日，第309页）；

6、2014年4月16日，欧洲议会和欧盟理事会《关于统一成员国有关在市场上提供无线电设备的法律并废除第1999/5/EC号指令的指令》（第2014/53/EU号）（OJ L 153，2014年5月22日，第62页）；

7、2014年5月15日，欧洲议会和欧盟理事会《关于统一成员国有关在市场上提供压力设备的法律的指令》（第2014/68/EU号）（OJ L 189，2014年6月27日，第164页）；

8、2016年3月9日，欧洲议会和欧盟理事会《关于索道安装及废除第2000/9/EC号指令的条例》（第2016/424号）（OJ L 81，2016年3月31日，第1页）；

9、2016年3月9日，欧洲议会和欧盟理事会《关于个人防护设备及废除第89/686/EEC号指令的条例》（第2016/425号）（OJ L 81，2016年3月31日，第51页）；

10、2016年3月9日，欧洲议会和欧盟理事会《关于燃烧气体燃料的电器及废除第2009/142/EC号指令的条例》（第2016/426号）（OJ L 81，2016年3月31日，第99页）；

11、2017年4月5日，欧洲议会和欧盟理事会《关于医疗器械，修订第2001/83/EC号指令、第178/2002号和第1223/2009号条例，并废除第90/385/EEC号和第93/42/EEC号指令的条例》（第2017/745号）（OJ L 117，2017年5月5日，第1页）；

12、2017年4月5日，欧洲议会和欧盟理事会《关于体外诊断医疗器械，及废除第98/79/EC号指令和欧盟理事会第2010/227/EU号决定的条例》（第2017/746号）（OJ L 117，2017年5月5日，第176页）。

Section B. List of other Union harmonisation legislation

13. Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 (OJ L 97, 9.4.2008, p. 72);

14. Regulation (EU) No 168/2013 of the European Parliament and of the Council of 15 January 2013 on the approval and market surveillance of two- or three-wheel vehicles and quadricycles (OJ L 60, 2.3.2013, p. 52);

15. Regulation (EU) No 167/2013 of the European Parliament and of the Council of 5 February 2013 on the approval and market surveillance of agricultural and forestry vehicles (OJ L 60, 2.3.2013, p. 1);

16. Directive 2014/90/EU of the European Parliament and of the Council of 23 July 2014 on marine equipment and repealing Council Directive 96/98/EC (OJ L 257, 28.8.2014, p. 146);

17. Directive (EU) 2016/797 of the European Parliament and of the Council of 11 May 2016 on the interoperability of the rail system within the European Union (OJ L 138, 26.5.2016, p. 44);

18. Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC (OJ L 151, 14.6.2018, p. 1);

19. Regulation (EU) 2019/2144 of the European Parliament and of the Council of 27 November 2019 on type-approval requirements for motor vehicles and their trailers, and systems, components and separate technical units intended for such vehicles, as regards their general safety and the protection of vehicle occupants and vulnerable road users, amending Regulation (EU) 2018/858 of the European Parliament and of the Council and repealing Regulations (EC) No 78/2009, (EC) No 79/2009 and (EC) No 661/2009 of the European Parliament and of the Council and Commission Regulations (EC) No 631/2009, (EU) No 406/2010, (EU) No 672/2010, (EU) No 1003/2010, (EU) No 1005/2010, (EU) No 1008/2010, (EU) No 1009/2010, (EU) No 19/2011, (EU) No 109/2011, (EU) No 458/2011, (EU) No 65/2012, (EU) No 130/2012, (EU) No 347/2012, (EU) No 351/2012, (EU) No 1230/2012 and (EU) 2015/166 (OJ L 325, 16.12.2019, p. 1);

20. Regulation (EU) 2018/1139 of the European Parliament and of the Council of 4 July 2018 on common rules in the field of civil aviation and establishing a European Union Aviation Safety Agency, and amending Regulations (EC) No 2111/2005, (EC) No 1008/2008, (EU) No 996/2010, (EU) No 376/2014 and Directives 2014/30/EU and 2014/53/EU of the European Parliament and of the Council, and repealing Regulations (EC) No 552/2004 and (EC) No 216/2008 of the European Parliament and of the Council and Council Regulation (EEC) No 3922/91 (OJ L 212, 22.8.2018, p. 1), in so far as the design, production and placing on the market of aircrafts referred to in Article 2(1), points (a) and (b) thereof, where it concerns unmanned aircraft and their engines, propellers, parts and equipment to control them remotely, are concerned.

第B条其他欧盟统一立法清单

13、2008年3月11日，欧洲议会和欧盟理事会《关于民用航空安全领域共同规则并废除第2320/2002号条例的条例》（第300/2008号）（OJ L 97，2008年4月9日，第72页）；

14、2013年1月15日，欧洲议会和欧盟理事会《关于两轮或三轮车辆和四轮车的批准和市场监督的条例》（第168/2013号）（OJ L 60，2013年3月2日，第52页）；

15、2013年2月5日，欧洲议会和欧盟理事会《关于农业和林业车辆的批准和市场监督的条例》（第167/2013号）（OJ L 60，2013年3月2日，第1页）；

16、2014年7月23日，欧洲议会和欧盟理事会《关于海洋设备，及废除理事会第96/98/EC号指令的指令》（第2014/90/EU号指令）（OJ L 257，2014年8月28日，第146页）；

17、2016年5月11日，欧洲议会和欧盟理事会《关于欧盟内部铁路系统互操作性的指令》（第2016/797号）（OJ L 138，2016年5月26日，第44页）；

18、2018年5月30日，欧洲议会和欧盟理事会《关于机动车辆及其拖车以及用于此类车辆的系统、部件和独立技术单元的批准和市场监督，以及修订第715/2007号和第595/2009号条例，并废除第2007/46/EC号指令的条例》（第2018/858号）（OJ L 151，2018年6月14日，第1页）；

19、2019年11月27日，欧洲议会和欧盟理事会《关于机动车辆及其拖车以及用于此类车辆的系统、部件和独立技术单元的类型批准要求，有关其一般安全和对乘车人员及使用道路的弱势群体的保护，并修订第2018/858号条例，并废除第78/2009号、第79/2009号和第661/2009号条例，以及欧盟委员会第631/2009号、第406/2010号、第672/2010号、第1003/2010号、第1005/2010号、第1008/2010号、第1009/2010号和第19/2011号、第109/2011号、第458/2011号和第65/2012号、第130/2012号、第347/2012号和第351/2012号、第1230/2012号和第2015/166号条例的条例》（第2019/2144号）（OJL 325,2019年12月16日，第1页）；

20、2018年7月4日，欧洲议会和欧盟理事会《关于民用航空领域共同规则和建立欧盟航空安全局，以及修订第2111/2005号、第1008/2008号、第996/2010号、第376/2014号条例和第2014/30/EU号和第2014/53/EU号指令，并废除第552/2004号、第216/2008号、第3922/91号条例的条例》（第2018/1139号）（OJ L 212，2018年8月22日，第1页），就第2条第（1）款（a）项和（b）项所述飞机的设计、生产和投放市场而言，涉及无人驾驶飞机及其发动机、螺旋桨、远程控制零件和设备。

ANNEX II

List of criminal offences referred to in Article 5(1), first subparagraph, point (h)(iii)

附录二

第五条第1款第（h）项第（iii）段所述刑事犯罪类型清单

Criminal offences referred to in Article 5(1), first subparagraph, point (h)(iii):

— terrorism,

— trafficking in human beings,

— sexual exploitation of children, and child pornography,

— illicit trafficking in narcotic drugs or psychotropic substances,

— illicit trafficking in weapons, munitions or explosives,

— murder, grievous bodily injury,

— illicit trade in human organs or tissue,

— illicit trafficking in nuclear or radioactive materials,

— kidnapping, illegal restraint or hostage-taking,

— crimes within the jurisdiction of the International Criminal Court,

— unlawful seizure of aircraft or ships,

— rape,

— environmental crime,

— organised or armed robbery,

— sabotage,

— participation in a criminal organisation involved in one or more of the offences listed above.

