§ EU AI Act · Article 25
AI Act Article 25: Obligations, Deadlines & Penalties
At a glance
Article 25 of the AI Act imposes 7 obligations on AI Office, deployer, distributor and 7 other entity type(s).
§ Obligations
All obligations under Article 25
Obligation 1
Any distributor, importer, deployer, or other third-party who puts their name/trademark on a high-risk AI system, makes substantial modifications, or modifies the intended purpose to make it high-risk shall be considered a provider and subject to provider obligations.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
distributor, importer, deployer, or other third-party
- Action required
-
comply
- Deadline
-
—
- Penalty
-
—
Obligation 2
The initial provider shall closely cooperate with new providers and make available necessary information, reasonably expected technical access, and other assistance required for fulfilling regulatory obligations, particularly regarding conformity assessment.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
initial provider
- Action required
-
cooperate
- Deadline
-
—
- Penalty
-
—
- Exemptions
- cases where the initial provider has clearly specified that its AI system is not to be changed into a high-risk AI system
Obligation 3
The product manufacturer shall be considered the provider of a high-risk AI system that is a safety component of a product covered by Union harmonisation legislation, if placed on the market or put into service under the manufacturer's name or trademark.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
product manufacturer
- Sector scope
- products covered by Union harmonisation legislation listed in Section A of Annex I
- Action required
-
comply
- Deadline
-
—
- Penalty
-
—
Obligation 4
The provider of a high-risk AI system and the third party supplying integrated components shall specify by written agreement the necessary information, capabilities, technical access, and assistance to enable full compliance with the Regulation.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
provider of a high-risk AI system and third party supplying components
- Action required
-
agree
- Deadline
-
—
- Penalty
-
—
- Exemptions
- third parties making accessible tools, services, processes, or components under a free and open-source licence
Obligation 5
The AI Office may develop and recommend voluntary model terms for contracts between providers of high-risk AI systems and third parties supplying integrated tools, services, components, or processes.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
AI Office
- Action required
-
develop
- Deadline
-
—
- Penalty
-
—
Obligation 6
The AI Office shall publish the voluntary model terms and make them available free of charge in an easily usable electronic format.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
AI Office
- Action required
-
publish
- Deadline
-
—
- Penalty
-
—
Obligation 7
All parties shall observe and protect intellectual property rights, confidential business information, and trade secrets in accordance with Union and national law.
Regulation (EU) 2024/1689, Article 25, Article 25
- Obligated entity
-
provider, initial provider, product manufacturer, third party
- Action required
-
protect
- Deadline
-
—
- Penalty
-
—
§ Deadlines
EU AI Act compliance deadlines
-
2025-02-02
Article 4 AI literacy
in_force
-
2025-02-02
Article 5 prohibitions (unacceptable risk)
in_force
-
2025-08-02
GPAI model obligations (Articles 51 to 56)
in_force
-
2026-08-02
Article 50(2) machine-readable marking (watermarking) of AI-generated content
provisionally_amended
-
2026-08-02
Article 50 transparency obligations OTHER than the 50(2) marking grace (for example disclosure that a user is interacting with an AI system)
scheduled
-
2026-08-02
Annex III stand-alone high-risk obligations
provisionally_amended
-
2026-08-02
National AI regulatory sandboxes (establishment deadline)
provisionally_amended
-
2026-12-02
NEW Article 5 prohibition: AI generation of non-consensual intimate imagery (NCII) and CSAM
provisionally_amended
-
2027-08-02
Annex I embedded (regulated-product) high-risk obligations
provisionally_amended
§ Frequently asked
Questions about Article 25
Who must comply with Article 25 of the AI Act?
+
AI Office, deployer, distributor, importer, initial provider, or other third-party, product manufacturer, provider, provider of a high-risk AI system and third party supplying components, third party.
What does Article 25 of the AI Act require?
+
comply cooperate agree