2Technical Documentation (Annex IV) — Structure, Fields & Templates

2Technical Documentation (Annex IV) — Structure, Fields & Templates

Zen AI Governance — Knowledge Base EU AI Act Compliance Updated 17 Nov 2025 www.zenaigovernance.com ↗

Post-Market Monitoring & Serious Incident Management

EU AI Act Compliance Post-Market Monitoring
+ On this page
Key takeaways
  • All deployed AI systems must have a live Post-Market Monitoring Plan (PMMP) with metrics, thresholds, and responsibilities.
  • Serious incidents must be reported to competent authorities within 15 days (Article 62 EU AI Act).
  • PMM feeds into Zen AI’s AIMS continuous improvement cycle and quarterly board reviews.

Purpose & objectives

Post-Market Monitoring (PMM) provides continuous oversight of AI system performance, safety, and compliance after deployment. It detects drift, bias, security incidents, and user complaints to maintain conformity throughout the AI lifecycle.

Monitoring triggers & data sources

  • Performance KPIs (F1, latency, fairness gap, error rates)
  • Security alerts (unauthorised access, prompt injection, data breach)
  • User feedback & complaints through Zen Helpdesk or AnswerBot
  • Bias audit results and model drift scores
  • Incident reports from clients or regulators

PMM dashboard & metrics

Metric CategoryExample KPIsAlert ThresholdAction Owner
Accuracy & ReliabilityΔ Accuracy > 5 %, model fail rate > 2 %Warning > 24 hAI Ops Lead
Fairness & BiasDemographic TPR gap > 5 %Immediate reviewEthics Officer
SecurityPrompt injection success > 1 %Rollback in 1 hSecurity Manager
User Complaints> 10 per month or 1 severity ≥ 2Escalate to Governance BoardCompliance Lead

Serious incident criteria & workflow

A serious incident is any event that results in or is likely to result in death, serious injury, legal non-compliance, systemic bias, or rights violation. Zen AI follows this response workflow:

Detect → Contain → Assess severity → Notify Compliance → Begin RCA → Report to Authority → Implement CAPA → Close & Review

Regulatory reporting timeline (EU AI Act Art. 62)

StageActionDeadlineResponsible
DetectionIdentify incident & record in PMM systemImmediateAI Ops Lead
Preliminary AssessmentConfirm severity and potential harm< 24 hCompliance Lead
Authority NotificationReport serious incident to regulator< 15 daysDPO / Legal
Follow-Up ReportProvide RCA, CAPA, and evidence updatesWithin 30 daysGovernance Board

Integration with CAPA & RMS

  • All PMM incidents auto-generate CAPA entries in the AIMS log.
  • CAPA closure triggers RMS update to re-score residual risk.
  • Quarterly RMS reviews identify recurring failure patterns for policy updates.

Templates & forms

A) Post-Market Monitoring Report Template
SectionContent / Example
System NameComplaintBot v2.1
Reporting PeriodQ4 2025
Performance KPIsAccuracy 0.91 (-2 % vs Q3); Fairness gap 3 %
Incidents Detected2 (SEV-2 bias drift events)
Actions TakenRetrained model, updated dataset metadata
CAPA StatusClosed – EV-ID: CAPA-2025-0412
B) Serious Incident Notification Form (Authority Submission)
Incident ID: INC-AI-2025-004
System: HighRiskModel-X
Detected: 2025-10-02 14:40 UTC
Description: Bias in credit scoring model impacting demographic group
Immediate Action: Model rollback + manual review process
Preliminary Impact: 35 users; no financial harm confirmed
Reported to: EU AI Authority / ICO UK
Follow-up: CAPA-2025-0101 initiated; monitoring active

Framework alignment

FrameworkReferenceRelevance
EU AI ActArt. 61–65Post-market monitoring & reporting obligations.
ISO/IEC 42001§10Improvement & nonconformity management.
NIST AI RMFManage & MeasureContinuous monitoring & risk mitigation.
UK DSIT FrameworkPrinciple 5Accountability & ongoing oversight.

Implementation checklist

  • PMM dashboard active with thresholds and owners assigned.
  • Incident workflow integrated with CAPA and RMS logs.
  • Serious incident forms ready for regulator submission.
  • Quarterly PMM reports reviewed by AI Governance Board.
  • Evidence IDs linked to TDF and AIMS repositories.

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 17 Nov 2025 • This page is general guidance, not legal advice

    • Related Articles

    • Technical Documentation (EU/UK aligned)

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Technical Documentation (EU/UK aligned) EU AI Act Compliance Regulatory Knowledge EU/UK aligned + On this page On this page System overview & purpose ...

    • Technical Documentation (Technical File) — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Technical Documentation (Technical File) — EU/UK aligned EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Scope & purpose ...

    • Conformity Assessment & CE Marking — Technical Documentation & Conformity

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Conformity Assessment & CE Marking EU AI Act Compliance Regulatory Knowledge EU/UK aligned + On this page On this page Routes & applicability ...

    • Instructions of Use — Templates — Foundations

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Instructions of Use — Authoring Templates EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Purpose & audience Reusable ...

    • Model Versioning & Release Controls — Evaluation & Documentation

      Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Model Versioning & Release Controls EU AI Act Compliance Evaluation & Documentation EU/UK aligned + On this page On this page Versioning scheme ...