The EU AI Act assigns obligations by role, not by industry. The two roles you most often take on are provider and deployer, and which one you are determines what the law asks of you. Most businesses are deployers of someone else’s AI.
What a provider is
A provider develops an AI system (or has one developed) and places it on the market or puts it into service under its own name or trademark. Providers carry the heaviest obligations: conformity assessment for high-risk systems, technical documentation, and — for generative AI — marking outputs as artificially generated. If you build and sell an AI product, you are a provider.
What a deployer is
A deployer uses an AI system under its own authority in the course of its activity. If you embed a third-party chatbot on your website or use an AI writing tool to produce content, you are a deployer. Deployers carry the user-facing transparency duties under Article 50 — telling people they are interacting with AI, and disclosing deep-fake or AI-generated public-interest content.
Why the distinction matters
You can be both at once: a provider of your own AI feature and a deployer of several third-party tools. The obligations stack. Getting the role right for each system tells you exactly which duties apply, and it is the first thing a regulator or a procurement reviewer will want to see you have reasoned through.