ROMEOADVANCED ACADEMY

Lesson 3 of 5 · The EU AI Act for Non-Lawyers

Lesson 3

If you are a provider — what you must do

A nine-section walk through what the Act asks of any provider of a high-risk AI system. It is more work than minimal-risk; it is far less mysterious than the headlines suggest.

45 minutesReading and applied checklistNo tools required

By the end of this lesson, you will:

  • Know the nine substantive obligations that apply to providers of high-risk AI systems.
  • Understand what a conformity assessment is and what CE marking signals.
  • Be able to translate the obligations into a concrete to-do list for your own organisation.

The shape of provider duties

If you are the provider of a high-risk AI system (the entity that develops or has developed an AI system and places it on the EU market under your name), the Act asks you to do nine things. They are listed in Articles 8–17 of the Act. We will walk through each in plain language, with a working example: a CV-screening tool sold to recruitment agencies.

1. Operate a risk management system

You must establish, implement, document, and maintain a risk management system that runs across the whole lifecycle of the AI system. This is an ongoing process, not a one-off document. It identifies foreseeable risks to health, safety, and fundamental rights; estimates and evaluates those risks; and adopts measures to address them.

For our CV-screening tool, the risk register would include things like: bias against protected groups, leakage of sensitive personal data, mis-classification of qualifications, mis-use by recruiters who do not understand the model's confidence intervals. Each risk gets an owner, a treatment, and a review cycle.

2. Use high-quality training, validation, and testing data

The data used to train, validate, and test the AI system must be relevant, representative, sufficiently complete, free of errors to the extent feasible, and have appropriate statistical properties. The Act calls this "data governance".

The interesting part of this obligation is that it asks providers to actively examine the data for possible biases that could lead to discrimination. You must consider whether the data set is suitable for the intended purpose, the persons concerned, and the geographical, behavioural, and functional setting in which the system will be used.

For the CV-screening tool, this means: a documented review of the training data showing the gender, ethnicity, and age distribution; a comparison against the population of applicants the tool will see in production; explicit handling of historical bias in successful-hire labels.

3. Produce and maintain technical documentation

Before placing the system on the market, you must draw up technical documentation that demonstrates the system complies with the Act. The required contents are listed in Annex IV — a long list that includes a general description of the system, the design choices, the data and training methodology, the relevant standards applied, the test results, and the conformity assessment procedure followed.

This documentation must be kept up to date for ten years after the system is placed on the market. National authorities can ask to see it; you must be able to produce it within a reasonable timeframe.

4. Keep automatic logs

The system must allow for the automatic recording of events (logs) over its lifetime, sufficient to ensure traceability — input data, references to outputs, period of use, individuals involved in operating the system.

For the CV-screening tool: log every application processed, the model version, the score returned, the recruiter who acted on it, and the eventual decision. Retain the logs for at least six months.

5. Provide transparency and instructions for use

You must design the system so that its operation is sufficiently transparent for deployers to interpret and use the output, and you must provide concise, clear, complete instructions for use. The instructions must include the intended purpose, the characteristics and limitations of the system, the level of accuracy expected, and human-oversight measures.

This is one of the obligations where a lot of providers under-invest. The instructions are not marketing copy; they are an operational manual. For the CV-screening tool, the instructions should tell the recruiter exactly what the model does, what it does not consider, what its known error modes are, and how to challenge a low score.

6. Enable human oversight

High-risk AI systems must be designed and developed so that they can be effectively overseen by humans during the period in which they are in use. This includes building in the technical means for a human to interpret the output, to detect anomalies, and to decide not to use, or to override, the system's output.

"Effective oversight" means more than a "human in the loop" badge. The Act expects design choices that actually enable a human to do something useful — confidence scores, explanations, undo paths, escalation routes, an ability for the human to choose not to use the system at all.

7. Hit thresholds for accuracy, robustness, and cybersecurity

The system must achieve an appropriate level of accuracy, robustness, and cybersecurity — and perform consistently in those respects throughout its lifecycle. Accuracy levels and metrics must be declared in the instructions for use.

