Compliance of products with embedded artificial intelligence

This document establishes a voluntary Common Regulatory Arrangement (CRA) that provides guidance and recommendations for regulatory cooperation without creating binding legal obligations or enforcement mechanisms with penalties.

The document has good coverage of approximately 10-12 subdomains, with strong focus on AI system security (2.2), malicious use prevention (4.1, 4.2, 4.3), human oversight and autonomy (5.1, 5.2), governance frameworks (6.5), competitive dynamics (6.4), and AI system safety (7.1, 7.2, 7.3, 7.4). Coverage is concentrated in security, regulatory governance, human-AI interaction, and system safety domains.

This document establishes a horizontal regulatory framework for products with embedded AI across multiple sectors. It explicitly addresses healthcare (medical equipment with diagnostic AI), manufacturing (industrial machinery with robots), and has broad applicability to any sector producing or using products with embedded AI. The framework is designed to promote regulatory convergence across all product categories rather than being sector-specific.

This document primarily addresses the deployment, operation, and monitoring stages of AI systems embedded in products. It focuses extensively on conformity assessment, market surveillance, and post-market compliance verification. While it references design considerations and risk assessment during development, the core emphasis is on regulatory frameworks for products already developed and entering or operating in the market.

The document explicitly defines and addresses AI systems and products with embedded AI. It references generative AI, discusses bias and trustworthiness considerations, and addresses cybersecurity and functional safety. The document does not mention frontier AI, general purpose AI, foundation models, compute thresholds, or open-weight models.