AI Provider (EU AI Act)

Definition

Under Article 3(3) of the EU AI Act, an AI provider (often called a "provider") is:

"a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge"

Provider vs. Deployer

The EU AI Act distinguishes sharply between providers and deployers (formerly called "users"):

A SaaS company that develops a candidate-ranking model and sells it to HR departments is the provider. The HR department using the tool is the deployer.

When a deployer becomes a provider

Article 25 sets out the conditions under which a deployer acquires provider obligations. This happens when the deployer:

• Places a high-risk AI system on the market under their own name or trademark
• Makes a substantial modification to a high-risk AI system
• Changes the intended purpose of a non-high-risk system in a way that makes it high-risk

Provider obligations for high-risk AI

Providers of high-risk AI systems bear the heaviest regulatory burden:

1. Establish a quality management system (Article 17)
2. Draw up and maintain Annex IV technical documentation (Article 11)
3. Enable automatic logging (Article 12)
4. Establish post-market monitoring (Article 72)
5. Report serious incidents and malfunctions to authorities (Article 73)
6. Register the system in the EU AI Act database (Article 71)
7. Undergo conformity assessment and affix CE marking (Articles 43–49)
8. Appoint an EU representative if headquartered outside the EU (Article 22)

→ Read How EU HR-Tech SaaS Becomes a High-Risk AI Provider or check your obligations with the free Readiness Check.