Skip to content
Version 2025-09-22 By Spencer Brawner

EU AI Act: Provider vs Deployer Obligations

EU AI Act Provider obligations Deployer obligations AI compliance High-risk AI
TL;DR

The EU AI Act distinguishes between providers (who develop, import, or substantially modify AI systems) and deployers (who use AI systems for their intended purpose). Providers bear primary responsibility for compliance, risk assessment, documentation, and CE marking. Deployers must ensure appropriate use, human oversight, and impact assessments for high-risk systems. Understanding your role determines your obligations under the regulation.

Section 01 // Key Facts

Key Facts

5 facts documented
  • Providers develop, import, or substantially modify AI systems for market placement or service provision.

    [1]
  • Deployers use AI systems under their authority for their intended purpose in professional context.

    [1]
  • Providers bear primary responsibility for compliance, including risk management and documentation.

    [1]
  • Deployers must ensure human oversight, appropriate use, and conduct impact assessments where required.

    [1]
  • High-risk AI systems trigger additional obligations for both providers and deployers.

    [1]
Section 02 // Implementation

Implementation Steps

5 steps
  1. 01

    Assess whether you are a provider, deployer, or both for each AI system.

  2. 02

    Classify AI systems according to EU AI Act risk categories (prohibited, high-risk, limited risk, minimal risk).

  3. 03

    If provider: implement risk management, quality management, documentation, and CE marking.

  4. 04

    If deployer: establish human oversight, use instructions, and impact assessment procedures.

  5. 05

    Implement monitoring systems and incident reporting as required by your role.

Section 03 // Glossary

Glossary

6 terms
Provider
Entity that develops, imports, or places AI systems on the EU market
Deployer
Entity that uses an AI system under their authority for its intended purpose
High-risk AI system
AI system listed in Annex III or used as safety component in regulated products
CE marking
Conformity marking indicating compliance with EU health, safety, and environmental requirements
Substantial modification
Change to AI system that affects compliance or intended purpose significantly
Impact assessment
Assessment of fundamental rights impact before deploying high-risk AI systems
Section 04 // References

References

2 sources
  1. [1]
    EU AI Act (Regulation 2024/1689) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
  2. [2]
    European Commission AI Act Implementation Guidance https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
Section 05 // Facts

Machine-Readable Facts

3 claims
[
  {
    "id": "f-provider-role",
    "claim": "Providers bear primary compliance responsibility including risk management and CE marking.",
    "source": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689"
  },
  {
    "id": "f-deployer-role",
    "claim": "Deployers must ensure appropriate use and human oversight of AI systems.",
    "source": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689"
  },
  {
    "id": "f-high-risk-obligations",
    "claim": "High-risk AI systems trigger enhanced obligations for both providers and deployers.",
    "source": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689"
  }
]

// END OF DOCUMENT //