AI Vendor Assessment Framework for EU AI Act Deployers

When you deploy a third-party AI system — a hiring screener, a credit-scoring tool, an automated claims handler — you are operating as a deployer under Article 26 of Regulation (EU) 2024/1689. You did not build the system. You do not control the training data. But you are legally accountable for how it runs in your environment. That accountability does not transfer to the vendor.

This means deployer due diligence is not optional box-ticking. It is the mechanism by which you confirm that the vendor (the provider under Article 16) has done their part — and that their documentation actually supports your obligations in practice. A vendor who delivers a CE-marked system with an EU declaration of conformity and instructions that are too thin to implement Article 14 human oversight has not done enough. Vendor assessment is where you find that out before deployment, not after.

The framework below organises due diligence into six stages. Each stage includes the regulatory hook, the practical question you are trying to answer, and a checklist of what to ask the vendor.

---

Step 1: Determine the Risk Tier for Your Specific Use

The same AI system can sit in different risk tiers depending on how you intend to use it. Classify the system for your context — do not rely on the vendor's marketing label.

Start with Article 5. If the system falls within any prohibited practice — emotion recognition in workplaces or schools, real-time remote biometric identification in public spaces for law enforcement without a narrow exception, social scoring by public bodies, biometric categorisation that infers protected characteristics — stop. The prohibition applies regardless of vendor assurances. Article 5 has been in force since 2 February 2025.

Then apply Article 6 and Annex III. A system is high-risk if it is used in one of the eight Annex III domains: biometrics; critical infrastructure safety components; education and vocational training; employment and worker management (Annex III point 4); access to essential services including creditworthiness/credit scoring (point 5(b)) and health/life insurance risk and pricing (5(c)); law enforcement; migration and border control; or administration of justice.

Article 6(3) provides a narrow exception: a system in an Annex III area is not high-risk if it performs only a procedural task, improves on a previously completed human activity, detects patterns without replacing human assessment, or does only preparatory work. Any system that profiles natural persons is always high-risk. For limited-risk systems, check Article 50 — chatbots and synthetic-content tools carry transparency disclosure duties from 2 August 2026.

Checklist — Step 1

• Confirmed the system does not fall under any Article 5 prohibition for my intended use?
• Identified the specific Annex III point (and sub-letter) that applies, or confirmed the system is outside Annex III?
• If the vendor claims Article 6(3) exemption, reviewed their documented assessment?
• Documented my own classification rationale?

---

Step 2: Verify the Provider's High-Risk Compliance Package

You are not conducting the conformity assessment yourself — you are verifying it was done and the documentation is adequate to support your obligations.

Conformity assessment (Article 43). Most Annex III systems use internal self-assessment under Annex VI; the biometrics category (Annex III point 1) generally requires a notified body under Annex VII. Confirm which route was taken.

EU declaration of conformity (Article 47). A signed declaration that the system conforms to Regulation (EU) 2024/1689. Verify it references the correct Regulation and describes the system you are procuring.

CE marking (Article 48). Must be affixed before market placement. Confirm its location.

Technical documentation (Article 11 and Annex IV). The substantive heart of the compliance package. It must cover the system's intended purpose, data governance under Article 10 (training data provenance, bias mitigation, representativeness), performance metrics disaggregated by demographic group, the Article 9 risk management system, and human oversight procedures.

Registration (Article 49). Stand-alone high-risk AI systems must be registered in the EU database (established under Article 71) before market placement. Request the registration number.

Instructions for use (Article 13). Must be specific enough to let you implement Article 14 oversight — intended purpose, accuracy levels, known limitations, oversight measures, and deployment constraints.

Authorised representative (Article 22). If the provider is non-EU, an EU-based representative must be in place before market placement.

Checklist — Step 2

• Conformity assessment route (Annex VI or VII) confirmed and documented?
• Article 47 declaration received and references Regulation (EU) 2024/1689?
• CE marking location confirmed?
• Annex IV documentation: intended purpose, Article 10 data governance, demographic-disaggregated performance metrics, Article 9 risk register, human oversight technical design, known limitations?
• Article 49 registration number in the EU database confirmed?
• If non-EU provider: Article 22 authorised representative in place?

---

Step 3: Confirm the Instructions Support Your Article 14 and Article 26 Duties

A CE mark confirms the vendor ran a process. It does not tell you whether the documentation is operationally usable for your team. This is the step most deployers skip and most regulators probe.

Under Article 26, you must use the system only for its intended purpose, implement the human oversight measures the provider specifies, monitor performance, and keep logs for at least six months under Article 26. Before workplace deployment, Article 26 requires informing workers' representatives.

