EU AI Act Guide for Transport
Transport is one of the most technically complex sectors under the EU AI Act. AI systems in road vehicles, aviation, and rail are typically regulated via the Annex I pathway — where existing sectoral legislation (type-approval regulations, EASA rules, ERA standards) covers the AI Act conformity assessment. This guide explains how the dual-regime works, what obligations apply, and how transport operators and technology providers should approach compliance.
The Annex I pathway — how it works for transport
Unlike healthcare or financial services — where AI Act obligations apply directly — most transport AI is regulated under the Annex I pathway. Under Art. 6(1) of the EU AI Act, an AI system that is a safety component of a product listed in Annex I (which includes road vehicles, aircraft, ships, and rail) is classified as high-risk — but its conformity assessment is conducted under the applicable sectoral legislation, not separately under the AI Act.
This means: if your AI is a safety component of a CE-marked road vehicle under Regulation 2019/2144, the type-approval process covers the AI Act compliance pathway. You do not get a separate AI Act CE mark — but the type-approval authority must be satisfied that AI Act Art. 9–17 obligations are met as part of the approval process.
AI Classification Scenarios in Transport
Transport AI spans multiple regulatory pathways. Work through these scenarios to identify your classification.
AI as a safety component in road vehicles
High-risk (Annex I pathway — Regulation 2019/2144)
AI systems that form safety components of road vehicles (cars, trucks, buses, motorcycles) are high-risk under EU AI Act Art. 6(1) via the Annex I pathway. EU Regulation 2019/2144 on vehicle type-approval is the relevant sectoral legislation. This covers: advanced emergency braking systems (AEBS), lane keeping assistance, intelligent speed assistance, and — critically — higher levels of automation under ongoing type-approval frameworks.
Examples
AEBS using camera/radar fusion; lane-departure warning AI; Level 3+ autonomous driving AI in type-approved vehicles; AI-based pedestrian detection in trucks.
Borderline considerations
Pure sensor systems without AI inference layers, or AI used only in driver-assistance features not classified as safety systems under Regulation 2019/2144, require case-by-case analysis.
AI in aviation safety systems
High-risk (Annex I pathway — Regulation 2018/1139)
AI forming a safety component in aircraft or air traffic management systems covered by EASA Regulation 2018/1139 is high-risk under Art. 6(1). This includes: AI-based collision avoidance systems, predictive maintenance AI used for safety-critical components, and AI in air traffic control decision support where outputs affect flight safety.
Examples
AI trajectory planning in advanced air traffic management; AI for engine failure prediction used in dispatch decisions; autonomous drone collision avoidance for beyond-visual-line-of-sight (BVLOS) operations.
Borderline considerations
AI used in airline commercial operations (pricing, scheduling, seat allocation) without a direct safety function is not covered by Annex I and requires Annex III analysis.
AI in rail safety and signalling
High-risk (Annex I pathway — Directive 2016/798 / ERA Regulations)
AI systems forming safety components of railway infrastructure — including automatic train protection (ATP) systems, ETCS/ERTMS components, and AI-assisted traffic management — fall under the Annex I pathway via EU rail safety legislation. The European Union Agency for Railways (ERA) is the competent authority for harmonised technical specifications.
Examples
AI-based train spacing optimisation in automated metros; AI for predictive signal failure detection integrated into safety-critical signalling; Level of Automation 3–4 (GoA 3/4) train control AI.
Borderline considerations
AI used for passenger information systems, ticketing, or back-office scheduling without direct safety function falls outside Annex I. Annex III cat. 2 analysis (critical infrastructure) may still apply.
AI in critical transport infrastructure management
High-risk (Annex III, cat. 2)
Beyond Annex I safety components, AI systems used to manage critical transport infrastructure — where failure or malfunction could significantly disrupt transport services or affect public safety — fall under Annex III Category 2 (critical infrastructure). This captures AI used in: network-level traffic management, port management AI affecting significant cargo flows, airport capacity management, and AI for managing road or rail infrastructure at a network level.
Examples
AI for national motorway traffic management; AI managing port berth allocation and cargo operations at scale; AI for rail network-wide train path allocation; airport slot coordination AI.
