09.02 - Risk Management System Capabilities and Process

The adopted risk management system shall comprise the following steps:

1. identification and analysis of the known and foreseeable risks associated with each high-risk AI system;

2. estimation and evaluation of the risks that may emerge when the high-risk AI system is used in accordance with its intended purpose and under conditions of reasonably foreseeable misuse;

3. evaluation of other possibly arising risks based on the analysis of data gathered from the post-market monitoring system referred to in ;

4. adoption of suitable risk management measures in accordance with the provisions of the following paragraph.

The risk management measures referred to above, point 3 shall give due consideration to the effects and possible interactions resulting from the combined application of the requirements set out in the Chapter 2 of the EC AIA. They shall consider the generally acknowledged state of the art, including as reflected in relevant harmonised standards or common specifications.

On the Seclea Platform, the category 'Risk Management System Capabilities and process' consists of three checks: Risk Identification and Analysis, Risk Estimation and Evaluation and Post Market Risk Estimation and Evaluation. These checks track the suitability of the risk management system for EC AIA.