Checklist pro zajištění compliance high-risk AI systémů dle AI Act.
| Pole | Hodnota |
|---|
| AI System Name | [PLACEHOLDER] |
| AI System ID | AI-[YYYY]-[NNN] |
| Risk Classification | HIGH-RISK |
| Classification Basis | ☐ Safety Component / ☐ Annex III Area: _______ |
| Assessment Date | [PLACEHOLDER: DD.MM.YYYY] |
| Owner | [PLACEHOLDER] |
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 1.1 | Risk management plan documented | ☐ | | | |
| 1.2 | Risks identified throughout lifecycle | ☐ | | | |
| 1.3 | Risks estimated and evaluated | ☐ | | | |
| 1.4 | Residual risks acceptable | ☐ | | | |
| 1.5 | Risk mitigation measures implemented | ☐ | | | |
| 1.6 | Testing for risk management | ☐ | | | |
Risk Management Approval:
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 2.1 | Training data documented | ☐ | | | |
| 2.2 | Data quality assessed | ☐ | | | |
| 2.3 | Data relevance verified | ☐ | | | |
| 2.4 | Bias assessment completed | ☐ | | | |
| 2.5 | Bias mitigation measures | ☐ | | | |
| 2.6 | Data representativeness checked | ☐ | | | |
| 2.7 | Data processing lawful (GDPR) | ☐ | | | |
Data Quality Metrics:
| Metric | Target | Actual | Pass? |
|---|
| Completeness | | | ☐ |
| Accuracy | | | ☐ |
| Representativeness | | | ☐ |
| Bias score | | | ☐ |
| # | Dokument | Status | Location | Owner |
|---|
| 3.1 | General system description | ☐ | | |
| 3.2 | System architecture | ☐ | | |
| 3.3 | Model specification | ☐ | | |
| 3.4 | Training methodology | ☐ | | |
| 3.5 | Training data description | ☐ | | |
| 3.6 | Validation and testing data | ☐ | | |
| 3.7 | Performance metrics | ☐ | | |
| 3.8 | Known limitations | ☐ | | |
| 3.9 | Intended purpose | ☐ | | |
| 3.10 | Hardware/software requirements | ☐ | | |
| 3.11 | Interaction with other systems | ☐ | | |
| 3.12 | Instructions for use | ☐ | | |
| 3.13 | Human oversight description | ☐ | | |
| 3.14 | Expected lifetime | ☐ | | |
| 3.15 | Change log | ☐ | | |
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 4.1 | Automatic logging enabled | ☐ | | | |
| 4.2 | Logs include operation period | ☐ | | | |
| 4.3 | Logs include input data reference | ☐ | | | |
| 4.4 | Logs include output data | ☐ | | | |
| 4.5 | Logs traceable to individuals (if Art.22 GDPR) | ☐ | | | |
| 4.6 | Log retention = 5+ years | ☐ | | | |
| 4.7 | Logs protected from tampering | ☐ | | | |
Logging Configuration:
| Log Type | Retention | Storage | Access Control |
|---|
| Operation logs | | | |
| Input data | | | |
| Output data | | | |
| Error logs | | | |
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 5.1 | Instructions for use provided | ☐ | | | |
| 5.2 | Provider identity disclosed | ☐ | | | |
| 5.3 | Intended purpose described | ☐ | | | |
| 5.4 | Accuracy levels communicated | ☐ | | | |
| 5.5 | Known/foreseeable circumstances | ☐ | | | |
| 5.6 | Specifications for input data | ☐ | | | |
| 5.7 | Human oversight measures described | ☐ | | | |
| 5.8 | Expected lifetime communicated | ☐ | | | |
| 5.9 | Maintenance requirements | ☐ | | | |
User Notification:
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 6.1 | Human oversight measures designed | ☐ | | | |
| 6.2 | Human can understand capabilities | ☐ | | | |
| 6.3 | Human can interpret outputs | ☐ | | | |
| 6.4 | Human can decide not to use/ignore | ☐ | | | |
| 6.5 | Human can intervene/stop | ☐ | | | |
| 6.6 | Override capability exists | ☐ | | | |
| 6.7 | Appeal process defined | ☐ | | | |
Human Oversight Design:
Oversight Type: ☐ Human-in-the-loop / ☐ Human-on-the-loop / ☐ Human-in-command
Override mechanism: [PLACEHOLDER]
Appeal process: [PLACEHOLDER]
Responsible persons: [PLACEHOLDER]
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 7.1 | Accuracy level appropriate | ☐ | | | |
| 7.2 | Accuracy level declared | ☐ | | | |
| 7.3 | Resilient to errors | ☐ | | | |
| 7.4 | Resilient to inconsistencies | ☐ | | | |
| 7.5 | Robustness against third-party manipulation | ☐ | | | |
| 7.6 | Adversarial testing completed | ☐ | | | |
| 7.7 | Cybersecurity measures implemented | ☐ | | | |
| 7.8 | Fail-safe mechanisms | ☐ | | | |
Testing Results:
| Test Type | Date | Result | Pass? |
|---|
| Accuracy testing | | | ☐ |
| Bias testing | | | ☐ |
| Robustness testing | | | ☐ |
| Adversarial testing | | | ☐ |
| Security testing | | | ☐ |
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 8.1 | Conformity assessment procedure determined | ☐ | | | |
| 8.2 | Assessment completed | ☐ | | | |
| 8.3 | EU Declaration of Conformity | ☐ | | | |
| 8.4 | CE marking (if applicable) | ☐ | | | |
| 8.5 | Registration in EU database | ☐ | | | |
Assessment Type:
| # | Aktivita | Frekvence | Owner | Last Done | Next Due |
|---|
| 9.1 | Performance monitoring | Continuous | | | |
| 9.2 | Accuracy validation | Quarterly | | | |
| 9.3 | Bias testing | Monthly | | | |
| 9.4 | Drift detection | Continuous | | | |
| 9.5 | User feedback review | Monthly | | | |
| 9.6 | Incident review | As needed | | | |
| 9.7 | Log review | Monthly | | | |
| # | Požadavek | Status | Evidence | Owner | Notes |
|---|
| 10.1 | Monitoring system established | ☐ | | | |
| 10.2 | Data collection on performance | ☐ | | | |
| 10.3 | Serious incidents reported | ☐ | | | |
| 10.4 | Corrective actions documented | ☐ | | | |
| 10.5 | Documentation updated | ☐ | | | |
Provést re-assessment pokud:
| Role | Jméno | Status | Datum | Podpis |
|---|
| AI Owner | | ☐ Approved / ☐ Pending | | |
| CTO | | ☐ Approved / ☐ Pending | | |
| DPO | | ☐ Approved / ☐ Pending | | |
| Legal | | ☐ Approved / ☐ Pending | | |
| CEO | | ☐ Approved / ☐ Pending | | |
Final Decision: ☐ APPROVED FOR DEPLOYMENT / ☐ CONDITIONALLY APPROVED / ☐ NOT APPROVED
Conditions (if any):
[PLACEHOLDER]
| Kategorie | Total Items | Completed | Percentage |
|---|
| Risk Management | | | |
| Data Governance | | | |
| Technical Documentation | | | |
| Record Keeping | | | |
| Transparency | | | |
| Human Oversight | | | |
| Accuracy & Robustness | | | |
| Conformity Assessment | | | |
| TOTAL | | | |
| Verze | Datum | Autor | Změny |
|---|
| 1.0 | | | Initial checklist |
Next Review: [PLACEHOLDER]