Your EU AI Act Obligations
As a deployer (you use AI built by others) of limited-risk AI stacks, you have 3 obligations under the EU AI Act.
Your Obligations
Want the full picture? Read our complete deployer obligations guide.
Disclose AI Interaction to Users
Article 50 →Providers and deployers of certain AI systems must comply with transparency obligations in Art. 50, including: informing natural persons that they are interacting with an AI system (Art. 50(1)); marking synthetic audio/image/video/text outputs in a machine-readable format (Art. 50(2)); informing persons exposed to emotion-recognition or biometric categorisation systems (Art. 50(3)); disclosing AI-generated deep fakes and AI-generated text published on matters of public interest (Art. 50(4)). Information must be given clearly at first interaction (Art. 50(5)).
AI Literacy for Staff
Article 4 →Providers and deployers must take measures to ensure a sufficient level of AI literacy among staff and any other persons dealing with the operation and use of AI systems on their behalf, having regard to their technical knowledge, experience, education, and training, and the context in which the AI systems are to be used.
Downstream-Provider Complaint Against GPAI Provider
Article 89 →The AI Office may take the actions necessary to monitor effective implementation and compliance with the Regulation by providers of general-purpose AI models, including their adherence to approved codes of practice. Downstream providers (operators building on a GPAI model) have the right to lodge a reasoned complaint alleging an infringement by the upstream GPAI provider; the complaint must identify the GPAI provider, describe the facts, name the provisions said to be infringed, and include any relevant information the downstream provider has gathered.
Provider Request Emails
Send these to your AI providers to request the documentation you need for compliance.
OpenAI (GPT-4, ChatGPT)
Dear OpenAI (GPT-4, ChatGPT) Compliance Team, We are writing to request documentation required under the EU AI Act (Regulation 2024/1689) for our use of your AI services. As a deployer of AI systems that incorporate your technology, we have specific compliance obligations that require information from you as the upstream provider. Under the EU AI Act, we require the following: 1. TRANSPARENCY INFORMATION (Article 13 / Article 50) — Intended purpose and limitations of your AI models — Performance metrics and known biases — Information about training data characteristics 2. TECHNICAL DOCUMENTATION (Annex IV) — System architecture description — Design specifications and development methodology — Accuracy, robustness, and cybersecurity measures 3. CONFORMITY INFORMATION (Article 47) — Your EU Declaration of Conformity (if applicable) — CE marking status for high-risk AI system components — Any conformity assessment results 4. RISK MANAGEMENT (Article 9) — Known risks associated with your AI models — Recommended risk mitigation measures for deployers — Any usage restrictions or conditions The EU AI Act enforcement deadline is August 2, 2026. We would appreciate receiving this documentation at your earliest convenience to ensure our compliance. Please let us know if you have questions about this request or if there is a dedicated compliance contact we should work with. Best regards, [Your Name] [Your Company] --- Generated by AIActStack — EU AI Act compliance for AI-powered companies. Scan your obligations free → https://aiactstack.com
Generate compliance documents automatically
Save your results to get AI-generated Article 50 transparency notices and DPIA templates, pre-filled with your specific AI stack details. Ready in seconds.
Track your compliance progress
Save these results to your dashboard. Generate compliance documents, track provider requests, and stay ahead of the deadline.
Create Account & Save