Under Article 14, the system must be designed to allow effective oversight — and your oversight protocols must be buildable from the vendor's instructions. If the instructions say only "users should review outputs before acting" without specifying review format or escalation threshold, they do not support your Article 14 duty. Push back before signing.

Checklist — Step 3

• Instructions define the permitted use boundary precisely?
• Human oversight measures described concretely, not just in principle?
• System's technical design supports Article 26 log retention (minimum six months)?
• Article 26 workers' representative notification addressed for workplace deployments?

---

Step 4: Data Governance, GDPR, and Training-Data Provenance

Most high-risk AI systems process personal data. You have obligations under the GDPR as controller or joint controller, and those obligations interact with the EU AI Act's data requirements.

Article 10 requires providers to apply data governance practices to training, validation, and testing data — covering data provenance, representativeness, and bias evaluation. You are not responsible for conducting that assessment, but you are responsible for deploying a system where it was done. The Annex IV technical documentation should disclose enough for you to form a reasonable view.

For GDPR, establish whether you need a Data Processing Agreement (DPA) with the vendor. Determine whether the system involves cross-border data transfers, and if so, which transfer mechanism applies. For sensitive categories of data (health, biometrics, criminal records), check that the legal bases and safeguards are in place.

Training-data provenance is increasingly relevant beyond compliance. Copyright litigation around AI training data is active across EU jurisdictions. Ask the vendor whether their training data was lawfully obtained and whether they have a documented copyright policy — a requirement for GPAI providers under Article 53(1)(c), but a reasonable ask for any vendor whose model was trained on web-scraped or third-party data.

Checklist — Step 4

• Article 10 data governance: does the Annex IV documentation disclose data sources, collection methodology, and bias assessment?
• GDPR: is a DPA in place? Who is controller and who is processor?
• Are international data transfers identified and covered by an appropriate mechanism (adequacy decision, SCCs)?
• For sensitive personal data: legal bases and technical safeguards documented?
• Has the vendor disclosed training data sources and confirmed lawful acquisition?
• Does the vendor have a copyright policy for training data?

---

Step 5: Assess GPAI Dependencies and Article 53 Downstream Documentation

Many commercial AI systems are built on foundation models from providers such as OpenAI, Mistral, Google, or Meta. GPAI model obligations under Chapter V have applied since 2 August 2025.

Under Article 53(1)(b), GPAI providers must supply downstream providers with documentation adequate to build a compliant product on top of their model. Your vendor's Annex IV technical documentation should reflect how they accounted for the GPAI model's capabilities and limitations. A gap in that chain is a gap in your compliance picture.

GPAI models with systemic risk (Article 51 — presumed for models trained on more than 10²⁵ floating-point operations) carry additional obligations under Article 55. If your vendor's system rests on a systemic-risk GPAI model, that context belongs in your risk assessment. GPAI chain risk is a separate workstream from Confir's current scope.

Checklist — Step 5

• Does the vendor's system incorporate a GPAI model? Which model and provider?
• Has the vendor confirmed receipt of Article 53 downstream documentation?
• Is the GPAI model potentially systemic-risk (Article 51)? Additional obligations identified?
• Is the GPAI model's contribution documented in the Annex IV technical file?

---

Step 6: The Article 25 Trap — When You Become the Provider

Article 25 converts a deployer into a provider if you: put the system on the market under your own name or trademark; make a substantial modification (Article 3(23)); or change the intended purpose such that the system becomes high-risk when it was not before.

Substantial modification does not require retraining the model. Extending scope to a new use case, integrating other data sources in a way that changes the system's function, or rebranding a vendor's system as your own product — any of these can cross the line. The question is not "are we changing the model?" but "are we changing the intended purpose or taking ownership of how it appears to users?"

When you become the provider under Article 25, you inherit the full stack: conformity assessment (Article 43), Annex IV technical documentation (Article 11), EU declaration of conformity (Article 47), CE marking (Article 48), registration (Article 49), risk management system (Article 9), QMS (Article 17), and post-market monitoring (Article 72). Deadline for stand-alone Annex III systems: 2 December 2027.

Checklist — Step 6

• Will the system be deployed under your name or trademark?
• Does the integration or customisation constitute a substantial modification under Article 3(23)?
• Does the intended purpose change as a result of how you will deploy the system?
• If crossing into provider territory: full Article 16 / Article 25 obligation set mapped and legal advice taken?

---

Penalties for Getting This Wrong

Deployer failures — including deploying a high-risk system without verifying Article 11 documentation and Article 43 conformity assessment, failing to implement Article 14 human oversight, and failing to keep Article 26 logs for six months — are subject to fines under Article 99(4): up to €15,000,000 or 3% of total worldwide annual turnover, whichever is higher. For companies, the fine is calculated on global revenue, not EU revenue.

