AI Act Compliance Roles

AI Act compliance roles are the legal operator categories that determine who owes which duties under the EU AI Act: providers, deployers, importers, distributors, product manufacturers, authorised representatives, and affected persons.

Key points

• A provider develops or has developed an AI system or general-purpose AI model and places it on the market or puts it into service under its own name or trademark, whether paid or free ^[src-085].
• A deployer uses an AI system under its authority, except personal non-professional use; deployers of high-risk systems can owe monitoring, logging, worker-notice, human-oversight, and fundamental-rights impact-assessment duties ^[src-085].
• Importers, distributors, product manufacturers, and authorised representatives carry supply-chain duties that connect AI compliance to ordinary product-market accountability ^[src-085].
• The Act uses the broader term operator to include provider, product manufacturer, deployer, authorised representative, importer, or distributor ^[src-085].
• Third-country actors can fall under the Act when they place AI systems or GPAI models on the EU market, or when the output produced by their AI system is used in the Union ^[src-085].
• Compliance analysis therefore starts with role mapping: the same technical system can create different duties depending on who built it, branded it, imported it, deployed it, monitored it, or used its output in the EU ^[src-085].

Related entities

• EU AI Act
• European Union

Related concepts

• Risk-Based AI Regulation
• High-Risk AI Systems
• General-Purpose AI Model Governance
• Enterprise Agent Governance
• Agent Security Boundaries

Source references

• ^[src-085] European Parliament and Council of the European Union – "Regulation (EU) 2024/1689 … (Artificial Intelligence Act)" (2024-07-12)