How did your team operationalize EU AI Act Art. 9 risk management systems for internal ML tools?

We're preparing for the EU AI Act's risk management system requirements (Art. 9) and trying to figure out how to operationalize this without turning every internal ML tool into a compliance bottleneck. Specifically, the regulation requires a risk management system that covers the entire lifecycle — from design to deployment to post-market monitoring. For a company running ~15 internal ML models (recommendation, fraud scoring, text classification), the overhead seems disproportionate. Questions for teams that have tackled this: 1. Do you implement a unified risk management framework across all models, or tiered based on risk classification? We're considering a 3-tier approach but unsure where to draw the lines. 2. How do you handle the documentation burden for models that are technically "high risk" under Annex III but have minimal real-world impact (e.g. an internal HR screening assistant)? 3. What tools or processes are you using for continuous monitoring of model risk post-deployment? Traditional MLOps monitoring (drift, accuracy) seems insufficient for the regulatory requirements. Jurisdiction: EU, DE Looking for practical experience, not legal opinions.