Assessing High-Risk AI Systems under the EU AI Act: From Legal Requirements to Technical Verification

TL;DR

This paper develops a systematic mapping translating high-level EU AI Act requirements into concrete, verifiable assessment activities to facilitate compliance verification across the AI lifecycle.

Contribution

It introduces a structured, reusable mapping grounded in standards that links legal requirements to technical verification practices, enhancing consistency and clarity.

Findings

Provides a clear mapping from legal requirements to verification activities

Grounds the mapping in authoritative standards and practices

Aims to reduce interpretive uncertainty in AI compliance verification

Abstract

The implementation of the AI Act requires practical mechanisms to verify compliance with legal obligations, yet concrete and operational mappings from high-level requirements to verifiable assessment activities remain limited, contributing to uneven readiness across Member States. This paper presents a structured mapping that translates high-level AI Act requirements into concrete, implementable verification activities applicable across the AI lifecycle. The mapping is derived through a systematic process in which legal requirements are decomposed into operational sub-requirements and grounded in authoritative standards and recognised practices. From this basis, verification activities are identified and characterised along two dimensions: the type of verification performed and the lifecycle target to which it applies. By making explicit the link between regulatory intent and technical and organisational assurance practices, the proposed mapping reduces interpretive uncertainty and provides a reusable reference for consistent, technology-agnostic compliance verification under the AI Act.