Quick answer

Article 26 defines obligations for deployers — businesses that use high-risk AI systems. You must use the system according to instructions, ensure human oversight, monitor performance, keep logs, inform affected individuals, and conduct fundamental rights impact assessments where required.

Updated June 2026 · MmowW AI Compliance

Article 26: Your Obligations as an AI Deployer

What Is a Deployer?

In EU AI Act terminology, a deployer is any business or organization that uses an AI system. If you bought or subscribed to an AI tool and use it in your business operations, you're a deployer. This is distinct from a provider, who is the company that built and sells the AI system. Most small businesses are deployers, not providers.

Article 26 spells out what deployers of high-risk AI systems must do. Even if the AI vendor has done everything right on their end, you still have your own set of responsibilities.

Your Key Obligations

First, use the AI system in accordance with the provider's instructions. If the vendor says their tool is designed for English-language documents, don't use it for Japanese documents and expect reliable results. Second, assign human oversight to qualified individuals who have the right training, authority, and support. Third, monitor the system's operation and report any issues to the provider.

You must also keep the logs automatically generated by the system (when under your control) for at least six months. You need to inform your employees that they're subject to AI systems used in the workplace. And if you're a public body or certain types of private organizations, you must conduct a fundamental rights impact assessment before deploying the system.

Practical Compliance Steps

Start by reading your AI vendor's instructions of use — not just skimming them, but actually understanding what the tool is designed to do and what it's not designed to do. Designate someone as the human overseer and make sure they have adequate training. Set up a simple monitoring process — check the AI's outputs regularly and watch for patterns of errors or unexpected results.

Keep a record of your compliance efforts. Document who is responsible for oversight, what training they've received, and how you monitor the system. This paperwork might seem tedious, but it's your evidence of compliance if questions arise.

When Things Go Wrong

If your AI system produces incorrect or harmful results, you need to act quickly. Stop using the system for that purpose if there's a safety concern. Report the issue to your AI vendor. If the incident involves a risk to health, safety, or fundamental rights, you may also need to report it to the relevant authorities. Having a clear incident response plan in place before something goes wrong makes this process much smoother.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.