Who is a provider?

A provider of AI systems is anyone who develops an AI system, attaches their name or brand to it, or makes significant modifications. This includes both companies based in the EU and providers outside the EU if their AI systems are used within the EU.

Likewise, anyone who purchases another provider's AI system to offer it under their own name (e.g., as “IHK-GPT”) to their customers (such as a service chatbot) automatically assumes the role of a provider by attaching their own label to the system.

The key obligations for providers depend on the risk classification of the AI system. Providers are required to prepare declarations of conformity, establish risk and quality management systems, and supply relevant technical documentation.

Who is an operator?

Operators of AI systems are businesses that use AI systems in their operations or offer products or services to end-users in the EU through these systems. For instance, a business may use an AI system to review and pre-sort incoming invoices from suppliers. Other examples include AI systems utilised in customer support.

Operators of such AI systems must ensure compliance with the providers’ guidelines, monitor risks, and report incidents. For instance, if an AI system intended solely for low-risk applications, such as chatbot functions, is instead used in high-risk domains (e.g., automated applicant management) in contradiction to the provider’s guidelines, the operator inadvertently becomes the provider of a high-risk AI system and must comply with all associated extensive obligations.

Other actors

In addition to providers and operators, there are other actors involved in the provision of AI systems who are subject to the AI regulation:

• Importers and traders in the EU who distribute AI systems,
• Product manufacturers who integrate AI systems into their products,
• Authorized representatives of third-country providers who act as contact points within the EU.

Top tips