本法第五条第1款第（h）项第（iii）段项下刑事犯罪的类型包括：

——恐怖主义犯罪，

——贩卖人口，

——对儿童的性剥削和儿童色情制品，

——非法贩运麻醉药品或精神类药物，

——非法贩运武器、弹药或爆炸物，

——谋杀、严重身体伤害，

——人体器官或组织的非法交易，

——非法贩运核材料或放射性材料，

——绑架、非法拘禁或劫持人质，

——国际刑事法院管辖范围内的犯罪行为，

——非法扣押飞机或船舶，

——强奸，

——环境破坏犯罪，

——有组织或武装抢劫，

——蓄意破坏财物，

——参与涉及上述一种或多种犯罪的犯罪组织。

ANNEX III

High-risk AI systems referred to in Article 6(2)

附录三

第六条第2款项下的高风险人工智能系统

High-risk AI systems pursuant to Article 6(2) are the AI systems listed in any of the following areas:

1. Biometrics, in so far as their use is permitted under relevant Union or national law:

（a）remote biometric identification systems.

This shall not include AI systems intended to be used for biometric verification the sole purpose of which is to confirm that a specific natural person is the person he or she claims to be;

（b）AI systems intended to be used for biometric categorisation, according to sensitive or protected attributes or characteristics based on the inference of those attributes or characteristics;

（c）AI systems intended to be used for emotion recognition.

2. Critical infrastructure: AI systems intended to be used as safety components in the management and operation of critical digital infrastructure, road traffic, or in the supply of water, gas, heating or electricity.

3. Education and vocational training:

(a)AI systems intended to be used to determine access or admission or to assign natural persons to educational and vocational training institutions at all levels;

(b)AI systems intended to be used to evaluate learning outcomes, including when those outcomes are used to steer the learning process of natural persons in educational and vocational training institutions at all levels;

(c)AI systems intended to be used for the purpose of assessing the appropriate level of education that an individual will receive or will be able to access, in the context of or within educational and vocational training institutions at all levels;

(d)AI systems intended to be used for monitoring and detecting prohibited behaviour of students during tests in the context of or within educational and vocational training institutions at all levels.

4. Employment, workers’ management and access to self-employment:

(a)AI systems intended to be used for the recruitment or selection of natural persons, in particular to place targeted job advertisements, to analyse and filter job applications, and to evaluate candidates;

(b)AI systems intended to be used to make decisions affecting terms of work-related relationships, the promotion or termination of work-related contractual relationships, to allocate tasks based on individual behaviour or personal traits or characteristics or to monitor and evaluate the performance and behaviour of persons in such relationships.

5. Access to and enjoyment of essential private services and essential public services and benefits:

(a)AI systems intended to be used by public authorities or on behalf of public authorities to evaluate the eligibility of natural persons for essential public assistance benefits and services, including healthcare services, as well as to grant, reduce, revoke, or reclaim such benefits and services;

(b)AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score, with the exception of AI systems used for the purpose of detecting financial fraud;

(c)AI systems intended to be used for risk assessment and pricing in relation to natural persons in the case of life and health insurance;

(d) AI systems intended to evaluate and classify emergency calls by natural persons or to be used to dispatch, or to establish priority in the dispatching of, emergency first response services, including by police, firefighters and medical aid, as well as of emergency healthcare patient triage systems.

6. Law enforcement, in so far as their use is permitted under relevant Union or national law:

(a)AI systems intended to be used by or on behalf of law enforcement authorities, or by Union institutions, bodies, offices or agencies in support of law enforcement authorities or on their behalf to assess the risk of a natural person becoming the victim of criminal offences;

(b)AI systems intended to be used by or on behalf of law enforcement authorities or by Union institutions, bodies, offices or agencies in support of law enforcement authorities as polygraphs or similar tools;

(c)AI systems intended to be used by or on behalf of law enforcement authorities, or by Union institutions, bodies, offices or agencies, in support of law enforcement authorities to evaluate the reliability of evidence in the course of the investigation or prosecution of criminal offences;

(d)AI systems intended to be used by law enforcement authorities or on their behalf or by Union institutions, bodies, offices or agencies in support of law enforcement authorities for assessing the risk of a natural person offending or re-offending not solely on the basis of the profiling of natural persons as referred to in Article 3(4) of Directive (EU) 2016/680, or to assess personality traits and characteristics or past criminal behaviour of natural persons or groups;

(e)AI systems intended to be used by or on behalf of law enforcement authorities or by Union institutions, bodies, offices or agencies in support of law enforcement authorities for the profiling of natural persons as referred to in Article 3(4) of Directive (EU) 2016/680 in the course of the detection, investigation or prosecution of criminal offences.

7. Migration, asylum and border control management, in so far as their use is permitted under relevant Union or national law:

(a)AI systems intended to be used by or on behalf of competent public authorities or by Union institutions, bodies, offices or agencies as polygraphs or similar tools;

(b)AI systems intended to be used by or on behalf of competent public authorities or by Union institutions, bodies, offices or agencies to assess a risk, including a security risk, a risk of irregular migration, or a health risk, posed by a natural person who intends to enter or who has entered into the territory of a Member State;

(c)AI systems intended to be used by or on behalf of competent public authorities or by Union institutions, bodies, offices or agencies to assist competent public authorities for the examination of applications for asylum, visa or residence permits and for associated complaints with regard to the eligibility of the natural persons applying for a status, including related assessments of the reliability of evidence;

(d)AI systems intended to be used by or on behalf of competent public authorities, or by Union institutions, bodies, offices or agencies, in the context of migration, asylum or border control management, for the purpose of detecting, recognising or identifying natural persons, with the exception of the verification of travel documents.

8. Administration of justice and democratic processes:

(a) AI systems intended to be used by a judicial authority or on their behalf to assist a judicial authority in researching and interpreting facts and the law and in applying the law to a concrete set of facts, or to be used in a similar way in alternative dispute resolution;

(b) AI systems intended to be used for influencing the outcome of an election or referendum or the voting behaviour of natural persons in the exercise of their vote in elections or referenda. This does not include AI systems to the output of which natural persons are not directly exposed, such as tools used to organise, optimise or structure political campaigns from an administrative or logistical point of view.

本法第六条第2款项下的高风险人工智能系统是指被列入下列任一领域的人工智能系统：

1、生物测定技术，须相关欧盟或成员国法律允许使用：

（a）远程生物识别系统。

不包括用于生物特征验证、唯一目的是确认特定自然人就是其所声称主体的人工智能系统；

（b）根据对敏感或受保护的属性或特征的推断进行生物特征分类的人工智能系统；

（c）用于情感识别的人工智能系统。

2、关键基础设施：用作关键数字基础设施、道路交通或供水、供气、供暖或供电的管理和运营中的安全组件的人工智能系统。

3、教育和职业培训：

（a）用于确定各级教育和职业培训机构的准入或录取，或将自然人分配到该等机构的人工智能系统；

（b）用于评估学习成果的人工智能系统，包括将该等成果用于指导各级教育和职业培训机构中自然人的学习过程；

（c）用于评估一个人在各级教育和职业培训机构环境下或机构内部可以接受或能够获得的适当教育水平的人工智能系统；

（d）用于在各级教育和职业培训机构环境下或机构内部监测和检测学生在考试期间的违禁行为的人工智能系统。

4、就业、员工管理和自营职业机会：

（a）用于招聘或选拔自然人的人工智能系统，特别是发布有针对性的招聘广告、分析和过滤求职申请以及评估候选人；

（b）用于做出影响工作相关关系条款的决策，促进或终止工作相关合同关系，根据个人的行为或个性特征或特点分配任务，或监测和评估此类关系中人员的表现和行为的人工智能系统。

