# EU AI Act Role-by-Article Matrix

Use this matrix to stop role confusion early. It does not replace legal analysis. It helps teams see which obligations usually sit with providers, deployers, and other operators, then points to the practical evidence a first file should contain.

Educational starter. Not legal advice.

| Article | Topic | Provider relevance | Deployer relevance | Evidence starter |
|---|---|---|---|---|
| Article 4 | AI literacy | Train relevant staff and persons dealing with AI systems. | Train relevant staff and persons using or overseeing AI systems. | Awareness and role-based training records. |
| Article 5 | Prohibited AI practices | Do not place or put prohibited systems into service. | Do not use prohibited practices. | Use-case screening and approval record. |
| Article 6 + Annex III | High-risk classification | Classify systems before placing on market or putting into service. | Understand if a deployed use case falls into high-risk scope. | Classification rationale and reviewer sign-off. |
| Articles 9-15 | High-risk system requirements | Primary provider-side requirements. | Review provider instructions and evidence where using high-risk systems. | Provider evidence pack and control mapping. |
| Article 25 | Responsibility along AI value chain | Primary if placing a system on the market under your name or substantially modifying it. | Can become provider if substantially modifying or relabelling a high-risk system. | Change review and reclassification record. |
| Article 26 | Deployer obligations | Provide instructions and evidence needed by deployers. | Use systems according to instructions, assign oversight, monitor, keep logs where under control, and manage input data. | Deployer checklist and operational assessment. |
| Article 27 | FRIA | Support with technical and risk information where needed. | Complete FRIA where Article 27 applies. | FRIA worksheet and approval record. |
| Article 50 | Transparency obligations | May need to design notices and technical marking controls. | May need to provide clear notices to natural persons depending on use case. | Notice copy, labelling evidence, UI screenshot. |
| Article 72 | Post-market monitoring | Primary provider-side obligation. | Escalate issues and monitor use according to instructions where relevant. | Monitoring plan, issue log, feedback loop. |
| Article 73 | Serious incident reporting | Primary provider-side reporting obligation. | Escalate potential serious incidents to provider and internal owners. | Incident register and escalation evidence. |