Key facts

  • Defines the terms used most often across EU AI Act compliance work.
  • Written in plain English, cross-linked to fuller explanations where relevant.
  • Covers roles (provider, deployer), risk categories, and key processes (FRIA, conformity assessment).
  • Updated as terminology in the EU AI Act and related standards evolves.
  • Use alongside our EU AI Act and ISO 42001 guides for fuller context.

Roles and actors

Provider — an organisation that develops an AI system, or has one developed, and places it on the market under its own name. Deployer — an organisation that uses an AI system under its own authority without being its provider. Market surveillance authority — the national body responsible for enforcing the EU AI Act in each member state.

Risk and classification terms

High-risk AI system — an AI system falling into a category defined by the EU AI Act (such as those used in recruitment, credit scoring or critical infrastructure) that carries the Act's most extensive compliance obligations. Prohibited AI practice — a use of AI banned outright under the Act, such as social scoring by public authorities. GPAI — General-Purpose AI, a model capable of performing a wide range of tasks, subject to its own specific obligations.

Process and documentation terms

Conformity assessment — the process a high-risk AI system must go through to demonstrate compliance before being placed on the market. FRIA — Fundamental Rights Impact Assessment, required for certain deployers of high-risk AI to assess impact on individuals' rights. Technical documentation — the detailed records a provider must maintain describing an AI system's design, development and risk management.

Governance terms

AI inventory — a record of all AI systems in use across an organisation. AI literacy — the level of understanding of AI required of staff under Article 4 of the EU AI Act, proportionate to their role. Operating model — the practical structure (decision rights, committees, workflows) behind an organisation's AI governance.

Frequently asked questions

What is a provider under the EU AI Act?

An organisation that develops an AI system, or has one developed, and places it on the market under its own name.

What is a deployer under the EU AI Act?

An organisation that uses an AI system under its own authority without being its provider.

What does GPAI mean?

General-Purpose AI — a model capable of performing a wide range of tasks, subject to its own specific EU AI Act obligations.

What is a FRIA?

A Fundamental Rights Impact Assessment, required for certain deployers of high-risk AI systems.

What is an AI inventory?

A record of all AI systems in use across an organisation, and the starting point for most AI governance work.

Related pages

Sources

Last updated 19 June 2026.