AI System Providers

Under Article 3(3) of the eu-ai-act-regulation-2024-1689, a provider means "a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge."

Key Obligations for High-Risk AI Systems (Article 16)

Providers must:

Ensure compliance with Chapter III, Section 2 requirements
Indicate name and contact details on system/packaging
Implement quality management system (Article 17)
Maintain required documentation (Article 18)
Keep automatically generated logs (Article 19)
Conduct conformity assessment (Article 43)
Draw up EU declaration of conformity (Article 47)
Affix CE marking (Article 48)
Register in EU database (Article 49)
Take corrective actions when needed (Article 20)
Demonstrate conformity upon request
Ensure accessibility compliance

Quality Management System (Article 17)

Must include:

Regulatory compliance strategy
Design and development procedures
Quality control and assurance
Testing and validation procedures
Technical specifications and standards
Data management systems
Risk management system
Post-market monitoring
Incident reporting procedures
Communication procedures
Record-keeping systems
Resource management
Accountability framework

Documentation Requirements

Providers must maintain for 10 years:

Technical documentation (Article 11, Annex IV)
Quality management documentation
Notified body decisions and certificates
EU declaration of conformity

Third Country Providers

Providers established outside the EU must appoint an authorised-representatives in the Union before making systems available.

Liability and Cooperation

Providers must:

Cooperate with competent authorities
Provide information and documentation upon request
Report serious incidents
Take corrective measures for non-compliant systems