5、获取和享受基本私人服务和基本公共服务及福利：

（a）由公权力机关或其代表用于评估自然人获得基本公共援助福利和服务（包括医疗服务）的资格，以及提供、减少、撤销或收回此类福利和服务的人工智能系统；

（b）用于评估自然人的信誉或确定其信用评分的人工智能系统，但用于检测金融欺诈的人工智能除外；

（c）用于人寿和健康保险中与自然人的风险评估和定价的人工智能系统；

（d）用于对自然人的紧急呼叫进行评估和分类，或用于调度或在紧急第一反应服务（包括警察、消防员和医疗援助）和紧急医疗患者分流系统的调度中确定优先级的人工智能系统。

6、执法，须相关欧盟或成员国法律允许使用：

（a）执法机关或其代表（或欧盟各机构为支持执法机关或其代表的执法活动而使用的），用于评估自然人成为刑事犯罪受害者的风险的人工智能系统；

（b）由执法机关或其代表（或欧盟各机构为支持执法机关或其代表的执法活动）作为测谎仪或类似工具使用的人工智能系统；

（c）执法机关或其代表（或欧盟各机构为支持执法机关或其代表的执法活动）用于支持执法机关在调查或公诉的过程中评估证据的可靠性的人工智能系统；

（d）执法机关或其代表（或欧盟各机构为支持执法机关或其代表的执法活动）用于支持执法机关评估自然人犯罪或再次犯罪的风险的人工智能系统，不只是基于第2016/680号指令第3条第（4）款所述的自然人特征或评估自然人或群体的人格特征或过去的犯罪行为；

（e）执法机关或其代表（或欧盟各机构为支持执法机关或其代表的执法活动）用于支持执法机关在侦查、调查或公诉过程中对第2016/680号指令第3（4）条所述的自然人进行特征分析的人工智能系统。

7、移民、庇护和边境管制管理，须相关欧盟或成员国法律允许使用：

（a）主管公权力机关或其代表或由联盟各机构用作测谎仪或类似工具的人工智能系统；

（b）主管公权力机关或其代表或欧盟各机构用于评估拟进入或已经进入成员国领土的自然人构成的风险（包括安全风险、非正常移民风险或健康风险）的人工智能系统；

（c）主管公权力机关或其代表或由欧盟各机构用于协助主管机关审查庇护、签证或居留许可申请，以及关于申请身份的自然人资格的相关投诉（包括对证据可靠性的相关评估）的人工智能系统；

（d）主管公权力机关或其代表或欧盟各机构在移民、庇护或边境管制管理方面用于检测、识别或确认自然人（旅行证件核查除外）的人工智能系统。

8、司法和民主程序：

（a）司法机关或其代表用于协助司法机关研究和解释事实和法律，并将法律应用于具体事实或以类似方式用于替代性争议解决的人工智能系统；

（b）用于影响选举或公民投票结果或自然人在选举或全民公投中的投票行为的人工智能系统。不包括从行政或后勤角度组织、优化或构建政治活动的工具等自然人不直接接触的人工智能系统。

ANNEX IV

Technical documentation referred to in Article 11(1)

附录四

第十一条第1款项下的技术文档

The technical documentation referred to in Article 11(1) shall contain at least the following information, as applicable to the relevant AI system:

1. A general description of the AI system including:

(a) its intended purpose, the name of the provider and the version of the system reflecting its relation to previous versions;

(b) how the AI system interacts with, or can be used to interact with, hardware or software, including with other AI systems, that are not part of the AI system itself, where applicable;

(d) the description of all the forms in which the AI system is placed on the market or put into service, such as software packages embedded into hardware, downloads, or APIs;

(e)the description of the hardware on which the AI system is intended to run;

(f) where the AI system is a component of products, photographs or illustrations showing external features, the marking and internal layout of those products;

(g)a basic description of the user-interface provided to the deployer;

(h)instructions for use for the deployer, and a basic description of the user-interface provided to the deployer, where applicable;

2. A detailed description of the elements of the AI system and of the process for its development, including:

(a)the methods and steps performed for the development of the AI system, including, where relevant, recourse to pre-trained systems or tools provided by third parties and how those were used, integrated or modified by the provider;

(b)the design specifications of the system, namely the general logic of the AI system and of the algorithms; the key design choices including the rationale and assumptions made, including with regard to persons or groups of persons in respect of who, the system is intended to be used; the main classification choices; what the system is designed to optimise for, and the relevance of the different parameters; the description of the expected output and output quality of the system; the decisions about any possible trade-off made regarding the technical solutions adopted to comply with the requirements set out in Chapter III, Section 2;

(c)the description of the system architecture explaining how software components build on or feed into each other and integrate into the overall processing; the computational resources used to develop, train, test and validate the AI system;

(d)where relevant, the data requirements in terms of datasheets describing the training methodologies and techniques and the training data sets used, including a general description of these data sets, information about their provenance, scope and main characteristics; how the data was obtained and selected; labelling procedures (e.g. for supervised learning), data cleaning methodologies (e.g. outliers detection);

(e)assessment of the human oversight measures needed in accordance with Article 14, including an assessment of the technical measures needed to facilitate the interpretation of the outputs of AI systems by the deployers, in accordance with Article 13(3), point (d);

(f)where applicable, a detailed description of pre-determined changes to the AI system and its performance, together with all the relevant information related to the technical solutions adopted to ensure continuous compliance of the AI system with the relevant requirements set out in Chapter III, Section 2;

(g)the validation and testing procedures used, including information about the validation and testing data used and their main characteristics; metrics used to measure accuracy, robustness and compliance with other relevant requirements set out in Chapter III, Section 2, as well as potentially discriminatory impacts; test logs and all test reports dated and signed by the responsible persons, including with regard to pre-determined changes as referred to under point (f);

(h) cybersecurity measures put in place;

3. Detailed information about the monitoring, functioning and control of the AI system, in particular with regard to: its capabilities and limitations in performance, including the degrees of accuracy for specific persons or groups of persons on which the system is intended to be used and the overall expected level of accuracy in relation to its intended purpose; the foreseeable unintended outcomes and sources of risks to health and safety, fundamental rights and discrimination in view of the intended purpose of the AI system; the human oversight measures needed in accordance with Article 14, including the technical measures put in place to facilitate the interpretation of the outputs of AI systems by the deployers; specifications on input data, as appropriate;

4.A description of the appropriateness of the performance metrics for the specific AI system;

5.A detailed description of the risk management system in accordance with Article 9;

6.A description of relevant changes made by the provider to the system through its lifecycle;

7.A list of the harmonised standards applied in full or in part the references of which have been published in the Official Journal of the Euro pean Union; where no such harmonised standards have been applied, a detailed description of the solutions adopted to meet the requirements set out in Chapter III, Section 2, including a list of other relevant standards and technical specifications applied;

8.A copy of the EU declaration of conformity referred to in Article 47;

9.A detailed description of the system in place to evaluate the AI system performance in the post-market phase in accordance with Article 72, including the post-market monitoring plan referred to in Article 72(3).

