EU AI Act Article 13: Transparency and Logging Requirements for High-Risk AI

Article 13 is one of the most practically demanding requirements in the EU AI Act. It requires high-risk AI systems to be designed and developed in a way that ensures they operate with sufficient transparency for deployers to interpret and use the system's output appropriately.

Unlike Article 50 (which covers user-facing transparency disclosures for all AI), Article 13 is specifically about the design of the AI system itself — how it communicates what it does, how it logs what happened, and how deployers can understand and verify its outputs.

What Article 13 requires

Article 13 has two core requirements:

• Transparency of operation: The system must be designed so deployers can interpret its output and use it appropriately. This is not about explanainability research papers — it is about practical product design that lets real users understand what the system is telling them.
• Automatic logging: The system must technically enable the automatic recording of events (logs) relevant to identifying situations that may result in risks, and to facilitate post-market monitoring.

Additionally, Article 13 requires that high-risk AI systems come with instructions for use — comprehensive documentation provided to deployers in a clear, accessible format.

Transparency by design

The regulation says high-risk AI systems must enable deployers to "interpret the system's output and use it appropriately." In practice, this means building several things into your product:

Output interpretability

• Confidence scores: When your AI makes a prediction or classification, provide a confidence level. A hiring tool should not just say "recommended" — it should indicate how strong the recommendation is.
• Key factors: Show which input variables most influenced the output. This does not require full explainability (which may be technically impossible for some models), but deployers need enough information to sanity-check results.
• Known limitations: Make it clear in the product interface where the system performs well and where it does not. If your model has lower accuracy for certain demographic groups or edge cases, surface this information.

Appropriate use guidance

• Intended use boundaries: Make it clear in the product what the system is designed to do and what it is NOT designed to do
• Decision support framing: If the system is meant to assist human decision-making (not replace it), the interface should frame outputs as recommendations, not decisions
• Risk indicators: Flag cases where the system is operating at the edge of its capabilities or encountering unusual inputs

Automatic logging requirements

Article 13(2) requires that high-risk AI systems "technically allow for the automatic recording of events (logs)" throughout their lifecycle. The logs must capture enough information to:

• Identify situations that may result in the system presenting a risk
• Facilitate post-market monitoring
• Enable traceability of the system's operation

What to log in practice:

• Input data references: Not necessarily the full input data, but enough to identify what was processed. For a CV screening tool, this means logging which candidate profile was processed, when, and what version of the model was used.
• Output data: The actual output the system produced — the score, classification, recommendation, or decision
• Timestamps: When each operation occurred
• Model version: Which version of the model produced each output — critical for tracing issues back to specific model updates
• Reference databases: If the system queries external databases, log which databases were consulted and when
• Anomalies and edge cases: When inputs fall outside normal parameters or confidence is unusually low
• Human override actions: When a human overrode or modified the system's output

Instructions for use

Article 13(3) requires that high-risk AI systems are accompanied by instructions for use in a "clear, comprehensive, correct and accessible" format. These instructions must include:

• The provider's identity and contact information
• The system's intended purpose and foreseeable misuse scenarios
• The level of accuracy, robustness, and cybersecurity — including specific metrics, not vague claims
• Known or foreseeable circumstances that may lead to risks
• Performance specifications, including for specific groups of affected persons
• Input data specifications and any data quality requirements
• Human oversight measures, including how to interpret outputs
• Expected lifetime and maintenance requirements
• Computational and hardware resource requirements
• Change logs describing modifications made throughout the system's lifecycle

The instructions for use are not your marketing materials. They are not your product documentation aimed at developers. They are a specific, regulation-required document that must be comprehensive enough for deployers to use the system in compliance with their own obligations.

How to implement Article 13

Here is a practical implementation approach:

Week 1-2: Audit current state

• Map every output your AI system produces and assess whether deployers can meaningfully interpret each one
• Inventory your current logging — what is captured, what is missing, what is the retention policy
• Review your existing documentation against the instructions-for-use requirements

Week 3-4: Design and build

• Add confidence scores and key factor indicators to AI outputs where they do not already exist
• Implement or extend structured logging to capture all required events
• Set up log retention and access controls

Week 5-6: Documentation

• Draft instructions for use following the Article 13(3) requirements
• Include specific performance metrics, not general claims
• Have deployer-facing teams review the documentation for clarity

Article 13 is fundamentally about building AI systems that people can understand, verify, and trust. If you build transparency and logging into your product from the start, compliance becomes a natural extension of good engineering practices rather than a painful retrofit.