Borderline considerations
The threshold for 'critical infrastructure' is not defined in granular detail in the regulation. Operators of infrastructure classified under EU critical infrastructure legislation (CER Directive) should treat AI used in that infrastructure as presumptively within Annex III cat. 2.
Autonomous maritime vessels
Potentially high-risk (Annex I — if covered by marine equipment legislation)
Autonomous and semi-autonomous maritime vessels are an evolving area. Where AI systems form safety components of vessels covered by EU marine equipment legislation (Directive 96/98/EC or successor rules), the Annex I pathway applies. IMO Maritime Autonomous Surface Ships (MASS) regulatory frameworks are developing in parallel.
Examples
AI collision avoidance for MASS; AI-based berthing assistance systems used as safety-critical components; AI for automated machinery monitoring on cargo vessels.
Borderline considerations
Maritime AI is a rapidly evolving regulatory area. Operators should monitor EMSA and IMO MASS code development alongside AI Act obligations.
Conformity Assessment Paths by Sector
Road vehicles (Reg. 2019/2144)
UNECE type-approval via Vehicle Type Approval Regulation. National approval authorities (e.g., RDW, KBA, DVSA) serve as conformity assessment bodies. The AI Act Annex I pathway means the type-approval process covers AI Act conformity — coordinate with your approval authority on AI Act-specific evidence.
Type approval process is ongoing — existing deadlines for AI Act obligations align with type-approval renewal cycles. New models placed on market after August 2026 must be compliant.
Aviation (Reg. 2018/1139)
EASA certification process. EASA has published specific guidance on AI assurance (Concept Paper on AI Trustworthiness) which maps to AI Act requirements. EASA certification covers the AI Act Annex I conformity pathway. Design organisations (DOA holders) should integrate AI Act documentation into their EASA technical files.
EASA AI trustworthiness framework is being developed in parallel with AI Act. Coordinate with your DOA designee and EASA project officer.
Rail (Directive 2016/798 / ERA)
ERA common safety method and notified bodies (NoBos and AsBos). Technical Specifications for Interoperability (TSIs) are the reference framework. AI Act Annex I conformity is covered by the ERA certification process. Coordinate with your NoBo on AI Act documentation requirements.
ERA is developing specific guidance on AI in railway systems. Operators should monitor ERA working group outputs on AI.
Annex III cat. 2 (critical infrastructure AI)
For AI systems falling under Annex III rather than Annex I, internal conformity assessment (self-assessment) applies under Art. 43(2) for most categories. Technical documentation (Annex IV), CE marking, and EU database registration are all required independently of any sectoral certification.
Full compliance required by 2 August 2026.
Key AI Act Obligations in Transport Context
Art. 9 — Risk management
Safety-integrated risk management
Transport AI risk management under Art. 9 must be integrated with existing safety management systems: ISO 26262 (road vehicles), DO-178C/DO-254 (aviation software/hardware), CENELEC EN 50128/50129 (rail), and ISO 13849/IEC 62061 (machinery). The AI Act risk management system must address AI-specific risks — dataset shift, adversarial robustness, performance in edge cases — that existing functional safety standards do not fully cover. Build a unified risk management file that addresses both functional safety and AI Act obligations.
Source
Regulation (EU) 2024/1689 — EU AI Act. Interact with type-approval and EASA/ERA certification documentation for Annex I pathway systems.
Art. 10 — Data governance
Training data for safety-critical systems
For safety-critical transport AI, Art. 10 data governance requirements demand particular rigour: training datasets must represent the full operational design domain (ODD) of the system, including edge cases and rare events. Failure to include representative edge-case data is a leading cause of safety incidents in autonomous systems. Data provenance documentation must cover: collection methodology, annotation quality, known distribution gaps, and how bias was assessed and mitigated. GDPR implications arise where training data includes sensor data capturing natural persons (pedestrians, other road users).
Source
Regulation (EU) 2024/1689 — EU AI Act. Interact with type-approval and EASA/ERA certification documentation for Annex I pathway systems.
Art. 14 — Human oversight
Human oversight in increasingly automated transport
Art. 14 requires that high-risk AI systems be designed so that natural persons can effectively oversee them. In transport, this is in tension with increasing levels of automation — Level 4/5 autonomous vehicles are designed to operate without continuous human monitoring. The AI Act acknowledges this: Art. 14(4) allows human oversight to be 'built in' to the system rather than requiring real-time human-in-the-loop where the automation level is intrinsic to the system's purpose. However, meaningful override mechanisms — remote operation centres, fall-back safety modes — must be documented.
