For organisations building, deploying or using AI systems in the European market, the regulatory landscape is quite different to the UK’s “Pro-innovation approach” where there is no overarching legislation governing AI but regulators each take their own approach.
One key European standard you should be aware of is prEN 18286: Quality Management System (QMS) for EU AI Act regulatory purposes. In draft as of December 2025.
The standard is aimed at high-risk AI systems, helping to demonstrate compliance with the EU AI Act’s quality management obligations. Its appearance marks a clear route towards a system based approach to compliance.
Find out about other roles relative to AI systems.
What is prEN 18286?
prEN 18286 is a draft standard that translates Article 17 of the EU AI Act into a structured and auditable Quality Management System (QMS).
It clearly defines how an AI providers QMS should operate in practice across the full lifecycle of an AI system, from design and development through to deployment, monitoring and eventual decommissioning.
When it’s formally adopted as a harmonised standard it will be published in the Official Journal of the EU and conforming organisations will benefit from the presumption of conformity with corresponding legal requirements of the EU AI Act.
Why prEN 18286 Matters for AI Providers
This draft standard reframes “quality” from a traditional definition of customer satisfaction towards a regulatory compliance focus including safety, fundamental rights and lawful operation.
Core Components of prEN 18286
- Regulatory obligation identification and monitoring,
- Risk and Data Governance Controls,
- Verification, validation and lifecycle controls,
- Post-market monitoring and serious incident reporting,
- Documentation, traceability and transparency,
- Supplier and resource management,
- Human oversight and accountability structures.
Each of these can be integrated into existing management systems such as ISO 9001 and ISO 42001, making compliance efficient through an integrated system.
How does prEN 18286 and ISO 42001 relate to each other?
There is a complementary relationship between prEN 18286 and ISO 42001 the international standard for an AI Management System (AIMS), although they are different systems.
ISO 42001 provides the voluntary framework for establishing, implementing, maintaining and improving AI governance and risk management at an organisational level. The standard sets out the requirements for a management system as well as providing an Annex of controls and Annexes of other guidance that support the risk management and impact assessment requirements.
However, prEN 18286 is designed to meet the requirements of the EU AI Act, specifically Article 17: Quality Management System.
In practice this means that ISO 42001 alone does not necessarily ensure EU AI Act compliance, while prEN 18286 may not necessarily provide a QMS for other markets such as the US or Australia.
If you are building, integrating or using AI systems across multiple markets, it is likely you will need a combination of these standards within an integrated management system. It’s important to firstly understand the legal and regulatory requirements around AI in each market, and then ensure these are met by your management system.
Common questions organisations ask about prEN 18286 Compliance
Is prEN 18286 mandatory?
Not at present (December 2025). Like other harmonised standards, its application remains voluntary until cited in the Official Journal of the EU. However, once it is cited, conformity provides a presumption of conformity with the EU AI Act’s requirements, which de-risks regulatory scrutiny and market access.
Who does prEN 18286 apply to?
It targets providers of high-risk AI systems — entities that develop or place AI systems on the EU market under their own name or trademark. Providers must implement and maintain a QMS that can stand up to regulatory scrutiny.
Does prEN 18286 apply to all AI systems?
The focus is on high-risk systems as defined under the EU AI Act. If your systems are high-risk under the Act’s classification (for example, impacting fundamental rights, safety or livelihoods), prEN 18286 is the most direct path to validating compliance.
How does prEN19286 integrate with existing management systems?
prEN 18286 is designed for integration. Organisations with ISO 9001 QMSs or those already using ISO 42001 AIMS frameworks will find that prEN 18286’s structure can be built around and on top of existing processes, reducing duplication and audit burden.
Get EU AI Act Compliant!
prEN 18286 is emerging as a cornerstone of EU AI Act compliance strategies. For any organisation serious about navigating the legal obligations of high-risk AI systems, prEN 18286 provides the blueprint for regulator-ready quality systems. When paired with ISO 42001, it can create a robust compliance posture that accelerates market access and reduces regulatory risk.
If your organisation is exploring how to embed these requirements into existing AI governance and management systems, it’s essential to think in terms of systems and evidence, not just check-boxes. Contact our ISO 42001 Consultants who can also help with prEN 18286 and Outsource AI Governance services to provide you a complete service!