This is where harmonised standards (where they exist) and the Code of Conduct (under development) will do most of the work. For the moment, providers are expected to state their accuracy metrics honestly and to put in place the technical measures (input validation, monitoring, retraining cycles, security controls) appropriate to the risk.

8. Pass a conformity assessment and apply the CE marking

Before placing a high-risk AI system on the market, you must demonstrate it complies with all of the above. This is done through a conformity assessment.

For most Annex III high-risk systems, conformity assessment is done by the provider itself — what is called "internal control" or self-assessment. You assess your own system against the requirements and produce an EU declaration of conformity. The exception is biometric systems, where a third-party notified body must be involved in many cases.

When the assessment is complete, you affix the CE marking to the system (or, for software, to the product documentation and the EU declaration of conformity), and you draw up the declaration. The CE marking is a public statement that you have done what the law requires.

Aside · What CE marking is and is not

CE marking is the long-established European visual signal that a product complies with the relevant Union legislation. It is the same mark you see on toys, electrical goods, medical devices, and machinery. Putting a CE mark on an AI system is an act with legal weight; it is a declaration by you that the system meets the standards in the Act. Misapplying the mark is a serious offence. Conversely: if your high-risk system does not yet have CE marking, you are not allowed to place it on the EU market.

9. Register, monitor, and report

Before placing the system on the market, you must register it in the EU AI database maintained by the Commission. The database is publicly accessible (with sensitive information redacted), and the registration becomes part of the system's permanent record.

You must also operate a post-market monitoring system — actively collecting information on the operation of the system, evaluating its compliance, and addressing emerging risks. Serious incidents must be reported to the relevant national authority within strict timeframes (the most serious within 72 hours; others within 15 days). This is the AI Act equivalent of the GDPR's breach-notification regime.

If you also use a general-purpose AI model

A point of confusion. If your high-risk AI system is built on top of a third-party general-purpose AI model — say, a fine-tuned version of an open-source model, or a system that calls a foundation-model API — you are still the provider of your system. You inherit responsibility for everything the model contributes to your system's behaviour. The Act expects you to obtain enough information from the model provider to do your job. The GPAI provider has separate obligations to make this possible. We come back to this in Lesson 5.

If you are a provider of a "not-high-risk" Annex III system

If you have applied the Article 6(3) carve-out — concluded that your Annex III system does not pose a significant risk of harm — you have a much lighter set of duties. You document the assessment, you register the system in the EU database with a justification, and you are subject to post-market monitoring. Most of the heavyweight obligations do not apply. But the documentation has to be defensible: if a national authority disagrees with your carve-out assessment, you lose the lighter regime.

Exercise — Build the provider's to-do list for your system (25 minutes)

  1. If your system from Lesson 2 is high-risk: go through the nine obligations above and, for each, write one of three things:
    • "Done — and the evidence is at [location]."
    • "In progress — owner: [name], deadline: [date]."
    • "Not started — gap to close."
  2. For the biggest "not started": draft a one-paragraph plan. Who owns it, what they need, when it will be done by.
  3. If your system is not high-risk: imagine it became high-risk because of a use change. Which two obligations would be hardest for your organisation to meet? Why?

The penalty structure, briefly

Non-compliance with provider obligations on high-risk systems carries fines of up to €15 million or 3% of global annual turnover, whichever is higher. Supplying incorrect, incomplete, or misleading information to authorities is fined up to €7.5 million or 1% of turnover. (Prohibited practices, the Tier 1 offences from Lesson 2, are fined at the higher level of €35M/7%.) Member States can set higher penalties under national law; many are doing so.

Self-check

  1. Name the nine provider obligations from memory.
  2. What is the difference between internal-control and notified-body conformity assessment?
  3. What does the CE marking actually signal?
  4. If you build a fine-tuned version of an open-source model, who is the provider of the resulting system?

Looking ahead

Lesson 4 swaps perspective. You are now the deployer — the organisation that bought the high-risk AI system and is using it. The duties are different, lighter, and easier to underestimate. We cover them next.