Themenbild Services der RTR

Provider obligations

The individual players and their obligations

As already stated in the recitals of the AI Act, given the nature and complexity of the AI value chain and in line with the new legal framework, it is essential to ensure legal certainty and facilitate compliance with this Regulation. Therefore, the roles and specific obligations of the relevant actors along the value chain need to be clarified. The core of the AI Act concerns obligations related to AI systems or AI models according to their risk classification.

In certain situations, different roles in the AI value chain can coincide in one person or organisation. The following constellations are possible, for example:

  • A provider of AI models or GPAI models may also be a provider of an AI system (Art. 75 AIA).
  • An importer can also assume the role of a trader (see recital 83)


What obligations do providers have?

In general, providers of AI systems of any kind have a duty to ensure that their staff and other persons entrusted with the AI systems have a sufficient level of AI competence (Art. 4 AIA). This includes the skills, knowledge and understanding that enable providers, considering their respective rights and obligations under the AI Act, to make an informed deployment of AI systems and to be aware of the opportunities and risks of AI and the potential harm it can cause (Art. 3 No. 56 AIA).

This infographic provides an overview of the obligations of providers of AI systems and AI models according to the risk classification
Overview of the obligations of providers of AI systems and AI models according to the risk classification © RTR (CC BY 4.0)

High-risk AI systems

These are AI systems that pose a high risk. They are not prohibited, but in some cases far-reaching obligations must be complied with. The obligations of providers of high-risk AI systems are standardised in Art. 16 of the AIA. The obligations include ensuring compliance with the requirements for high-risk AI systems in accordance with Art. 16 letter a in conjunction with Chapter III Section 2:

According to Art. 16 letter b to l AIA, the provider is also subject to the following additional obligations. These are not requirements for the high-risk AI system itself, but "other" obligations.

AI systems with "limited" risk

In Art. 50 AIA, the AI Act lists certain AI systems that present a limited risk. The risk can be minimised by means of certain transparency obligations. They can be summarised under the category "Transparency towards downstream actors".

The provider has the following transparency obligations with regard to the following AI systems:

AI systems that interact directly with natural persons (e.g. chatbots)

Such AI systems must be designed and developed in such a way that the natural persons concerned are informed that they are interacting with an AI system. Exceptions to this are cases where this is obvious from the circumstances and context of use.

AI systems that generate or manipulate image, audio or video content (e.g. deepfakes)

AI systems (including GPAI systems) that generate synthetic or manipulate image, audio or video content shall be designed and developed in such a way that the outputs can be output in a machine-readable format and recognised as artificially generated or manipulated.

AI systems with "minimal" risk

No mandatory requirements are standardised for AI systems with minimal risk. Only the obligation for "AI competence" pursuant to Art. 4 AIA also applies to such AI systems. Otherwise, compliance with the Code of Practices is encouraged, but this is voluntary. 

GPAI models

In the case of GPAI models, providers must fulfil the following obligations in accordance with Art. 53, 54 AIA:

GPAI models with systemic risk

If the GPAI model is one with systemic risk, providers must fulfil the obligations set out in Art. 55 AIA in addition to those set out in Art. 53 and 54 AIA:

What obligations do product manufacturers have?

In the case of high-risk AI systems that are safety components of products covered by the Union harmonisation legislation listed in Annex I Section A, the product manufacturer is deemed to be the provider of the high-risk AI system in accordance with Art. 25 para. 3 of the AIA and is subject to the obligations of a provider in accordance with Art. 16 of the AIA in the two cases below:

  • The high-risk AI system is placed on the market together with the product under the name or trade mark of the product manufacturer;
  • the high-risk AI system is put into serivce under the name or trade mark of the product manufacturer after the product has been placed on the market.