Services
EU AI Act: what machinery manufacturers
must know as AI providers
If you place a machine with an AI component on the EU market, you are a provider — not a deployer. With all obligations that entails. Fines up to €35M.
Am I provider or deployer? Clarify nowProvider vs deployer
Who is the provider?
Source: EU AI Act Art. 3(3)
Provider (Art. 3 EU AI Act)
Natural or legal person that develops or has developed an AI system and places it on the market or puts it into service under their own name or trademark.
For machinery builders: every machine with integrated AI delivered to customers makes your company a provider — not a deployer.
Does your company place a machine with an AI component on the EU market?
YES → You are PROVIDER → Art. 16 applies → 12 obligations
(even if a third party developed the AI)
NO → You only use a third-party machine?
You are DEPLOYER → Art. 26 applies → different obligations
High-risk classification
When is machine AI high-risk?
Source: EU AI Act Annex I × Annex III
| Path | Legal basis | Machinery example |
|---|---|---|
| Path 1 | Annex I: AI in products under EU product safety law (incl. MRO 2023/1230) | Every machine with AI safety function under MRO → automatically high-risk |
| Path 2 | Annex III No. 2: AI controlling critical infrastructure | AI-controlled process plants in chemicals, pharma, power generation |
⚠ Not automatically high-risk:
Predictive maintenance, quality inspection, condition monitoring — when no safety function is involved. Still: transparency duties under Art. 13 remain.
Art. 16 obligations
The 12 provider obligations
Source: EU AI Act Art. 16 letters a–l
Conformity assessment
The correct path for machine AI
Critical note: no harmonised standards yet (June 2026)
Art. 40 EU AI Act allows conformity presumption via harmonised standards. For AI in machinery (Annex I × MRO 2023/1230) these standards do not exist as of June 2026.
Consequence: Annex VI self-assessment without standard reference has limited legal effect in supervision. Where MRO requires third-party assessment (Annexes IX, X), that also applies to the AI component (Art. 43(1) AI Act).
Recommendation: ISO/IEC 42001 as structural framework + contact notified body early.
Special case
GPAI in machinery: Art. 51 ff. EU AI Act — separate duty set
GPT-based machine control, multimodal quality inspection (CLIP/vision-language models), or embedded foundation models fall under Art. 51 ff. EU AI Act — in addition to high-risk requirements.
Do I integrate a GPAI model (ChatGPT, Claude, Gemini, Llama…) as a component in my machine — or develop a purpose-built model? The answer determines whether Art. 51 ff. applies on top of Art. 16.
GDPR / DSG 2018 — when your machine processes personal data
| System | GDPR relevance |
|---|---|
| Vision systems (cameras, 3D sensors in work areas) | Images and movement patterns of persons = personal data. Face recognition or biometrics: Art. 9 GDPR |
| ML performance monitoring of machine operators | Cycle times, error rates, intervention patterns per employee = personal data. Material impact: Art. 22 GDPR |
| Proximity sensors in cobots | Location and movement patterns of persons = personal data, possibly biometric location |
| Voice control / NLP interfaces | Voice recordings = biometric data under Art. 9 GDPR |
Austria: DSB Vienna is the competent supervisory authority
Data Protection Authority Vienna (DSB) · www.dsb.gv.at · dsb@dsb.gv.at
Fines under GDPR / DSG 2018: up to €20M or 4% of worldwide annual turnover.
⛔ Austrian blocking condition: ArbVG §§ 96/96a
Any machine that captures employee behaviour, performance, location, or biometric characteristics needs a written works agreement before go-live under §96(1)(7) ArbVG.
Without that agreement, deployment is unlawful — regardless of CE marking and EU AI Act compliance.
Fines
EU AI Act fines
€35M
Prohibited AI practices (Art. 5)
or 7% of annual turnover
€15M
High-risk violations
or 3%
€7.5M
Other violations
or 1%
OEM with €80M annual turnover + high-risk AI violation = €2.4M potential fine (3% EU AI Act). Prohibited practices (7%): €5.6M.
What we deliver
AI Act readiness for OEMs
- AI component review: risk classification per Annex I / III
- Technical documentation for AI component (Art. 11 + Annex IV)
- Post-market monitoring concept for AI systems
- Human oversight / kill-switch implementation (Art. 14)
- Bias analysis for training data (Art. 10 — explicit duty)
- Conformity path analysis (Annex VI vs third-party, Art. 43)
Request AI Act Readiness Check
We clarify provider vs deployer status, high-risk classification, and your conformity path for machine AI.
Request AI Act Readiness Check