Article 17 requires providers to operate a documented quality management system (QMS) covering all of the activities required by the Act. The QMS must address: regulatory compliance strategy, design and quality control techniques, examination and testing procedures, technical specifications, data management, the risk management system, post-market monitoring, incident reporting, communication with authorities, record-keeping, resource management, and an accountability framework. ISO 9001 alignment is the most common practical baseline.
What you must do
- → Document the QMS as a written set of policies, procedures, and instructions.
- → Assign QMS owners and review cadences.
- → If you already operate ISO 9001 or ISO/IEC 42001, map across — don't duplicate.
The authoritative text of Article 17 is published by the Publications Office of the European Union on EUR-Lex. We link directly to it rather than mirror it, so you always read the current consolidated version straight from the source.
Read Article 17 on EUR-LexSource: Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). The only authentic version is the one published in the Official Journal of the European Union.