Model con­tract clau­ses for AI pro­cu­re­ment by public organizations

English 
English  Deutsch  Français 

Aut­ho­ri­ty

Indu­stry

Laws

Tags

Content 

In order to sup­port respon­si­ble AI pro­cu­re­ment, the Com­mu­ni­ty on the Pro­cu­re­ment of AI published EU model con­tract clau­ses (“MCC-AI”) for AI pro­cu­re­ment by public orga­nizati­ons on 29 Sep­tem­ber 2023. It has now pre­sen­ted an updated ver­si­on on March 5, 2025:

The model con­tract clau­ses sti­pu­la­te that pro­vi­ders of high-risk AIS (HRAIS) must record risk manage­ment pro­to­cols, main­tain tech­ni­cal docu­men­ta­ti­on and ensu­re human over­sight – requi­re­ments that are deri­ved direct­ly from the AIA. For non-high-risk AIS, the clau­ses pro­vi­de for a “light ver­si­on”. The clau­ses focus on obli­ga­ti­ons ari­sing from the AEOI and exclude other regu­la­ti­ons, for exam­p­le under the GDPR. The clau­ses are likely to app­ly not only in the public sec­tor – see the commentary:

It would not be appro­pria­te for orga­nizati­ons other than public orga­nizati­ons to use the MCC-AI. Nevert­hel­ess, parts of them could cer­tain­ly be used by orga­nizati­ons other than public orga­nizati­ons. They will always have to assess, clau­se-by-clau­se, whe­ther the use of the MCC-AI is appro­pria­te in each situation.

The full ver­si­on for HRAIS pro­vi­des for 14 core obli­ga­ti­ons for pro­vi­ders and is struc­tu­red as follows:

  • Sec­tion A – Definitions
    • Art. 1 – Definitions
  • Sec­tion B – Essen­ti­al requi­re­ments in rela­ti­on to the AI system
    • Art. 2 – Risk manage­ment system
    • Art. 3 – Data and data management
    • Art. 4 – Tech­ni­cal docu­men­ta­ti­on and ins­truc­tions for use
    • Art. 5 – Reten­ti­on of records
    • Art. 6 – Trans­pa­ren­cy of the AI system
    • Art. 7 – Human supervision
    • Art. 8 – Accu­ra­cy, robust­ness and cybersecurity
  • Sec­tion C – Obli­ga­ti­ons of the Sup­plier in rela­ti­on to the AI System
    • Art. 9 – Com­pli­ance with Sec­tion B
    • Art. 10 – Qua­li­ty manage­ment system
    • Art. 11 – Con­for­mi­ty assessment
    • Art. 12 (Optio­nal) – Assess­ment of the impact on fun­da­men­tal rights
    • Art. 13 – Cor­rec­ti­ve measures
    • Art. 14 (Optio­nal) – Obli­ga­ti­on to decla­re indi­vi­du­al decision-making
  • Sec­tion D – Rights of use to the data records
    • Art. 15 – Rights to data records of the public organization
    • Art. 16 – Rights to sup­plier data records and third-par­ty data records
    • Art. 17 – Trans­fer of data records
    • Art. 18 – Exemptions
  • Sec­tion E – AI regi­ster and audit
    • Art. 19 (Optio­nal) – AI register
    • Art. 20 – Com­pli­ance and audit
  • Sec­tion F – Costs
    • Art. 21 – Costs
  • Attach­ments
    • Appen­dix A – The AI system and its inten­ded purpose
    • Appen­dix B – The data sets
    • Appen­dix C – Tech­ni­cal documentation
    • Appen­dix D – Ins­truc­tions for use
    • Appen­dix E – Mea­su­res to ensu­re transparency
    • Annex F – Mea­su­res to ensu­re human supervision
    • Appen­dix G – Accu­ra­cy levels
    • Annex H – Mea­su­res to ensu­re an appro­pria­te level of resi­li­ence, secu­ri­ty and cybersecurity