第十一条第1款项下的技术文档应当至少包括以下适用于相关人工智能系统的信息：

1、人工智能系统的一般描述，包括：

（a）其预期目的、提供者名称和反映其与先前版本关系的系统版本；

（b）人工智能系统如何与硬件或软件交互，包括与不属于人工智能系统本身的其他人工智能系统的交互（如适用）；

（c）相关软件或硬件的版本以及与版本更新相关的任何要求；

（d）人工智能系统投放到市场或投入使用的全部形式的描述，例如嵌入硬件的软件包、下载或API；

（e）人工智能系统预期运行所需的硬件描述；

（f）如果人工智能系统是产品的组成部分，显示该等产品的外部特征、标记和内部布局的照片或插图；

（g）提供给部署者的用户界面的基本描述；

（h）部署者的使用说明，以及提供给部署者的用户界面的基本描述（如适用）；

2、详细说明人工智能系统的要素及其开发过程，包括以下内容：

（a）为开发人工智能系统而采取的方法和步骤，包括在相关情况下使用第三方提供的预训练系统或工具，以及提供者如何使用、集成或修改该等系统或工具；

（b）系统的设计规范，即人工智能系统和算法的一般逻辑；所做的基本原理和假设等关键设计选择，包括与系统拟使用的人或群体有关的基本原理或假设；主要的分类选择；系统被设计用于优化的对象以及不同参数的相关性；系统预期输出和输出质量的描述；关于为符合本法第三章第二节规定的要求而采取的技术解决方案的任何可能的权衡决定；

（c）系统架构的描述，解释软件组件如何相互构建或相互注入并集成到整体处理程序中；用于开发、训练、测试和验证人工智能系统的计算资源；

（d）在相关情况下描述训练方法和技术，以及所使用训练数据集的数据表中的数据要求，包括数据集的一般描述、其来源、范围和主要特征相关信息；数据是如何获得和选择的；标签程序（例如用于监督学习）、数据清理方法（例如异常值检测）；

（e）根据本法第十四条规定开展评估所需的人工监督措施，包括根据第十三条第3款（d）项评估推动部署者解释人工智能系统输出所需的技术措施；

（f）详细描述人工智能系统及其性能的预期变化，以及与所采用的技术解决方案相关的所有相关信息，确保人工智能系统持续符合第三章第二节规定的相关要求（如适用）；

（g）所使用的验证和测试程序，包括所使用验证和测试数据及其主要特征信息；用于衡量准确性、稳健性和符合第三章第二节规定的其他相关要求的指标，以及潜在的歧视性影响；测试日志和所有由负责人注明日期并签字的测试报告，包括本条（f）项所述的预期变化；

（h）到位的网络安全措施；

3、关于人工智能系统的监测、运行和控制的详细信息，特别是关于其性能的表现和局限性（包括系统拟用于的特定个人或群体的准确程度，以及与其预期目的相关的总体预期准确程度）；鉴于人工智能系统的预期目的，可预见的意外后果以及健康与安全、基本权利和歧视的风险来源；根据第十四条规定所需的人工监督措施，包括为推动部署者对人工智能系统输出的解释而采取的技术措施；输入数据规范（视具体情况）；

4、描述特定人工智能系统的性能指标的适当性；

5、根据第九条规定对风险管理系统的详细说明；

6、描述提供者在系统生命周期中对系统所做的相关修改；

7、已在《欧洲联盟公报》上公布的全部或部分可适用的统一标准清单；如果没有适用此类统一标准，应当详细说明为满足本法第三章第二节规定的要求而采用的解决方案，包括应用的其他相关标准和技术规范清单；

8、第四十七条规定的欧盟符合性声明副本；

9、为根据第七十二条规定评估人工智能系统上市后阶段的性能而对系统进行的详细说明，包括第七十二条第3款规定的上市后监测计划。

ANNEX V

EU declaration of conformity

附录五

欧盟符合性声明

The EU declaration of conformity referred to in Article 47, shall contain all of the following information:

1.AI system name and type and any additional unambiguous reference allowing the identification and traceability of the AI system;

2.The name and address of the provider or, where applicable, of their authorised representative;

3.A statement that the EU declaration of conformity referred to in Article 47 is issued under the sole responsibility of the provider;

4.A statement that the AI system is in conformity with this Regulation and, if applicable, with any other relevant Union law that provides for the issuing of the EU declaration of conformity referred to in Article 47;

5.Where an AI system involves the processing of personal data, a statement that that AI system complies with Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680;

6.References to any relevant harmonised standards used or any other common specification in relation to which conformity is declared;

7.Where applicable, the name and identification number of the notified body, a description of the conformity assessment procedure performed, and identification of the certificate issued;

8. The place and date of issue of the declaration, the name and function of the person who signed it, as well as an indication for, or on behalf of whom, that person signed, a signature.

第四十七条规定的欧盟符合性声明应当包含以下所有信息：

1、人工智能系统的名称和类型，以及支持识别和追溯到该人工智能系统的任何其他明确标记；

2、提供者或其授权代表（如适用）的名称和地址；

3、声明第四十七条所规定的欧盟符合性声明是由提供者全权负责发布；

4、说明人工智能系统符合本法规定，且符合所有其他要求发布第四十七条项下欧盟符合性声明的相关欧盟法律（如适用）的一份声明；

5、如果人工智能系统涉及个人数据处理，应当声明该人工智能系统符合第2016/679号和第2018/1725号条例以及第16/680号指令；

6、援引所使用的所有相关统一标准或与符合性声明有关的其他通用规范；

7、评定机构的名称和识别号、所执行的符合性评定程序的说明以及所获得的证书的标识（如适用）；

8、声明的签发地点和日期、签署声明的人的姓名和职务，以及书名人或其代表的签署说明。

ANNEX VI

Conformity assessment procedure based on internal control

附录六

内部控制为基础的符合性评定程序

1.The conformity assessment procedure based on internal control is the conformity assessment procedure based on points 2, 3 and 4.

2.The provider verifies that the established quality management system is in compliance with the requirements of Article 17.

3.The provider examines the information contained in the technical documentation in order to assess the compliance of the AI system with the relevant essential requirements set out in Chapter III, Section 2.

4.The provider also verifies that the design and development process of the AI system and its post-market monitoring as referred to in Article 72 is consistent with the technical documentation.

1、以内部控制为基础的符合性评定程序是根据本附录第2条、第3条和第4条规定完成的符合性评定流程。

2、提供者验证所建立的质量管理体系符合本法第十七条的要求。

3、提供者检查技术文档中包含的信息，以评定人工智能系统是否符合本法第三章第二节规定的相关基本要求。

4、提供者验证第七十二条所规定的人工智能系统设计和开发过程及其上市后监测是否与技术文档一致。

ANNEX VII

Conformity based on an assessment of the quality management system and an assessment of the technical documentation

附录七

以质量管理体系评估和技术文档评估为基础的符合性

1. Introduction

Conformity based on an assessment of the quality management system and an assessment of the technical documentation is the conformity assessment procedure based on points 2 to 5.

第1条简介

以质量管理体系评估和技术文档评估为基础的符合性评定是指以本附录第2条至第5条为基础的符合性评定程序。

2. Overview

The approved quality management system for the design, development and testing of AI systems pursuant to Article 17 shall be examined in accordance with point 3 and shall be subject to surveillance as specified in point 5. The technical documentation of the AI system shall be examined in accordance with point 4.

第2条概述

根据本法第十七条规定批准的人工智能系统设计、开发和测试的质量管理体系应当按照本附录第3条规定进行检查，并按照本附录第5条规定进行监督。且应当按照本附录第4条规定检查人工智能系统的技术文档。

3. Quality management system

3.1. The application of the provider shall include:

(a)the name and address of the provider and, if the application is lodged by an authorised representative, also their name and address;

(b)the list of AI systems covered under the same quality management system;

(c)the technical documentation for each AI system covered under the same quality management system;

(d)the documentation concerning the quality management system which shall cover all the aspects listed under Article 17;

(e)a description of the procedures in place to ensure that the quality management system remains adequate and effective;

(f)a written declaration that the same application has not been lodged with any other notified body.

