Provider (EU AI Act)

Definition under Article 3(3) of the EU AI Act — who develops or places AI systems on the market

· Category: EU AI Act · Compliance-Kit
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.

TL;DR

A provider under Article 3(3) of the EU AI Act is a natural or legal person, public authority, or other body that develops an AI system or GPAI model, or has one developed, and places it on the market or puts it into service under its own name or trademark — whether for payment or free of charge.

What is a Provider under the EU AI Act?

Providers bear the main burden of EU AI Act obligations — particularly for high-risk AI:

Practical example

Provider examples: - OpenAI (ChatGPT — GPAI provider) - Anthropic (Claude — GPAI provider) - Google (Gemini — GPAI provider) - SAP (HR recruiting tool — high-risk under Annex III) - An SME distributing its own RAG system under its own name

Frequently asked questions

Do I become a provider if I integrate ChatGPT into our software?
No, provided that you retain the OpenAI brand and use the model unchanged. In the case of re-branding or substantial modification (Article 25), you may qualify as a provider.
What constitutes a 'substantial modification'?
A material change to the purpose or functionality (Article 25). Example: a RAG system built on a GPAI model and marketed as an 'AI legal assistant' → provider status.
What are the fines for breaches of provider obligations?
Article 99 EU AI Act: up to EUR 15 million / 3 % of global annual turnover for high-risk violations; up to EUR 35 million / 7 % for breaches of Article 5.

See also