Use: complete at the concept/requirements stage of the AI System Life Cycle Process, before significant build. Owner: product owner with CTO + General Counsel. Frameworks: ISO/IEC 42001 A.6.2.2; EU AI Act Annex IV (high-risk technical documentation).
Replace every {{var}} placeholder. For a high-risk (Annex III) system this document seeds the EU AI Act Annex IV technical file maintained in the AI Model Registry.

1. Purpose & scope

  • System / feature name: {{feature_name}}
  • Intended purpose: {{intended_purpose}}
  • Intended users & deployment context: {{intended_users}}
  • Out-of-scope / prohibited uses: {{out_of_scope_uses}}

2. Classification & obligations

  • EU AI Act tier + Annex III high-risk screen: {{eu_ai_act_tier}} (mandatory)
  • Applicable AI laws: {{applicable_ai_laws}} — see the Legal & Regulatory Register
  • Provider vs deployer role: {{provider_deployer_role}}

3. Functional requirements

  • Inputs: {{inputs}}
  • Outputs: {{outputs}}
  • Performance targets: {{performance_targets}}
  • Human oversight requirement: {{human_oversight_requirement}}

4. Data requirements (A.7)

  • Training/fine-tune data: {{training_data}} (or “inference-only; see upstream model card”)
  • Data quality & representativeness: {{data_quality}}
  • Deidentification requirement: {{deidentification_requirement}}

5. Non-functional & risk requirements

  • Robustness / safety: {{robustness_safety}}
  • Security: {{security_requirement}}
  • Privacy: {{privacy_requirement}}
  • Transparency: {{transparency_requirement}}
  • Accessibility / fairness constraints: {{accessibility_fairness}}

6. Acceptance criteria

  • Validation gates (link the planned AI System Evaluation): {{validation_gates}}
  • Bias-audit requirement (high-risk): {{bias_audit_requirement}}

7. Approvals

  • Requirements approved by: {{approved_by}} — {{approval_date}}
  • DPIA/FRIA triggered: {{dpia_triggered}}

Variables

VariableDescription
{{feature_name}}System / feature name
{{intended_purpose}}Intended purpose (the specific task and outcome)
{{intended_users}}Intended users and deployment context (who uses it, where, for what decision)
{{out_of_scope_uses}}Out-of-scope / prohibited uses
{{eu_ai_act_tier}}EU AI Act tier + Annex III high-risk screen result and rationale
{{applicable_ai_laws}}Applicable AI laws (NYC LL144 / state AI / Colorado AI Act / SB 942 / SB 1001 / etc.)
{{provider_deployer_role}}Provider vs deployer role
{{inputs}}Inputs (data categories, sources, format)
{{outputs}}Outputs (predictions / rankings / generated content; format)
{{performance_targets}}Performance targets (accuracy / task metrics + thresholds)
{{human_oversight_requirement}}Where a human must review/override
{{training_data}}Training/fine-tune data (dataset card link; provenance; licensing)
{{data_quality}}Data quality and representativeness (requirements; bias-examination plan)
{{deidentification_requirement}}Deidentification Standard stage / parameters
{{robustness_safety}}Robustness / safety (edge cases, failure handling)
{{security_requirement}}Security requirement (per Secure Development Policy; threat model)
{{privacy_requirement}}Privacy requirement (minimization; DPIA/FRIA trigger)
{{transparency_requirement}}AI-interaction / AI-content disclosure requirements
{{accessibility_fairness}}Accessibility / fairness constraints
{{validation_gates}}Criteria that must pass before deployment
{{bias_audit_requirement}}Whether an independent audit is required before AEDT deployment (Y/N)
{{approved_by}}Requirements approver(s) — product owner / AI review group
{{approval_date}}Date of approval
{{dpia_triggered}}Whether DPIA/FRIA is triggered (Y/N; link)

Cross-references