3.2. The quality management system shall be assessed by the notified body, which shall determine whether it satisfies the requirements referred to in Article 17.

The decision shall be notified to the provider or its authorised representative.

The notification shall contain the conclusions of the assessment of the quality management system and the reasoned assessment decision.

3.3. The quality management system as approved shall continue to be implemented and maintained by the provider so that it remains adequate and efficient.

3.4. Any intended change to the approved quality management system or the list of AI systems covered by the latter shall be brought to the attention of the notified body by the provider.

The proposed changes shall be examined by the notified body, which shall decide whether the modified quality management system continues to satisfy the requirements referred to in point 3.2 or whether a reassessment is necessary.

The notified body shall notify the provider of its decision. The notification shall contain the conclusions of the examination of the changes and the reasoned assessment decision.

第3条质量管理体系

3.1 提供者的申请应当包含以下内容：

（a）提供者的名称和地址，如果由授权代表提出申请，还应当提供授权代表的名称和地址；

（b）同一质量管理体系所涵盖的人工智能系统清单；

（c）同一质量管理体系所涵盖的每套人工智能系统的技术文档；

（d）关于质量管理体系的文件，应当涵盖本法第十七条规定的所有方面；

（e）说明确保质量管理体系保持充分且有效的程序；

（f）未向任何其他评定机构提交相同申请的书面声明。

3.2 质量管理体系应当由评定机构进行评估，评定机构决定其是否满足本法第十七条所规定的要求。

该决定应当通知提供者或其授权代表。

通知应当包含质量管理体系的评估结论和合理的评估决定。

3.3 提供者应当继续实施和维护经批准的质量管理体系，使其保持充分且高效。

3.4 提供者应当提请评定机构注意经批准的质量管理体系或其涵盖的人工智能系统清单的任何可预见的变化。

拟发生的变更须经评定机构审查，由评定机构决定变更后的质量管理体系是否继续满足本附录第3.2款的要求，或者是否需要重新评估。

评定机构应当将决定通知提供者。通知应当包含对变更的审查结论和合理的评估决定。

4. Control of the technical documentation.

4.1. In addition to the application referred to in point 3, an application with a notified body of their choice shall be lodged by the provider for the assessment of the technical documentation relating to the AI system which the provider intends to place on the market or put into service and which is covered by the quality management system referred to under point 3.

4.2. The application shall include:

(a)the name and address of the provider;

(b)a written declaration that the same application has not been lodged with any other notified body;

(c)the technical documentation referred to in Annex IV.

4.3. The technical documentation shall be examined by the notified body. Where relevant, and limited to what is necessary to fulfil its tasks, the notified body shall be granted full access to the training, validation, and testing data sets used, including, where appropriate and subject to security safeguards, through API or other relevant technical means and tools enabling remote access.

4.4. In examining the technical documentation, the notified body may require that the provider supply further evidence or carry out further tests so as to enable a proper assessment of the conformity of the AI system with the requirements set out in Chapter III, Section 2. Where the notified body is not satisfied with the tests carried out by the provider, the notified body shall itself directly carry out adequate tests, as appropriate.

4.5. Where necessary to assess the conformity of the high-risk AI system with the requirements set out in Chapter III, Section 2, after all other reasonable means to verify conformity have been exhausted and have proven to be insufficient, and upon a reasoned request, the notified body shall also be granted access to the training and trained models of the AI system, including its relevant parameters. Such access shall be subject to existing Union law on the protection of intellectual property and trade secrets.

4.6. The decision of the notified body shall be notified to the provider or its authorised representative. The notification shall contain the conclusions of the assessment of the technical documentation and the reasoned assessment decision.

Where the AI system is in conformity with the requirements set out in Chapter III, Section 2, the notified body shall issue a Union technical documentation assessment certificate. The certificate shall indicate the name and address of the provider, the conclusions of the examination, the conditions (if any) for its validity and the data necessary for the identification of the AI system.

The certificate and its annexes shall contain all relevant information to allow the conformity of the AI system to be evaluated, and to allow for control of the AI system while in use, where applicable.

Where the AI system is not in conformity with the requirements set out in Chapter III, Section 2, the notified body shall refuse to issue a Union technical documentation assessment certificate and shall inform the applicant accordingly, giving detailed reasons for its refusal.

Where the AI system does not meet the requirement relating to the data used to train it, re-training of the AI system will be needed prior to the application for a new conformity assessment. In this case, the reasoned assessment decision of the notified body refusing to issue the Union technical documentation assessment certificate shall contain specific considerations on the quality data used to train the AI system, in particular on the reasons for non-compliance.

4.7. Any change to the AI system that could affect the compliance of the AI system with the requirements or its intended purpose shall be assessed by the notified body which issued the Union technical documentation assessment certificate. The provider shall inform such notified body of its intention to introduce any of the abovementioned changes, or if it otherwise becomes aware of the occurrence of such changes. The intended changes shall be assessed by the notified body, which shall decide whether those changes require a new conformity assessment in accordance with Article 43(4) or whether they could be addressed by means of a supplement to the Union technical documentation assessment certificate. In the latter case, the notified body shall assess the changes, notify the provider of its decision and, where the changes are approved, issue to the provider a supplement to the Union technical documentation assessment certificate.

第4条技术文档的控制

4.1 除本附录第3条所述申请外，提供者还应当向其选择的评定机构申请，评估提供者计划投放到市场或投入使用的人工智能系统相关的技术文档，该等系统受本附录第3条项下质量管理体系保护。

4.2 技术文档评估申请应当包含以下内容：

（a）提供者的名称和地址；

（b）未向任何其他评定机构提交相同申请的书面声明；

（c）附录四中提到的技术文档。

4.3 技术文档应当经过评定机构审查。评定机构应当有权访问与其评估工作相关、其完成评估任务所需的相应人工智能系统所使用的训练、验证和测试数据集，包括在适当且受安全保障的情况下通过API或其他相关技术手段和工具实现远程访问。

4.4 在审查技术文档时，评定机构可以要求提供者进一步提供证据或进行进一步测试，以便能够正确评估人工智能系统是否符合本法第三章第二节规定的要求。如果评定机构对提供者进行的测试不满意，应当视情况直接自行进行充分的测试。

4.5 在确有必要评估高风险人工智能系统是否符合本法第三章第二节规定的要求时，在所有其他合理的合规性验证手段都已用尽且仍被证明不足后，评定机构根据合理的要求，还应当有权访问人工智能系统的训练和训练模型（包括其相关参数）。评定机构的此类访问应当遵守现行的欧盟知识产权和商业秘密保护法。

4.6 评定机构的决定应当通知提供者或其授权代表。通知应当包含技术文档的评估结论和合理的评估决定。

如果人工智能系统符合本法第三章第二节规定的要求，评定机构应当颁发欧盟技术文档评估合格证书。证书应当注明提供者的名称和地址、审查结论、有效条件（如有）以及识别人工智能系统所需的数据。

证书及其附页应当包含所有相关信息，以便评估人工智能系统的合规性，并支持在使用时控制人工智能系统（如适用）。

如果人工智能系统不符合本法第三章第二节规定的要求，评定机构应当拒绝颁发欧盟技术文档评估证书，并相应通知申请人，说明拒绝的具体原因。

如果人工智能系统不符合其训练所使用的数据的要求，在重新申请符合性评定之前，需要对人工智能系统进行重新训练。在此种情况下，评定机构拒绝颁发欧盟技术文档评估证书的合理评估决定应当包含对人工智能系统训练所使用质量数据的具体考虑，特别是对不合规原因的考虑。

4.7 任何可能影响人工智能系统符合性要求或其预期目的的人工智能系统的变更，均应当由签发欧盟技术文档评估证书的评定机构进行评估。提供者应当通知该评定机构其作出上述变更的意图，或者提供者以其他方式认识到上述变更已经发生。可预见的变更应当经过评定机构进行评估，评定机构应当决定该等变更是否需要根据本法第四十三条第4款规定重新进行符合性评定，或者是否可以通过补充欧盟技术文档评估证书的方式解决。如果是后一种情况下，评定机构应当对变更进行评估，将其决定通知提供者，并在变更获得批准的情况下，向提供者签发欧盟技术文档评估证书的附页。

5. Surveillance of the approved quality management system.

5.1. The purpose of the surveillance carried out by the notified body referred to in Point 3 is to make sure that the provider duly complies with the terms and conditions of the approved quality management system.

