Glossary

The EU AI Act, term by term

Every key concept in the EU AI Act, defined in plain English and linked to the detail — from provider and deployer to conformity assessment, FRIA and GPAI.

Core concepts

Risk tiers

Operator roles

Authorised representative

Art. 22

An authorised representative is an EU-established entity appointed by a non-EU provider of a high-risk AI system (Article 22) or GPAI model (Article 54) to keep documentation available and act as the contact point for authorities.

Deployer

Art. 3(4)

A deployer uses an AI system under its own authority in a professional activity — for example a company running an AI hiring tool it did not build. Deployers of high-risk AI have duties under Article 26.

Distributor

Art. 3(7)

A distributor makes an AI system available on the EU market without being the provider or importer — typically a reseller or channel partner. Article 24 requires it to verify CE marking and documentation before distributing.

GPAI model provider

Art. 53–55

A GPAI model provider places a general-purpose AI model on the EU market. It must meet Articles 53–55: technical documentation, downstream information, a copyright policy, a training-data summary, and — for systemic-risk models — stricter testing and cybersecurity.

Importer

Art. 3(6)

An importer is an EU-established operator that places on the EU market an AI system bearing the name or trademark of a provider established outside the EU. Article 23 makes it verify conformity before selling.

Provider

Art. 3(3)

A provider develops an AI system (or GPAI model) and places it on the market or puts it into service under its own name or trademark. Providers of high-risk systems carry the heaviest obligation set (Article 16).

Substantial modification

Art. 25

A substantial modification is a change to a high-risk AI system — to its intended purpose or one affecting its compliance — that was not foreseen in the original conformity assessment, triggering a fresh assessment.

Obligations

AI literacy

Art. 4

Article 4 requires providers and deployers to ensure that staff and others operating or using AI systems on their behalf have a sufficient level of AI literacy. It has applied since 2 February 2025 and cuts across all risk tiers.

Data governance

Art. 10

Article 10 requires that training, validation and test datasets for high-risk AI are relevant, sufficiently representative, and examined for possible biases that could affect health, safety or fundamental rights.

Fundamental Rights Impact Assessment (FRIA)

Art. 27

A FRIA (Article 27) is an assessment certain deployers of high-risk AI — public bodies and providers of essential private/public services — must complete before first use, documenting how the deployment could affect people's fundamental rights and how risks are mitigated.

Human oversight

Art. 14

Article 14 requires high-risk AI systems to be designed so that natural persons can effectively oversee them — understanding the system, monitoring its operation, interpreting outputs, and intervening or stopping it.

Post-market monitoring

Art. 72

Article 72 requires providers of high-risk AI to run a documented plan that actively and systematically collects and reviews real-world performance data after the system is on the market.

Record-keeping (logging)

Art. 12

Article 12 requires high-risk AI systems to automatically record events (logs) over their lifetime, ensuring a level of traceability appropriate to the system's intended purpose.

Risk management system

Art. 9

Article 9 requires providers of high-risk AI to establish, run and document a continuous, iterative risk-management process across the whole system lifecycle — identifying, evaluating and mitigating risks to health, safety and fundamental rights.

Serious incident reporting

Art. 73

Article 73 requires providers of high-risk AI to report serious incidents to the relevant market-surveillance authority, generally without undue delay and within set deadlines (as short as immediately, up to 15 days depending on severity).

Transparency obligations

Art. 50

Article 50 requires that people are told when they interact with an AI system (e.g. a chatbot), when content is AI-generated or manipulated (deepfakes), and when emotion-recognition or biometric-categorisation systems are used.

Documents & conformity

CE marking

Art. 48

Article 48 requires the CE marking to be affixed to a high-risk AI system (or its documentation) to signal that it conforms to the EU AI Act. It is the visible sign that conformity assessment and the declaration of conformity are complete.

Conformity assessment

Art. 43

A conformity assessment (Article 43) is the process by which a provider demonstrates a high-risk AI system meets the Act's requirements before it is placed on the market — either via internal control (Annex VI) or a notified body (Annex VII).

EU database registration

Art. 49

Article 49 requires providers (and certain deployers) of high-risk AI systems to register the system in a public EU database before it is placed on the market or put into service.

EU declaration of conformity

Art. 47

Article 47 requires the provider of a high-risk AI system to draw up a written EU declaration of conformity stating that the system meets the Act's requirements, and to keep it for ten years after the system is placed on the market.

Notified body

Annex VII

A notified body is an independent, accredited organisation designated to carry out third-party conformity assessments (Annex VII) for high-risk AI systems in the specific cases where self-assessment is not sufficient.

Technical documentation (Annex IV)

Art. 11 / Annex IV

Article 11 and Annex IV require providers of high-risk AI to draw up technical documentation before the system is placed on the market, describing the system, its development, performance, risk management and compliance — kept up to date.

Training-data summary

Art. 53(1)(d)

Article 53 requires GPAI model providers to draw up and make publicly available a sufficiently detailed summary of the content used to train the model, using a template provided by the AI Office.

Governance