EU AI Act · Article 26 · Deployer obligations

Article 26 of the EU AI Act: Deployer Obligations

Article 26 is the duty set for deployers — the companies that use high-risk AI they didn't build. 'It's the vendor's problem' is a myth: deployers have independent, enforceable obligations.

What Article 26 requires

Deployers must use the system according to its instructions; assign competent human oversight; ensure input data they control is relevant; monitor operation and suspend use if it poses a risk; keep the automatically generated logs; inform workers and their representatives before workplace deployment; and, where they make decisions about individuals, inform affected persons.

Who it binds

Deployers of high-risk AI systems. Certain deployers (public bodies, essential-service providers) must also complete a Fundamental Rights Impact Assessment (Article 27).

Key points

  • Independent of the provider's duties — buying a compliant tool doesn't discharge them.
  • Includes human oversight, monitoring, logs and worker information.
  • May trigger a FRIA (Article 27).

FAQ

We just use an AI tool — do Article 26 duties apply?

Yes, if it's a high-risk system used professionally under your authority. Article 26 places independent duties on you as the deployer, separate from the vendor's provider duties.

Related articles

See which articles apply to your systems

Run the free 2-minute checker — deterministic, no sign-up.

Run the free check