-

Key contents include: System purpose and design Training data description and bias mitigation Performance and risk assessments Human oversight measures Logging and monitoring mechanisms This documentation enables regulators to trace failures, assign responsibility, and assess compliance.

Under the EU AI Act, providers of high-risk systems like IRIS must compile technical documentation before placing the product on the market and keep it up to date, and must then retain it for 10 years so regulators can assess compliance with safety, data governance, performance and risk requirements.

Have to keep the data in for 10 years as this allows regulators in assessing liability in case anything happens in the future

Technical documentation records how IRIS was built, trained, and tested. This helps regulators understand the system and investigate issues if something goes wrong. It serves as proof that safety and fairness were taken seriously.

IRIS must retain documentation on system purpose, design, training data, risk management, performance, human oversight, and conformity records, enabling regulators to trace failures, verify compliance, and assign liability if harm occurs.

This form the database for the stern improvement and case study

​Risk Management: A log of all foreseeable risks (e.g., system failure in low light) and the technical steps taken to mitigate them.

Personal details and physiological states of people inferred by DMS

Under Articles 11 and 18, IRIS must maintain technical documentation for at least 10 years after market placement. This documentation must include: A detailed system description, intended purpose, and operational context. Model architecture and design choices, including algorithms used. Data governance documentation, covering training, validation, and testing datasets. Risk management records, identifying known risks and mitigation measures. Performance evaluation results, including bias and robustness testing. Human oversight mechanisms and user instructions. Change logs and updates, including post-deployment modifications. EU Declaration of Conformity and, where applicable, notified body assessments. This documentation allows regulators to: Reconstruct how decisions were made, Assess whether reasonable care was taken, Determine whether harm resulted from design flaws, misuse, or unforeseeable circumstances.

It gives regulators traceability and evidence to check compliance, investigate failures.

In form of tickets

.

Intended purpose and system description Model architecture and development process Training, validation, and testing data governance Risk management and bias mitigation measures Performance, accuracy, and fairness metrics Human oversight and safety controls Post market monitoring and update procedures EU declaration of conformity and conformity assessment records Why this matters for liability This documentation gives regulators traceability allowing them to assess whether harm or bias was foreseeable, whether risks were properly mitigated, and whether IRIS was compliant at deployment. In liability cases, it serves as evidence of due diligence (or lack thereof) and enables enforcement actions, fines, or product withdrawal.

Data subjects has the rights to request restrictions on personal data if the controllers process of their data is inaccurate. When the processing is unlawful

IRIS must maintain a technical file containing system architecture, data provenance, risk mitigation logs, and validation results to provide regulators with a traceable "black box" audit trail for determining whether an accident was caused by a design flaw or human error.

They must maintain their goal to collect diverse and unbiased data. I don't think the documentation provided exempt them from liability. They need more information on their documentation for the regulators.