5.2. For assessment purposes, the provider shall allow the notified body to access the premises where the design, development, testing of the AI systems is taking place. The provider shall further share with the notified body all necessary information.

5.3. The notified body shall carry out periodic audits to make sure that the provider maintains and applies the quality management system and shall provide the provider with an audit report. In the context of those audits, the notified body may carry out additional tests of the AI systems for which a Union technical documentation assessment certificate was issued.

第5条经批准的质量管理体系的监控

5.1 本附录第3条项下评定机构（对质量管理体系）进行监督的目的是确保提供者适当地遵守经批准的质量管理体系的条款和条件。

5.2 出于评估目的，提供者应当允许评定机构进入人工智能系统的设计、开发、测试场所。提供者应当进一步与评定机构分享所有必要的信息。

5.3 评定机构应当定期进行审核，确保提供者维护和适用质量管理体系，并向提供者提供审核报告。在该等审核背景下，评定机构可以对获得欧盟技术文档评估合格证书的人工智能系统进行附加测试。

ANNEX VIII

Information to be submitted upon the registration of high-risk AI systems in accordance with Article 49

附录八

根据第四十九条规定登记高风险人工智能系统时应当提交的信息

Section A — Information to be submitted by providers of high-risk AI systems in accordance with Article 49(1)

The following information shall be provided and thereafter kept up to date with regard to high-risk AI systems to be registered in accordance with Article 49(1):

1.The name, address and contact details of the provider;

2.Where submission of information is carried out by another person on behalf of the provider, the name, address and contact details of that person;

3.The name, address and contact details of the authorised representative, where applicable;

4.The AI system trade name and any additional unambiguous reference allowing the identification and traceability of the AI system;

5.A description of the intended purpose of the AI system and of the components and functions supported through this AI system;

6.A basic and concise description of the information used by the system (data, inputs) and its operating logic;

7.The status of the AI system (on the market, or in service; no longer placed on the market/in service, recalled);

8.The type, number and expiry date of the certificate issued by the notified body and the name or identification number of that notified body, where applicable;

9.A scanned copy of the certificate referred to in point 8, where applicable;

10.Any Member States in which the AI system has been placed on the market, put into service or made available in the Union;

11.A copy of the EU declaration of conformity referred to in Article 47;

12.Electronic instructions for use; this information shall not be provided for high-risk AI systems in the areas of law enforcement or migration, asylum and border control management referred to in Annex III, points 1, 6 and 7;

13.A URL for additional information (optional).

第A节——高风险人工智能系统提供者根据本法第四十九条第1款提交的信息

提供者应当提供并在此后持续更新按第四十九条第1款规定登记的高风险人工智能系统的以下信息：

1、提供者的名称、地址和联系方式；

2、如果信息是由他人代表提供者提交，应当提供该代表的姓名、地址和联系方式；

3、授权代表的姓名、地址和联系方式（如适用）；

4、人工智能系统的商品名和任何其他可用于识别和追溯人工智能系统的明确参考信息；

5、人工智能系统的预期目的以及通过该人工智能系统支持的组件和功能的描述；

6、系统所使用的信息（数据、输入）及其操作逻辑的基本简要描述；

7、人工智能系统的状态（在市场上、在使用中，不再投放市场/不再使用，被召回）；

8、评定机构所颁发的证书的类型、编号和有效期，以及该评定机构的名称或识别号（如适用）；

9、本条第8项项下证书的扫描件（如适用）；

10、已投放市场、投入使用或可以使用该人工智能系统的任何成员国；

11、本法第四十七条项下的欧盟符合性声明副本；

12、电子版使用说明书；不得向附录三第1条、第6条和第7条所述执法或移民、庇护和边境管制管理领域的高风险人工智能系统提供该信息；

13、附加信息的统一资源定位器(URL)（可选）。

Section B — Information to be submitted by providers of high-risk AI systems in accordance with Article 49(2)

The following information shall be provided and thereafter kept up to date with regard to AI systems to be registered in accordance with Article 49(2):

1.The name, address and contact details of the provider;

2.Where submission of information is carried out by another person on behalf of the provider, the name, address and contact details of that person;

3.The name, address and contact details of the authorised representative, where applicable;

4.The AI system trade name and any additional unambiguous reference allowing the identification and traceability of the AI system;

5.A description of the intended purpose of the AI system;

6.The condition or conditions under Article 6(3)based on which the AI system is considered to be not-high-risk;

7.A short summary of the grounds on which the AI system is considered to be not-high-risk in application of the procedure under Article 6(3);

8.The status of the AI system (on the market, or in service; no longer placed on the market/in service, recalled);

9.Any Member States in which the AI system has been placed on the market, put into service or made available in the Union.

第B条—高风险人工智能系统提供者根据第四十九条第2款提交的信息

提供者应当提供并在此后持续更新根据第四十九条第2款规定登记的高风险人工智能系统的以下信息：

1、提供者的名称、地址和联系方式；

2、如果信息是由他人代表提供者提交，则应当提供该代表的姓名、地址和联系方式；

3、授权代表的姓名、地址和联系方式（如适用）；

4、人工智能系统的商品名和任何其他可用于识别和追溯人工智能系统的明确参考信息；

5、人工智能系统的预期目的说明；

6、根据第六条第3款规定，人工智能系统被认为不具有高风险的一个或多个条件；

7、简要概述适用第六条第3款规定的程序认为人工智能系统不具有高风险的理由；

8.人工智能系统的状态（在市场上、在使用中；不再投放市场、不再投入使用，被召回）；

9. 已投放市场、投入使用或可以使用该人工智能系统的任何成员国；

Section C — Information to be submitted by deployers of high-risk AI systems in accordance with Article 49(3)

The following information shall be provided and thereafter kept up to date with regard to high-risk AI systems to be registered in accordance with Article 49(3):

1.The name, address and contact details of the deployer;

2.The name, address and contact details of the person submitting information on behalf of the deployer;

3.The URL of the entry of the AI system in the EU database by its provider;

4.A summary of the findings of the fundamental rights impact assessment conducted in accordance with Article 27;

5.A summary of the data protection impact assessment carried out in accordance with Article 35 of Regulation (EU) 2016/679 or Article 27 of Directive (EU) 2016/680 as specified in Article 26(8) of this Regulation, where applicable.

