EU AI Act: All Obligations for Businesses 2026
Who must do what? The EU AI Act defines clear obligations for providers, deployers, importers and distributors of AI systems.
The EU AI Act (Regulation (EU) 2024/1689) regulates the use of Artificial Intelligence in the European Union. Different obligations apply depending on your role in the value chain. Here you'll find an overview of all requirements – differentiated by your role as provider, deployer, importer or distributor.
Provider
Art. 16–22 EU AI Act
Providers are companies or natural persons who develop or commission an AI system and place it on the market under their own name. They bear primary responsibility for compliance.
Establish and maintain a risk management system (Art. 9)
Create and keep technical documentation up to date (Art. 11, Annex IV)
Conduct conformity assessment before placing on the market (Art. 43)
Affix CE marking and prepare EU declaration of conformity (Art. 47–49)
Implement quality management system (Art. 17)
Deployer
Art. 26–27 EU AI Act
Deployers are companies that use an AI system under their own responsibility – the users of AI technology in their own operations.
Use AI system according to provider's instructions for use (Art. 26(1))
Ensure human oversight through trained personnel (Art. 26(2))
Check input data for relevance and representativeness (Art. 26(4))
Inform affected persons about AI use (Art. 26(11))
Conduct data protection impact assessment when required (Art. 26(9))
Importers
Art. 23–24 EU AI Act
Importers bring AI systems from outside the EU to the European market. They must ensure systems meet all requirements.
Ensure conformity assessment has been carried out (Art. 23(1))
Verify technical documentation and CE marking are in place (Art. 23(2))
Indicate own name and contact details on the AI system or packaging (Art. 23(3))
Comply with storage and transport conditions (Art. 23(4))
Distributors
Art. 25 EU AI Act
Distributors make AI systems available on the market without developing or importing them. They also have due diligence obligations.
Verify CE marking and documentation before making available (Art. 25(1))
Not make AI system available if doubts about conformity exist (Art. 25(2))
Provide all information to market surveillance authorities on request (Art. 25(3))
Penalties for Non-Compliance
€35M
or 7% of annual turnover for using prohibited AI systems (Art. 99(3))
€15M
or 3% of annual turnover for violations of provider obligations (Art. 99(4))
€7.5M
or 1% of annual turnover for providing incorrect information (Art. 99(5))
Key Deadlines
Ban on AI systems posing unacceptable risk (Art. 5)
Obligations for providers of general-purpose AI models (GPAI, Art. 51–55)
All obligations for high-risk AI systems and transparency requirements (Art. 6–49)
Obligations for certain high-risk AI in Annex I (critical infrastructure, education)
Source: Regulation (EU) 2024/1689 of the European Parliament and Council of 13 June 2024. EUR-Lex Volltext
Which obligations apply specifically to your company?