Provider vs. Deployer Distinction
The EU AI Act establishes a fundamental distinction in AI accountability:
Provider: The entity that develops an AI system (or has it developed) and places it on the market or puts it into service under their own name or trademark.
Deployer: The entity that uses an AI system under its authority, except for purely personal non-professional use.
This maps roughly to “maker” versus “user,” but with legal specificity that matters.
Providers bear responsibility for design, development, and pre-market compliance. Deployers bear responsibility for appropriate use, context-specific risk assessment, and human oversight implementation.
The distinction acknowledges that the same AI system can be safe or dangerous depending on deployment context, and that those contexts are beyond the provider’s control but within the deployer’s.
A company building a language model is a provider. A hospital using that model for diagnosis is a deployer. Different obligations attach to each.