EU AI Act high-risk obligations begin in X days - start your readiness check EU AI Act deadline in X days - check readiness
Role-by-article matrix

EU AI Act Compliance Matrix by Role and Article

Use this EU AI Act compliance matrix to compare provider and deployer responsibilities by article, then jump to the relevant free EU AI Compass tool, checklist, or evidence starter.

Free · No login · Local download · Last reviewed 2026-04-27

EU AI Act Compliance Matrix Provider Deployer Importer Distributor XLSX

Professional Excel worksheet with Start Here, Dashboard, role-by-article matrix, lookups, sources, and review notes.

Download XLSX worksheet →

Role-by-article matrix Markdown

Plain Markdown matrix for internal notes and review.

Download Markdown →

Matrix

This matrix is a practical map, not a legal determination. It helps a team decide which article cluster needs attention and which evidence starter to open next.

ArticleTopicProvider relevanceDeployer relevanceEvidence starterEU AI Compass link
Article 4AI literacyPrimary duty for provider staff and relevant personsPrimary duty for deployer staff and relevant personsAwareness and role-based training recordsAI literacy evidence log; AI literacy planner
Article 5Prohibited AI practicesMust not place or put prohibited systems into serviceMust not use prohibited practicesUse-case screening and approval recordProhibited practices reference; quick checker
Article 6 + Annex IIIHigh-risk classificationClassify systems before placing on market or putting into serviceUnderstand if a deployed use case falls into high-risk scopeClassification rationale and reviewer sign-offCompliance checker; Annex III checklist
Articles 9-15High-risk system requirementsPrimary provider-side requirementsReview provider instructions and evidence where using high-risk systemsProvider evidence pack; control mappingPaid-tier candidate; related guides
Article 25Responsibility along AI value chainPrimary if placing system on market under name or modifying systemCan become provider if substantially modifying or relabelling a high-risk systemChange review and reclassification recordAccidental provider classifier
Article 26Deployer obligationsProvide instructions and evidence needed by deployersUse systems according to instructions, assign oversight, monitor, keep logs where under control, and manage input dataDeployer checklist and operational assessmentDeployer obligations checklist; Article 26 scorer
Article 27FRIASupport with technical and risk information where neededComplete FRIA where Article 27 appliesFRIA worksheet and approval recordLocal FRIA generator; FRIA + DPIA guide
Article 50Transparency obligationsMay need to design notices and technical marking controlsMay need to provide clear notices to natural persons depending on use caseNotice copy, labelling evidence, UI screenshotArticle 50 notice templates; transparency validator
Article 72Post-market monitoringPrimary provider-side obligationEscalate issues and monitor use according to instructions where relevantMonitoring plan, issue log, feedback loopProvider-side paid-tier candidate
Article 73Serious incident reportingPrimary provider-side reporting obligationEscalate potential serious incidents to provider and internal ownersIncident register and escalation evidenceIncident playbook; serious incident starter register

How to read the matrix

Start with the role. If your organization uses a third-party AI system inside its own process, begin with deployer duties. If it builds, substantially modifies, relabels, places on the market, or puts a system into service under its own name, check provider-side duties carefully.

FAQ

Does one organization have only one role?

No. The same organization can be a deployer for one system and a provider for another. Do the role analysis per system and per use case.

Why include provider-side articles on a deployer-focused site?

Because deployers need to spot when modification, relabelling, or internal build decisions could pull them into provider responsibilities.

Related EU AI Compass assets

Deployer assessment
Score readiness under Article 26.Local FRIA generator
Prepare a local Article 27 record.Transparency validator
Check Article 50 notice needs.

Source and review note

This page is an educational evidence starter. It is not legal advice and does not confirm compliance. Review the official text of Regulation (EU) 2024/1689 and obtain qualified legal review before relying on any template for a formal compliance decision.