AnkündigungUmsetzungszeitplan EU AI Act: wichtige Termine für Betreiber
KLA Digital Logo
KLA Digital
Template

Post-market Monitoring Plan Template (Article 72 compliant)

Download an Article 72 compliant post-market monitoring plan template covering system identification, monitoring objectives, data collection, performance metrics, alerting, review procedures, incident response, and documentation.

Generate a reviewable post-market monitoring plan in 30-60 minutes.

For compliance, risk, product, and ML ops teams shipping agentic workflows into regulated environments.

Zuletzt aktualisiert: 16. Dez. 2025 · Version v1.0 · Fiktives Beispiel. Keine Rechtsberatung.

Download editable templateVollständiges Paket anfordern

Problem melden: /contact

Kontext

Was dieses Artefakt ist (und wann Sie es brauchen)

Minimal funktionsfähige Erklärung, geschrieben für Audits, nicht für Theorie.

The EU AI Act Article 72 requires providers of high-risk AI systems to establish and document a post-market monitoring system. This is not optional. It is a compliance requirement with specific mandates for how you monitor AI systems after deployment.

This template provides a structured 8-section approach covering system identification, monitoring objectives, data collection, performance metrics, alerting, review procedures, incident response, and documentation.

Sie brauchen dies, wenn

  • You are deploying an agent into a regulated workflow (credit, claims, KYC/AML, HR).
  • You need to prove ongoing quality, safety, and policy compliance after go-live.
  • You are preparing an Annex IV dossier or an audit readiness review.

Common failure mode

A plan that lists metrics but has no thresholds, no named owners, no alert escalation procedures, and no incident response workflow tied to exportable evidence.

Checkliste

Erfolgskriterien

Akzeptanzkriterien, die Prüfer tatsächlich überprüfen.

  • System identification links to regulatory classification and Annex IV documentation.
  • Monitoring objectives connect to identified risks with clear success criteria.
  • Data collection covers all sources with quality requirements and privacy considerations.
  • Performance metrics include technical, drift, and fairness thresholds with severity levels.
  • Alerting defines severity levels, notification matrix, and escalation procedures.
  • Review procedures include continuous monitoring, sampling, and periodic governance reviews.
  • Incident response covers definition, immediate response, investigation, and Article 73 reporting.
  • Documentation and evidence storage ensures tamper-proof retention with audit readiness.
Vorschau

Vorlagenvorschau

Ein echter Auszug in HTML, damit er indexierbar und prüfbar ist.

Template preview (excerpt)
## Section 4: Performance Metrics

### 4.1 Technical Performance Metrics
| Metric | Definition | Threshold | Alert Level |
|--------|------------|-----------|-------------|
| [Accuracy] | [% correct predictions] | [>95%] | [Critical if <90%] |

### 4.2 Drift Metrics
| Metric | Calculation Method | Threshold | Check Frequency |
|--------|-------------------|-----------|-----------------|
| [Feature drift] | [PSI or KL Divergence] | [PSI <0.1] | [Daily] |

## Section 5: Alerting and Escalation

### 5.1 Alert Severity Levels
| Level | Criteria | Response Time |
|-------|----------|---------------|
| Critical | [Immediate risk, compliance violation] | [15 minutes] |
| High | [Significant degradation] | [4 hours] |
Vollständiges Artefakt herunterladen
Anleitung

Wie man es (schnell) ausfüllt

Benötigte Eingaben, Zeit zum Abschließen und ein minimales Arbeitsbeispiel.

Benötigte Eingaben

  • System identification with regulatory classification and Annex IV references.
  • Monitoring objectives connected to risk register with success criteria.
  • Data sources, collection frequency, quality requirements, and privacy considerations.
  • Performance thresholds (technical, drift, fairness) with severity levels.
  • Alerting configuration with escalation matrix and after-hours coverage.
  • Review procedures (continuous, sampling, periodic) with governance integration.
  • Incident response procedures including Article 73 regulatory reporting.

Zeit zum Abschließen: 30-60 minutes for a defensible v1.

Mini example: alert severity

BEISPIEL
Alert Severity Levels:
| Level | Criteria | Response Time |
|-------|----------|---------------|
| Critical | System down, accuracy <90%, discriminatory outcome | 15 minutes |
| High | Accuracy <95%, drift threshold exceeded | 4 hours |
| Medium | Approaching threshold, unusual pattern | 24 hours |
| Low | Minor metric movement, informational | Next business day |
KLA-Mapping

Wie KLA dies generiert (Govern / Measure / Prove)

Verknüpfen Sie das Artefakt mit Produktfunktionen.

Govern

  • Policy-as-code checkpoints that block or require review for high-risk actions.
  • Versioned change control for model/prompt/policy/workflow updates.

Measure

  • Risk-tiered sampling reviews (baseline + burst during incidents or after changes).
  • Near-miss tracking (blocked / nearly blocked steps) as a measurable control signal.

Prove

  • Hash-chained, append-only audit ledger with 7+ year retention language where required.
  • Evidence Room export bundles (manifest + checksums) so auditors can verify independently.

Verwandte Ressourcen

Human oversight playbookAudit log retention policy templateEvidence pack checklistAI model card template
Häufige Fragen

Häufige Fragen

Prägnante Antworten auf häufige Fragen.

Herunterladen

Artefakt herunterladen

Bearbeitbares Markdown. Keine E-Mail erforderlich.

Download editable template