Source
Regulation (EU) 2024/1689 — EU AI Act. Interact with type-approval and EASA/ERA certification documentation for Annex I pathway systems.
Art. 13 — Transparency
Instructions for use and operational design domain
For transport AI, Art. 13 instructions for use must clearly specify the operational design domain (ODD): the environmental conditions, speed ranges, road types, weather conditions, and traffic scenarios within which the system is validated and intended to operate. Deployers (fleet operators, transport network operators) must receive instructions that enable them to understand when the AI system is operating within or outside its ODD, what intervention is required, and how to handle handover/takeover events.
Source
Regulation (EU) 2024/1689 — EU AI Act. Interact with type-approval and EASA/ERA certification documentation for Annex I pathway systems.
Autonomous Vehicles — A Developing Regulatory Landscape
The EU AI Act applies to autonomous vehicle AI through the Annex I pathway where type-approval legislation covers the AI system. However, the EU type-approval framework for higher levels of automation (SAE Level 3 and above) is still developing. UNECE Regulation 157 covers Level 3 automated lane keeping, and UNECE is working on broader frameworks.
Manufacturers of Level 3+ vehicles should monitor: (1) UNECE WP.29 developments on automated driving regulations, (2) EU Commission proposals for a dedicated automated vehicles framework, and (3) AI Act implementation guidance from the AI Office on how the Annex I pathway operates for novel vehicle types not yet fully covered by existing type-approval rules.
For vehicles operating under national derogations or trial conditions not covered by type-approval legislation, the Annex III cat. 2 pathway may apply if the vehicle is used in critical infrastructure contexts.
Practical Compliance Action Plan
For transport technology providers and infrastructure operators across road, rail, aviation, and maritime sectors.
Phase 1 — Classification (now)
- 1Map every AI system in your transport product or infrastructure to determine whether it falls under Annex I sectoral legislation (road vehicles, aviation, rail, marine equipment)
- 2For each AI system, determine: is it a safety component of a regulated product, or does it fall within Annex III cat. 2 (critical infrastructure) independently?
- 3For Annex I systems: engage your existing conformity assessment body (type-approval authority, EASA, NoBo) on AI Act obligations
- 4Document your classification decision with reasoning — regulators will scrutinise borderline cases
Phase 2 — Gap assessment (Q3–Q4 2025)
- 1Map AI Act Art. 9–17 obligations against existing safety management system documentation — identify what is missing vs. what existing functional safety documentation covers
- 2Assess whether existing safety standards (ISO 26262, DO-178C, EN 50128) documentation can be extended to satisfy Annex IV technical documentation requirements
- 3Identify ODD definition and documentation — is your operational design domain formally documented and representative of real-world deployment?
- 4Conduct GDPR analysis for any sensor data processing involving natural persons — particularly relevant for camera-based perception systems
Phase 3 — Remediation (Q4 2025 – Q2 2026)
- 1Extend existing risk management systems to address AI-specific risks: dataset shift, adversarial conditions, edge-case performance, model degradation over time
- 2Prepare or extend Annex IV technical documentation — build on existing safety case documentation where possible
- 3For Annex III systems not covered by Annex I: establish quality management system, implement logging, prepare CE marking documentation
- 4Define and document human oversight mechanisms appropriate to the level of automation — include remote operation, fallback modes, and handover protocols
Phase 4 — Conformity and ongoing compliance (by 2 August 2026)
- 1For Annex I pathway systems: coordinate with your sectoral conformity assessment body to ensure AI Act requirements are addressed within the existing certification process
- 2For Annex III pathway systems: complete internal conformity assessment, prepare EU Declaration of Conformity, affix CE marking
- 3Register high-risk AI systems in the EU AI database before the August 2026 deadline
- 4Establish post-market monitoring plan including real-world performance data collection, incident thresholds, and regulatory reporting procedures
Related guides
Classify your transport AI system
Use the Risk Classifier to determine whether your AI falls under Annex I, Annex III cat. 2, or a lower risk classification.
Classify your AI system →