For start-ups and SMEs, Article 99(6) provides that fines are capped at the lower of the percentage or the fixed amount — a genuine protection worth knowing.

If you become a provider by triggering Article 25 and fail to meet provider obligations, the same Article 99(4) tier applies. If you supply incorrect or misleading information to national competent authorities during an inspection, that is a separate tier: €7,500,000 or 1% under Article 99(5).

The high-risk deadline is 2 December 2027 for stand-alone Annex III systems. That is later than the original 2 August 2026 date. It is not, however, distant. Assembling Annex IV technical documentation, running a conformity assessment, and ensuring instructions genuinely support Article 14 oversight takes time — especially for deployers who need to negotiate revised documentation from their vendors.

---

How Confir Helps

Vendor assessment starts with knowing what you are dealing with. Confir's role-derivation logic asks you plain-English questions about your relationship to each AI system — whether you built it, licensed it, or are deploying it under a vendor contract — and derives your regulatory role (Deployer under Article 26, or Provider under Article 16, or something in between via Article 25). The same intake derives the risk tier using Articles 5 and 6 with Annex III logic.

From there, Confir maintains a vendor and system register where you record each third-party system, attach documentation evidence, and track assessment status. The structured assessment covers the four compliance areas relevant to deployers — AIRC (risk classification), AITR (data and technical robustness), AITO (transparency and human oversight), and AIGM (governance and post-market monitoring) — with each control mapped to specific Articles, so the checklist in this framework maps directly to what Confir tracks.

The classification and assessment logic is deterministic and rule-based. Same inputs produce the same finding, and the rule that fired is readable. For a compliance record that needs to survive regulatory inspection, that is the right kind of engine.

---

Frequently Asked Questions

Does Article 26 require deployers to verify vendor conformity assessment documentation?

Article 26 does not use the phrase "verify conformity assessment," but the practical effect is identical. Deploying a system without confirming that Article 43 conformity assessment was completed — and that the documentation supports your Article 14 oversight obligations — exposes you to Article 99(4) penalties. The verification is your protection as much as it is a regulatory duty.

What is the difference between the provider's and deployer's obligation in vendor assessment?

The provider (vendor) must complete the conformity assessment (Article 43), compile Annex IV technical documentation (Article 11), issue the Article 47 declaration of conformity, affix the CE mark (Article 48), and register the system (Article 49). Your job as deployer is to verify those steps were done and that the documentation supports your operational obligations — not to repeat the steps yourself.

At what point does customising a vendor's AI system make you the provider under Article 25?

Article 25 applies if you place the system on the market under your own name, substantially modify it (Article 3(23)), or change its intended purpose such that it becomes high-risk. Substantial modification does not require retraining — extending the system to a new decision context or integrating additional data in a way that changes its function can qualify. Document your reasoning. The provider obligation stack (Articles 9, 11, 17, 43, 47, 48, 49, 72) is substantially heavier than the deployer stack.

Does my vendor need an authorised representative if they are based outside the EU?

Yes. Under Article 22, a provider established outside the EU must appoint an EU-based authorised representative before placing a high-risk AI system on the market. The representative accepts legal responsibility and is the contact point for competent authorities. A non-EU vendor who cannot demonstrate this appointment has a material compliance gap in your assessment.

Does vendor assessment apply to AI systems that are not high-risk?

The formal requirements — Article 43 conformity assessment, Annex IV documentation, Article 47 declaration, Article 49 registration — apply only to high-risk systems. For limited-risk systems under Article 50, the vendor's obligations are transparency disclosures. For minimal-risk systems, no mandatory obligations apply. Even so, reviewing a vendor's documentation of intended use and limitations is prudent if the classification could be disputed or if deployment contexts might drift toward Annex III.

What is the deadline for high-risk deployer obligations?

Under the Digital Omnibus agreed in May 2026, the application date for stand-alone Annex III systems is 2 December 2027, deferred from the original 2 August 2026 date. For high-risk AI embedded in Annex I products, the date is 2 August 2028. Article 5 prohibitions have been in force since 2 February 2025. Start assessments now — renegotiating vendor contracts to obtain adequate Annex IV disclosure takes months.

What if a vendor refuses to provide the Annex IV technical documentation?

The Annex IV documentation is primarily subject to inspection by national competent authorities, not something you necessarily receive in full as deployer. What you must confirm is that the documentation exists and that the instructions for use are adequate to implement Article 14 oversight. A vendor who provides neither has a compliance problem — seek an alternative or escalate contractually before deployment.

---

Related guides

• 50-question due diligence template
• EU AI Act conformity assessment process
• Article 23 compliance requirements
• importer and distributor obligations
• open-source AI exemptions
• provider obligations checklist