Artefact Interdependencies The 61 artefacts form a dependency graph rather than an independent list. Six artefacts serve as foundational inputs to many others. The composite version identifier (A4) is referenced by the deployment ledger (A5), the Declaration of Conformity (E1), the EU database registration (E2), the assessment report (D4), and the substantial modification assessment (B9). The risk register (C2) feeds the residual risk sign-offs (C3), the IFU residual risk section (E4), the threat model (B7), and the FRIA (E7). The evidence register (B2) indexes every other artefact. Three artefacts function as terminal outputs that consume but do not feed other artefacts: the Declaration of Conformity (E1), the CE marking authorisation (E3), and the serious incident report (E6). The Declaration is the final convergence point; it cannot be signed until the assessment report (D4) is complete, the NCR (D3) is clear, and the risk register (C2) shows accepted residual risk. The model card (A3) illustrates a cross-category dependency chain: it is auto-generated (Category A), feeds the dataset documentation (B5), the fairness evaluation report (B4), and the IFU (E4), and is reviewed during the conformity assessment (D2). Key outputs

• Foundational artefact identification (six key inputs)
• Terminal artefact identification (three final outputs)
• Declaration of Conformity dependency chain