AI Governance Library

Model contractual clauses for the public procurement of High-Risk AI (“MCC-AIHigh-Risk”)

These model clauses aim to operationalize the EU AI Act for public sector AI procurement. They provide contracting authorities with a pre-structured set of legal and technical expectations covering the lifecycle of high-risk AI systems.
Jakub Szarmach
3 min read
Model contractual clauses for the public procurement of High-Risk AI (“MCC-AIHigh-Risk”)
Model contractual clauses for the public procurement of High-Risk AI (“MCC-AIHigh-Risk”)
Model contractual clauses for the public procurement of High-Risk AI (“MCC-AIHigh-Risk”).pdf
551 KB
download-circle

The MCC-AI-High-Risk document offers a full legal toolkit for public buyers acquiring AI systems classified as high-risk under the AI Act. It transforms regulatory language into procurement-ready obligations and includes optional add-ons to reflect the diversity of public sector needs. Here’s how it breaks down:

A. Definitions

Establishes a shared vocabulary—crucial in AI contracting. Includes clear definitions for concepts like “Reasonably Foreseeable Misuse,” “Substantial Modification,” and the treatment of different types of Data Sets.

B. Essential Requirements

These are direct translations of AI Act requirements into contractual obligations, including:

  • Risk management systems with continuous review and documented testing.
  • Data governance, including bias assessment, provenance tracking, and representativeness of datasets.
  • Technical documentation & instructions for use as deliverables.
  • Logging and traceability through automatic recordkeeping.
  • Transparency obligations to support interpretability and oversight.
  • Human oversight mechanisms, including interfaces and override procedures.
  • Robustness, accuracy, and cybersecurity aligned with Annex H measures.

C. Supplier Duties

Mandates quality management systems, conformity assessment, cooperation with rights impact assessments, and mandatory corrective action pathways.

D. Data Use Rights

Specifies ownership, usage rights, destruction duties, and potential handover of both public and third-party data sets—with flexibility through Annex B.

E. AI Register & Audit

Public bodies can request and disclose system information for AI registries. Audit rights are broad, and non-compliance can trigger remedy obligations. Suppliers bear compliance costs unless in full conformity.

F. Costs

Defaults to no additional fees unless otherwise agreed, reinforcing fiscal discipline.

Annexes A–H

Provide detailed templates for describing the AI system, data handling, technical documentation, accuracy metrics, and governance safeguards.

💡 Why it matters?

Procurement shapes the AI ecosystem. These clauses are a first-of-its-kind contract toolkit designed to give public authorities control—not just over what they buy, but how it’s built, monitored, and adapted.

This document does three things at once:

  1. Turns regulatory obligations into enforceable terms
  2. Offers ready-made language to avoid reinventing wheels for every tender
  3. Sets a de facto benchmark for “what good looks like” in responsible AI procurement

The MCC-AI-High-Risk is how the AI Act begins to take real-world effect. By hardwiring requirements for risk management, explainability, bias mitigation, and data traceability into the procurement process, public buyers can finally say: compliance isn’t optional—it’s contractual.

What’s Missing?

While the clauses are comprehensive, there are some areas that still need refinement or clarification:

  • Balance of obligations: Optional clauses on explanations (Art. 14) and AI register disclosures (Art. 19) might become essential in practice. There’s a risk of fragmented uptake without clearer guidance from the Commission.
  • SME-specific considerations: The clauses are heavy for smaller vendors. There’s no dedicated adjustment mechanism for simplifying obligations based on supplier size or capacity.
  • Integration with national frameworks: These are pan-EU clauses, but AI procurement is often local. There’s no mention of how they map onto national contract law or sector-specific procurement rules.
  • Handling of open-source models: While the clauses mention open-source under AI Act Article 53(2), there’s little operational guidance on how to contractually enforce obligations when the underlying model is freely available.

Best For:

  • Procurement officers drafting tenders or contracts for AI-enabled systems in education, health, justice, etc.
  • Legal teams within government bodies building frameworks aligned with the AI Act.
  • AI suppliers navigating compliance while competing for public contracts.
  • Regulatory consultants and AI ethics teams advising public institutions on operationalizing the AI Act.

Source Details:

Model Contractual Clauses for the Public Procurement of High-Risk AI, European Commission, Community of Practice on the Procurement of AI, February 2025 Draft.

Document status:

Non-binding. Issued as part of a working group process within the Public Buyers Community on AI, coordinated by the European Commission. These clauses are expected to evolve alongside AI Act enforcement practice.

Legal context:

Anchored in Chapter III of the EU AI Act, especially Articles 9–15, and related transparency and accountability requirements. Builds on the definitions and principles laid out in the AI Act but remains adaptable to specific contract terms via annex customization.

Report Template EU AI ACT
About the author
Jakub Szarmach

Jakub Szarmach

Read next

Incident Notification and Information Sharing Requirements: EU Digital Laws

AI Liability Along the Value Chain

Governance in the Age of Generative AI: A 360º Approach for Resilient Policy and Regulation

NIST: Reducing Risks Posed by Synthetic Content An Overview of Technical Approaches to Digital Content Transparency

Professionalizing Organizational AI Governance Report

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.