Guides · Article 50 · EU AI Act
Provider vs deployer under EU AI Act Article 50
Article 50 does not put every transparency duty on the same party. It splits them between providers and deployers, and which paragraph applies to you depends on the role you play for a given AI system. This guide explains the split as the regulation text sets it out. It is informational only and not legal advice.
How Article 50 divides its duties
Reading the four paragraphs together, the split is clear on the face of the text: the first two paragraphs address providers, and the second two address deployers.
- Article 50(1) — providers must ensure AI systems intended to interact directly with people are designed so people are informed they are interacting with an AI system (subject to the 'obvious' exception).
- Article 50(2) — providers of AI systems generating synthetic audio, image, video, or text must mark outputs in a machine-readable format as artificially generated or manipulated.
- Article 50(3) — deployers of an emotion-recognition or biometric-categorisation system must inform the people exposed and process personal data under EU data-protection law.
- Article 50(4) — deployers of an AI system that produces a deepfake must disclose the content is artificially generated or manipulated.
Provider or deployer — a working distinction
At a general level, a provider is roughly the party that develops an AI system or places it on the market, while a deployer is roughly the party that uses an AI system under its own authority. Those are working descriptions, not the full legal definitions, and a single business can be a provider of one system and a deployer of another — for example, building your own chatbot (provider-side duties may apply) while using a third-party deepfake or emotion-recognition tool (deployer-side duties may apply). Confirm your role for each system with qualified counsel before deciding which paragraph governs.
Why the role matters in practice
Because the duty follows the role, mapping each AI system to provider-side or deployer-side is usually the first documentation step. Our free scope check walks through the four paragraphs and gives an automated, informational indication of which may be in play — it does not decide your role for you.
Common questions
Can a company be both a provider and a deployer?
Yes. The role is assessed per AI system, so a business can hold provider-side duties for a system it develops and deployer-side duties for a system it merely uses. Which paragraph applies to each is fact-specific — confirm with qualified counsel.
See what may apply to your business
Answer seven quick questions for an automated, informational indication of which Article 50 obligations appear likely to apply — free, and not legal advice.