Change Management (AI) is the formalized, documented process mandated under the EU AI Act's Quality Management System (QMS) requirement, through which providers and deployers of high-risk AI systems control, evaluate, approve, and document all modifications to the system, its data sources, and its operational environment.

This process is critical because in dynamic AI systems, even well-intentioned changes, a software update, a new training dataset, or a shift in deployment context, can inadvertently introduce new risks, degrade performance, or invalidate the original conformity assessment. AI change management specifically addresses the unique challenge of "substantial modifications" that may require re-assessment, but it also governs routine updates to ensure they do not cumulatively become substantial. It provides a disciplined framework to assess the impact of change before implementation, ensuring continuity of compliance, safety, and performance.

A robust AI change management process typically includes the following stages:

Change Initiation & Proposal: Documenting the rationale, scope, and technical details of any proposed change, from a bug fix to a major model retrain.

Impact Assessment: Systematically evaluating the potential effects of the proposed change on the system's performance, risk profile, conformity with the EU AI Act's requirements, and its classification as a "substantial modification."

Review & Approval: Routing the change proposal and its impact assessment for formal review and approval by designated personnel (e.g., technical leads, compliance officers, risk managers) before implementation.

Implementation & Verification: Executing the change in a controlled manner, followed by verification testing to confirm it works as intended and does not introduce regressions or new vulnerabilities.

Documentation Update: Updating all relevant technical documentation, the risk management file, and instructions for use to reflect the change, maintaining an accurate historical record.

Regulatory Context: The requirement for change management is embedded in the QMS obligations of Article 17 of the EU AI Act and is integral to managing the lifecycle. It is the operational procedure that enforces the legal requirement of Article 43(3), which states that substantial modifications trigger a new conformity assessment. Annex VII for conformity assessment explicitly requires evidence of "procedures in place to ensure the continued conformity of the AI system."

Compliance Preservation: Formal change management is the primary control for preventing "compliance drift." Without it, organizations risk unknowingly operating a non-conformant system, voiding their CE marking and assuming significant liability. It provides a clear, auditable decision trail to demonstrate to regulators that all modifications were managed responsibly.