AI vendor contracts under the EU AI Act — 12-point deployer checklist

Why your vendor contract is a compliance document

Article 13 of the EU AI Act requires providers of high-risk AI systems to design and develop them so that their operation is sufficiently transparent to enable deployers to interpret the system’s output and use it appropriately. The instructions for use that must accompany any high-risk AI system are a legal deliverable, not a user manual.

Article 26(1) then requires deployers to use the system in accordance with those instructions for use. If the vendor has not supplied compliant instructions, the deployer cannot discharge Art 26(1). If the vendor has not enabled log access, the deployer cannot discharge Art 26(6). The contract must close these gaps explicitly.

12-point checklist

1. 1
   Risk classification

   Vendor confirms the AI system’s classification under Regulation (EU) 2024/1689 (minimal-risk, limited-risk, high-risk under Annex III, or GPAI model) and documents the Annex III assessment on request.

2. 2
   Instructions for use (Art 13)

   Vendor supplies documented instructions for use covering: intended purpose, technical capabilities and limitations, foreseeable misuse the deployer must guard against, human oversight measures, and accuracy and robustness metrics.

3. 3
   Technical documentation access

   For high-risk systems, the deployer can obtain a summary of Annex IV technical documentation or an ISAE 3000 / SOC 2 Type II attestation covering the conformity assessment.

4. 4
   Risk management evidence (Art 9)

   Vendor provides evidence that an Article 9 risk management system is established, maintained and updated throughout the system lifecycle, and notifies the deployer of any material change to the assessed risk.

5. 5
   Data governance statement (Art 10)

   For high-risk systems: vendor confirms training data was examined for bias affecting fundamental rights and that data quality measures under Article 10 were applied. Includes protected attributes examined and bias-mitigation steps taken.

6. 6
   Log availability (Art 26(6))

   Automatic logs generated by the AI system are accessible to the deployer and retained for at least 6 months. Vendor SLA covers log format, export, and access on regulatory request.

7. 7
   Incident notification SLA (Art 73)

   Vendor commits to notify the deployer within a defined timeframe (recommend ≤24 hours) upon detection of a serious incident as defined in Article 73, to allow the deployer to report to the national market surveillance authority.

8. 8
   Conformity assessment evidence (Art 47)

   Vendor supplies the EU declaration of conformity and, for Annex III systems requiring third-party assessment, the certificate of conformity from a notified body, before the system is placed into service.

9. 9
   Change control (Art 43(4))

   Agreed process for substantial modifications: vendor notifies deployer in advance, re-assesses conformity where required, and provides updated instructions for use. Deployer consent required for modifications that change the risk classification or intended purpose.

10. 10
    GDPR data processing agreement (Art 28 GDPR)

    Article 28 GDPR processor agreement covering: lawful basis, processing instructions, data-subject rights support, deletion/return on termination, and sub-processor list with notification of changes.

11. 11
    Third-country data transfers

    Schrems II transfer impact assessment where personal data processed outside the EEA. Valid transfer mechanism identified: adequacy decision, Standard Contractual Clauses (SCCs), or Binding Corporate Rules.

12. 12
    Audit and inspection rights

    Deployer right to conduct or commission audits (ISAE 3000 / SOC 2 Type II), or to receive audit reports from the vendor’s existing accredited assessments, including follow-up on any findings relevant to deployer compliance.

The Article 25 provider-shift trap

Article 25 of the EU AI Act sets out conditions under which a third party — including a deployer — becomes the legal provider for an AI system. The trigger conditions are:

• Placing the AI system on the market or putting it into service under the third party’s own name or trade mark.
• Making a substantial modification to a high-risk AI system already placed on the market or put into service.
• Modifying the intended purpose of an AI system not previously classified as high-risk, in such a way that it becomes high-risk.

Deployers who white-label SaaS tools, configure systems beyond their intended scope, or re-train models on their own data must assess whether they have crossed the Article 25 threshold. Crossing it without preparation means assuming the full provider obligation set — Annex IV documentation, conformity assessment, EU database registration under Article 71 — often with no advance notice.

Common contract gaps and their consequences

• Vendor claims “complies with AI Act” without specifying classification or articles. The deployer has no basis for verifying which obligations the vendor has discharged and which remain with the deployer.
• No log-access clause. Article 26(6) requires the deployer to retain logs for at least 6 months. If the vendor controls the logs and the contract is silent, you have no legal basis to retrieve them on regulatory request.
• No incident SLA. Serious incidents under Article 73 must be reported to the national market surveillance authority. If the vendor does not notify you, you miss the reporting window and become liable for the failure to report.
• No change-control provision. A vendor that updates the model or changes the system architecture without notice may trigger a new conformity assessment obligation or change the intended purpose in a way that alters your deployer obligations.
• White-label arrangement without documentation transfer. If you brand the system as your own without receiving Annex IV documentation, you are an unregistered provider with no evidence trail.

Application timeline

Article 26 deployer obligations and the Article 13 instructions-for-use requirement apply from 2 August 2026 for high-risk systems listed in Annex III. The Digital Omnibus provisional political agreement (7 May 2026 — not yet adopted or published in the Official Journal) proposes deferring certain Annex III high-risk obligations for systems already on the market to 2 December 2027. Until formally adopted, 2 August 2026 is binding. The Article 4 AI literacy obligation and Article 5 prohibited-practice ban are already in force since 2 February 2025.

Penalties for deployer non-compliance

Violations of high-risk deployer obligations (Article 26) are sanctioned under Article 99(4) with administrative fines of up to EUR 15 000 000 or 3 % of total worldwide annual turnover, whichever is higher. For SMEs and start-ups, Article 99(6) applies the lesser of the two figures.

Related EU guides

• Deployer vs provider — when roles shift
• Deployer checklist — Article 26
• Vendor due-diligence schema
• Logging obligations — Article 12
• Annex IV technical documentation

Sources

• Regulation (EU) 2024/1689, Articles 9, 10, 13, 25, 26, 43, 47, 71, 73, 99, Annex III, Annex IV — EUR-Lex: eur-lex.europa.eu/eli/reg/2024/1689/oj
• Regulation (EU) 2016/679 (GDPR), Article 28 — EUR-Lex: eur-lex.europa.eu/eli/reg/2016/679/oj