‍Updated on April 10^th 2024 based on the version and article numbering approved by the EU Parliament on March 13^th 2024.

(1)              In order to facilitate the work of the Commission and the Member States in the AI field as well as to increase the transparency towards the public, providers of high-risk AI systems other than those related to products falling within the scope of relevant existing Union harmonisation legislation, as well as providers who consider that the high-risk AI system listed in an annex to this Regulation is not high-risk on the basis of a derogation, should be required to register themselves and information about their AI system in a EU database, to be established and managed by the Commission. Before using such a high- risk AI system, deployers of high-risk AI systems that are public authorities, agencies or bodies, should register themselves in such database and select the system that they envisage to use.

Other deployers should be entitled to do so voluntarily. This section of the database should be publicly accessible, free of charge, the information should be easily navigable, understandable and machine-readable. The database should also be user-friendly, for example by providing search functionalities, including through keywords, allowing the general public to find relevant information to be submitted upon the registration of high- risk AI systems and on the high-risk AI systems, set out in annexes to this Regulation, to which the high-risk AI systems correspond. Any substantial modification of high-risk AI systems should also be registered in the EU database. For high-risk AI systems in the area of law enforcement, migration, asylum and border control management, the registration obligations should be fulfilled in a secure non-public section of the database. Access to the secure non-public section should be strictly limited to the Commission as well as to market surveillance authorities with regard to their national section of that database. High-risk AI systems in the area of critical infrastructure should only be registered at national level. The Commission should be the controller of the EU database, in accordance with Regulation (EU) 2018/1725. In order to ensure the full functionality of the database, when deployed, the procedure for setting the database should include the elaboration of functional specifications by the Commission and an independent audit report. The Commission should take into account cybersecurity and hazard-related risks when carrying out its tasks as data controller on the EU database.

In order to maximise the availability and use of the database by the public, the database, including the information made available through it, should comply with requirements under the Directive (EU) 2019/882.