Key facts
- Defines the terms used most often across EU AI Act compliance work.
- Written in plain English, cross-linked to fuller explanations where relevant.
- Covers roles (provider, deployer), risk categories, and key processes (FRIA, conformity assessment).
- Updated as terminology in the EU AI Act and related standards evolves.
- Use alongside our EU AI Act and ISO 42001 guides for fuller context.
Roles and actors
Provider — an organisation that develops an AI system, or has one developed, and places it on the market under its own name. Deployer — an organisation that uses an AI system under its own authority without being its provider. Market surveillance authority — the national body responsible for enforcing the EU AI Act in each member state.
Risk and classification terms
High-risk AI system — an AI system falling into a category defined by the EU AI Act (such as those used in recruitment, credit scoring or critical infrastructure) that carries the Act's most extensive compliance obligations. Prohibited AI practice — a use of AI banned outright under the Act, such as social scoring by public authorities. GPAI — General-Purpose AI, a model capable of performing a wide range of tasks, subject to its own specific obligations.
Process and documentation terms
Conformity assessment — the process a high-risk AI system must go through to demonstrate compliance before being placed on the market. FRIA — Fundamental Rights Impact Assessment, required for certain deployers of high-risk AI to assess impact on individuals' rights. Technical documentation — the detailed records a provider must maintain describing an AI system's design, development and risk management.
Governance terms
AI inventory — a record of all AI systems in use across an organisation. AI literacy — the level of understanding of AI required of staff under Article 4 of the EU AI Act, proportionate to their role. Operating model — the practical structure (decision rights, committees, workflows) behind an organisation's AI governance.
Frequently asked questions
What is a provider under the EU AI Act?
An organisation that develops an AI system, or has one developed, and places it on the market under its own name.
What is a deployer under the EU AI Act?
An organisation that uses an AI system under its own authority without being its provider.
What does GPAI mean?
General-Purpose AI — a model capable of performing a wide range of tasks, subject to its own specific EU AI Act obligations.
What is a FRIA?
A Fundamental Rights Impact Assessment, required for certain deployers of high-risk AI systems.
What is an AI inventory?
A record of all AI systems in use across an organisation, and the starting point for most AI governance work.
Related pages
Sources
Last updated 19 June 2026.