第C条——高风险人工智能系统部署者根据第四十九条第3款提交的信息

部署者应当提供并在此后持续更新根据第四十九条第2款规定登记的高风险人工智能系统的以下信息：

1、部署者的名称、地址和联系方式；

2、代表部署者提交信息的人的姓名、地址和联系方式；

3、提供者在欧盟进入人工智能系统的URL；

4、根据第二十七条规定完成的基本权利影响评估的结果摘要；

5、根据本法第二十六条第8款规定，按第2016/679号条例第35条或第16/680号指令第27条进行的数据保护影响评估摘要（如适用）。

ANNEX IX

Information to be submitted upon the registration of high-risk AI systems listed in Annex III in relation to testing in real world conditions in accordance with Article 60

附录九

附录三所列高风险人工智能系统登记后根据第六十条规定在真实场景条件下进行测试时应当提交的信息

The following information shall be provided and thereafter kept up to date with regard to testing in real world conditions to be registered in accordance with Article 60:

1. A Union-wide unique single identification number of the testing in real world conditions;

2. The name and contact details of the provider or prospective provider and of the deployers involved in the testing in real world conditions;

3. A brief description of the AI system, its intended purpose, and other information necessary for the identification of the system;

4. A summary of the main characteristics of the plan for testing in real world conditions;

5. Information on the suspension or termination of the testing in real world conditions.

应当提供并在此后持续更新按第六十条规定登记的真实场景条件下测试的最新状态：

1、在真实场景条件下进行测试的欧盟唯一单一标识号；

2、提供者或潜在提供者以及参与真实场景条件下测试的部署者的姓名和联系方式；

3、人工智能系统的简要说明、预期用途以及识别系统所需的其他信息；

4、总结真实场景条件下测试计划的主要特征；

5、关于在真实场景条件下暂停或终止测试的信息。

ANNEX X

Union legislative acts on large-scale IT systems in the area of Freedom, Security and Justice

附录十

自由、安全和司法领域关于大规模信息技术系统的欧盟立法

1. Schengen Information System

(a)Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1).

(b)Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).

(c)Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).

1、申根信息系统

（a）2018年11月28日，欧洲议会和欧盟理事会《关于使用申根信息系统遣返非法居留的第三国国民的条例》（第2018/1860号）（OJ L 312，2018年12月7日，第1页）。

（b） 2018年11月28日，欧洲议会和欧盟理事会《关于在边境检查领域建立、运行和使用申根信息系统（SIS），修订<关于实施申根协定的公约>，并修订和废除第1987/2006号条例的条例》（第2018/1861号）（OJ L 31，2018年12月7日，第14页）。

（c）2018年11月28日，欧洲议会和欧盟理事会《关于在警务和刑事司法领域合作建立、运行和使用申根信息系统，修订和废除欧盟理事会第2007/533/JHA号决定，废除第1986/2006号条例、欧洲议会和欧盟理事会及欧盟委员会第2010/261/EU号决定的条例》（第2018/1862号）（OJ L 312，2018年12月7日，第56页）。

2. Visa Information System

(a)Regulation (EU) 2021/1133 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information System (OJ L 248, 13.7.2021, p. 1).

(b)Regulation (EU) 2021/1134 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System (OJ L 248, 13.7.2021, p. 11).

2、签证信息系统

（a）2021年7月7日，欧洲议会和欧盟理事会第2021/1133号条例，修订了第603/2013号、第2016/794号、第2018/1862号、第2019/816号和第2019/818号条例，为签证信息系统访问其他欧盟信息系统创造条件（OJ L 248，2021年7月13日，第1页）。

（b）2021年7月7日，欧洲议会和欧盟理事会第2021/1134号条例，修订了欧洲议会和欧盟理事会第767/2008号、第810/2009号、第2016/399号、第2017/2226号、第2018/1240号、第2018.1860号、第18/1861号、第2019/817号和第2019/1896号条例，废除了欧盟理事会第2004/512/EC号和第2008/633/JHA号决定，改革签证信息系统（OJ L 248，2021年7月13日，第11页）。

3. Eurodac

Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of ‘Eurodac’ for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1315 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa. eu/eli/reg/2024/1358/oj).

3、欧洲难民指纹数据库

2024年5月14日，欧洲议会和欧盟理事会《关于建立“欧洲难民指纹数据库”以比较生物特征数据，以有效适用欧洲议会和欧盟理事会第2024/1315号和第2024/1350号条例以及理事会第2001/55/EC号指令，并识别非法居留的第三国国民和无国籍人，以及各成员国执法机关和欧洲刑警组织为执法目的提出的与欧洲难民指纹数据库内数据进行比对的请求，修订欧洲议会和欧盟理事会第2018/1240号和第2019/818号条例，并废除欧洲议会和欧洲刑警组织第603/2013号条例的条例》（第2024/1358号）。（OJ L，2024/1358，2024年5月22日，ELI：http://data.europa.eu/eli/reg/2024/1358/oj）。

4. Entry/Exit System

Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20).

4、出入境系统

2017年11月30日，欧洲议会和欧盟理事会《建立出入境系统（EES），登记跨越成员国外部边境的第三国国民的出入境数据和拒绝入境数据，确定为执法目的进入出入境系统的条件，并修订<关于实施申根协定的公约》>以及第767/2008号和第1077/2011号条例的条例》（第2017/2226号）（OJ L 327，2017年12月9日，第20页）。

5. European Travel Information and Authorisation System

(a)Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).

(b)Regulation (EU) 2018/1241 of the European Parliament and of the Council of 12 September 2018 amending Regulation (EU) 2016/794 for the purpose of establishing a European Travel Information and Authorisation System (ETIAS) (OJ L 236, 19.9.2018, p. 72).

5、欧洲旅行信息和授权系统

（a）2018年9月12日，欧洲议会和欧盟理事会《关于建立欧洲旅行信息和授权系统（ETIAS），并修订第1077/2011号、第515/2014号、第2016/399号、第16/1624号和第2017/2226号条例的条例》（第2018/1240号）（OJ L 236，2018年9月19日，第1页）。

（b）2018年9月12日，欧洲议会和理事会《关于修订第2016/794号条例，建立欧洲旅行信息和授权系统（ETIAS）的条例》（第2018/1241号）（OJ L 236，2018年9月19日，第72页）。

6. European Criminal Records Information System on third-country nationals and stateless persons

Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).

6、欧洲关于第三国国民和无国籍人的犯罪记录信息系统

2019年4月17日，欧洲议会和欧盟理事会《关于建立用于识别持有第三国国民和无国籍人犯罪信息的成员国的集中系统（ECRIS-TCN），以补充欧洲犯罪记录信息系统，并修订第2018/1726号条例的》（第2019/816号）（OJ L 135，2019年5月22日，第1页）。

7. Interoperability

(a)Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).

(b)Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).

7、协同作业

（a）2019年5月20日，欧洲议会和欧盟理事会《关于建立欧盟边境和签证领域信息系统协作框架，并修订欧洲议会和欧盟理事会第767/2008号、第2016/399号、第2017/2226号、第2018/1240号、第18/1726号和第2018/1861号条例以及欧盟理事会第2004/512/EC号和第2008/633/JHA号决定的条例》（第2019/817号）（OJ L 135，2019年5月22日，第27页）。

（b） 2019年5月20日，欧洲议会和欧盟理事会《关于在警务和司法合作、庇护和移民领域建立欧盟信息系统协作框架，并修订第2018/1726号、第2018/1862号和第2019/816号条例的条例》（第2019/818号）（OJ L 135，2019年5月22日，第85页）。

ANNEX XI

Technical documentation referred to in Article 53(1), point (a) — technical documentation for providers of general-purpose AI models

附录十一

第五十三条第1款（a）项规定的技术文档——通用人工智能模型提供者的技术文档

Section 1 Information to be provided by all providers of general-purpose AI models

The technical documentation referred to in Article 53(1), point (a) shall contain at least the following information as appropriate to the size and risk profile of the model:

1. A general description of the general-purpose AI model including:

(a)the tasks that the model is intended to perform and the type and nature of AI systems in which it can be integrated;

(b)the acceptable use policies applicable;

(c)the date of release and methods of distribution;

(d)the architecture and number of parameters;

(e)the modality (e.g. text, image) and format of inputs and outputs;

(f) the licence.

