What is a “deployer” under the EU AI Act?
A deployer is any natural or legal person, public authority or body using an AI system under its authority in the course of a professional activity (personal, non-professional use is excluded). The deployer is the AI Act’s “use side”: the company that runs a hiring tool, a scoring model or a chatbot in its own operations — as opposed to the provider who develops and places the system on the market.
Key deployer obligations
- Use high-risk systems in accordance with the provider’s instructions;
- Assign competent human oversight and control input data quality;
- Monitor operation, keep logs, and report serious incidents;
- Inform workers before deploying high-risk workplace AI;
- For credit scoring, life/health insurance pricing and public-service deployments: conduct a fundamental rights impact assessment;
- Transparency duties toward affected persons (Art. 50) where relevant.
Why the label matters
Deployers located outside the EU are still in scope where the system’s output is used in the EU — the clause that pulls Turkey-based companies into the Act without any EU establishment. Misclassifying yourself as “just a user” does not remove obligations; and modifying a system substantially can convert a deployer into a provider. Start from a feature-level classification memo.