[guillermollopis]

The practical answer is: start with classification. Most developers jump straight to "what documentation do I need?" but the first question is whether your system is even high-risk under Annex III.

If it is, you're looking at Annex IV technical documentation — which covers everything from training data governance to accuracy metrics to human oversight mechanisms. It's roughly equivalent to producing a detailed design document for a regulatory audience. A few approaches I've seen teams take: - DIY with the regulation text (free but slow — the Act is 144 pages) - Hire a compliance consultant (thorough but expensive, €200-500/hr) - Use tooling — EuConform is open source and does risk classification. Annexa (https://annexa.eu) parses your actual code files and generates draft Annex IV documentation for €49/month. Credo AI is the enterprise option if budget isn't a constraint. The biggest gap I see is that most teams haven't even done the classification step. If you haven't, that's where to start, it's free on most tools and takes 5-10 minutes.