2. A detailed description of the elements of the model referred to in point 1, and relevant information of the process for the development, including the following elements:

(a)the technical means (e.g. instructions of use, infrastructure, tools) required for the general-purpose AI model to be integrated in AI systems;

(b)the design specifications of the model and training process, including training methodologies and techniques, the key design choices including the rationale and assumptions made; what the model is designed to optimise for and the relevance of the different parameters, as applicable;

(c)information on the data used for training, testing and validation, where applicable, including the type and provenance of data and curation methodologies (e.g. cleaning, filtering, etc.), the number of data points, their scope and main characteristics; how the data was obtained and selected as well as all other measures to detect the unsuitability of data sources and methods to detect identifiable biases, where applicable;

(d)the computational resources used to train the model (e.g. number of floating point operations), training time, and other relevant details related to the training;

(e)known or estimated energy consumption of the model.

With regard to point (e), where the energy consumption of the model is unknown, the energy consumption may be based on information about computational resources used.

第1条通用人工智能模型的所有提供者都提供的信息

第五十三条第1款（a）项所规定的技术文档应当至少包含以下与模型尺寸和风险状况相对应的信息：

1、通用人工智能模型的一般描述，包括：

（a）模型旨在执行的任务以及可以集成模型的人工智能系统的类型和性质；

（b）所适用的可接受使用政策；

（c）发布日期和分布方式；

（d）结构和参数值；

（e）输入和输出的模态（如文本、图像）和格式；

（f）许可证。

2、本条第1款所述模型要素的详细说明，以及开发过程的相关信息，包括以下要素：

（a）将通用人工智能模型集成到人工智能系统中所需的技术手段（如使用说明、基础设施、工具）；

（b）模型和训练过程的设计规范，包括训练方法和技术，关键设计选择，包括基本原理和假设；模型的优化对象以及不同参数的相关性（如适用）；

（c）用于训练、测试和验证的数据信息（如适用），包括数据的类型和来源以及管理方法（如清理、过滤等）、数据点的数量、范围和主要特征；数据的获取和选择方式，以及检测数据来源不适当的所有其他措施和检测可识别偏差的方法（如适用）；

（d）用于训练模型的计算资源（例如浮点运算次数）、训练时间以及与训练相关的其他相关细节；

（e）模型的已知或预计的能耗。

在上述第（e）项中，如果模型的能耗未知，能耗可以以其所使用的计算资源信息为基础。

Section 2 Additional information to be provided by providers of general-purpose AI models with systemic risk

1. A detailed description of the evaluation strategies, including evaluation results, on the basis of available public evaluation protocols and tools or otherwise of other evaluation methodologies. Evaluation strategies shall include evaluation criteria, metrics and the methodology on the identification of limitations.

2. Where applicable, a detailed description of the measures put in place for the purpose of conducting internal and/or external adversarial testing (e.g. red teaming), model adaptations, including alignment and fine-tuning.

3. Where applicable, a detailed description of the system architecture explaining how software components build or feed into each other and integrate into the overall processing.

第2条具有系统性风险的通用人工智能模型提供者应当提供的其他信息

1、根据现有的公共评估协议和工具或其他评估方法，详细说明评估策略（包括评估结果）。评估策略应当包括评估标准、指标和识别局限性的方法。

2、详细说明为进行内部和/或外部对抗性测试（如红队测试）、模型调整（包括对齐和微调）而采取的措施（如适用）。

3、对系统架构的详细描述，解释软件组件如何相互构建或推送并被集成到整体处理程序中。（如适用）

ANNEX XII

Transparency information referred to in Article 53(1), point (b) — technical documentation for providers of general-purpose AI models to downstream providers that integrate the model into their AI system

附录十二

第五十三条第1款（b）项所述透明度信息——向将通用人工智能模型集成到其人工智能系统中的下游提供者提供通用人工智能的技术文档

The information referred to in Article 53(1), point (b) shall contain at least the following:

1. A general description of the general-purpose AI model including:

(a)the tasks that the model is intended to perform and the type and nature of AI systems into which it can be integrated;

(b)the acceptable use policies applicable;

(c)the date of release and methods of distribution;

(d)how the model interacts, or can be used to interact, with hardware or software that is not part of the model itself, where applicable;

(e)the versions of relevant software related to the use of the general-purpose AI model, where applicable;

(f) the architecture and number of parameters;

(g)the modality (e.g. text, image) and format of inputs and outputs;

(h)the licence for the model.

2. A description of the elements of the model and of the process for its development, including:

(a)the technical means (e.g. instructions for use, infrastructure, tools) required for the general-purpose AI model to be integrated into AI systems;

(b)the modality (e.g. text, image, etc.) and format of the inputs and outputs and their maximum size (e.g. context window length, etc.);

(c)information on the data used for training, testing and validation, where applicable, including the type and provenance of data and curation methodologies.

第五十三条第1款（b）项所规定的信息应当至少包含以下内容：

1、通用人工智能模型的一般描述，包括：

（a）模型将要执行的任务以及可以集成该模型的人工智能系统的类型和性质；

（b）所适用的可接受使用政策；

（c）发布日期和分布方式；

（d）模型如何与模型以外的硬件或软件交互，或如何可用于与之交互（如适用）；

（e）与通用人工智能模型使用有关的软件版本（如适用）；

（f）结构和参数值；

（g）输入和输出的模态（如文本、图像）和格式；

（h）模型的许可证。

2、模型要素及其开发过程的说明，包括：

（a）将通用人工智能模型集成到人工智能系统中所需的技术手段（例如使用说明、基础设施、工具）；

（b）输入和输出的模态（如文本、图像等）和格式及其最大尺寸（如上下文窗口长度等）；

（c）用于训练、测试和验证的数据信息（如适用），包括数据的类型和来源以及管理方法。

ANNEX XIII

Criteria for the designation of general-purpose AI models with systemic risk referred to in Article 51

附录十三

第五十一条所规定具有系统性风险的通用人工智能模型的指定标准

For the purpose of determining that a general-purpose AI model has capabilities or an impact equivalent to those set out in Article 51(1), point (a), the Commission shall take into account the following criteria:

(a)the number of parameters of the model;

(b)the quality or size of the data set, for example measured through tokens;

(c)the amount of computation used for training the model, measured in floating point operations or indicated by a combination of other variables such as estimated cost of training, estimated time required for the training, or estimated energy consumption for the training;

(d)the input and output modalities of the model, such as text to text (large language models), text to image, multi-modality, and the state of the art thresholds for determining high-impact capabilities for each modality, and the specific type of inputs and outputs (e.g. biological sequences);

(e)the benchmarks and evaluations of capabilities of the model, including considering the number of tasks without additional training, adaptability to learn new, distinct tasks, its level of autonomy and scalability, the tools it has access to;

(f) whether it has a high impact on the internal market due to its reach, which shall be presumed when it has been made available to at least 10 000 registered business users established in the Union;

(g)the number of registered end-users.

在确定通用人工智能模型是否具有相当于第五十一条第1款（a）项所述能力或影响的能力或影响时，欧盟委员会应当考虑以下标准：

（a）模型的参数数量；

（b）数据集的质量和规模，例如以token为单位测量；

（c）用于模型训练、在浮点运算中测量或由其他变量组合表示的计算量，如预估的训练成本、训练所需时间或训练能耗；

（d）模型的输入和输出模态，例如从文本到文本（大型语言模型）、文本到图像、多模态，和用于确定每种模态高影响力的最新阈值，以及特定类型的输入和输出（如生物序列）；

（e）模型能力的基准和评估，包括考虑无需额外训练的任务数量、学习新的不同任务的适应能力、自主性和可伸缩性、可使用的工具；

（f）它是否因其覆盖范围而对内部市场产生重大影响，当它被供应给欧盟境内10000名以上注册商业用户时，应推定为具有重大影响；

（g）注册最终用户的数量。