GovCompass
Knowledge base
Reference

Art. 26.8 EU AI Act: Registration in the EU Database

Updated: June 2026 — full revision to Validai quality standard

Introduction: The EU AI Database

The EU AI Act establishes a publicly accessible EU database for high-risk AI systems. Art. 49 creates registration obligations for providers. Art. 26.8 extends a more limited registration obligation to deployers — specifically deployers operating high-risk AI systems in areas of particular public interest: public authorities and bodies deploying AI in migration, asylum, and border control, and in biometric identification contexts.

Who Must Register Under Art. 26.8?

Art. 26.8 creates deployer registration obligations for:

  1. Public authorities using high-risk AI systems listed in Annex III points 1, 6, 7, or 8 (biometric identification, law enforcement, migration/asylum, justice)
  2. Any deployer using a high-risk AI system where the provider is established outside the EU — in this case the deployer takes on provider-equivalent registration obligations

For most private-sector Dutch organisations deploying AI in HR, credit, or healthcare contexts: Art. 26.8 registration is not directly required. However, the provider is required to register under Art. 49, and deployers should verify that their provider has done so.

What Must Be Registered?

Deployer registrations must include:

  • The deployer's name, registered address, and contact details
  • The registration number of the AI system (assigned by the provider's registration)
  • The deployer's use case — how and in what context the system is deployed
  • The categories of individuals affected
  • Geographic scope of deployment within the EU

Verification Obligations for All Deployers

Even where Art. 26.8 does not directly require deployer registration, all deployers of high-risk AI should verify that their provider has fulfilled their registration obligations under Art. 49. Request the system's EU database registration number from your provider and cross-check it against the public database once it is operational.

Compliance Checklist

  1. Are any of your high-risk AI deployments in Annex III points 1, 6, 7, or 8 contexts?
  2. Is your organisation a public authority? If so, Art. 26.8 registration may apply directly.
  3. Are any of your AI providers established outside the EU? If so, verify registration obligations carefully.
  4. Have you requested and verified the EU database registration number from each of your high-risk AI providers?
Legal referencesArt. 26