EU AI Act and NIS2 glossary
A practitioner's glossary of the 37 terms a HR-tech, fintech or SaaS organisation most often encounters when reading the EU AI Act (Regulation (EU) 2024/1689) and the NIS2 Directive (Directive (EU) 2022/2555). Each entry cites the article or annex it comes from so you can verify against the consolidated text on EUR-Lex.
Sources of authority. All citations refer to the consolidated text of Regulation (EU) 2024/1689 of 13 June 2024 and Directive (EU) 2022/2555 of 14 December 2022 as published in the Official Journal of the European Union and available via eur-lex.europa.eu/eli/reg/2024/1689/oj and eur-lex.europa.eu/eli/dir/2022/2555/oj.
This page is a reference, not legal advice. Where Member State implementing law adds detail (especially for NIS2, which is a directive and therefore transposed nationally), the national text controls.
EU AI Act — operator roles (Article 3)
The AI Act assigns obligations by role, not by company size. The same legal entity can be a provider for one system and a deployer for another. Articles cited refer to Regulation (EU) 2024/1689 unless stated otherwise.
AI system — Article 3(1)
A machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments. Simple deterministic software and traditional statistical methods are outside this definition.
Provider — Article 3(3)
A natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or has one developed and places it on the market or puts it into service under its own name or trademark, whether for payment or free of charge. The provider carries the heaviest set of obligations under the Act, including conformity assessment, technical documentation and post-market monitoring.
Deployer — Article 3(4)
A natural or legal person, public authority, agency or other body using an AI system under its authority, except where the AI system is used in the course of a personal non-professional activity. Most HR, finance and operations teams using a third-party AI tool are deployers, not providers.
Authorised representative — Article 3(5)
A natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or general-purpose AI model to perform, on its behalf, the obligations and procedures established by the Regulation. Required when the provider is based outside the Union.
Importer — Article 3(6)
A natural or legal person located or established in the Union that places on the market an AI system bearing the name or trademark of a natural or legal person established outside the Union. Importers must verify that the conformity assessment has been carried out and that documentation is in order before placing the system on the market.
Distributor — Article 3(7)
A natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market. Distributors must check that the system bears the required CE marking and is accompanied by the EU declaration of conformity and instructions for use.
Operator — Article 3(8)
An umbrella term covering the provider, the product manufacturer, the deployer, the authorised representative, the importer and the distributor. Many obligations — for example cooperation with authorities — fall on "operators" generally rather than on one specific role.
Lifecycle definitions
Placing on the market — Article 3(9)
The first making available of an AI system or a general-purpose AI model on the Union market. Many obligations are triggered the first time a product is offered, even before any customer actually starts using it.
Putting into service — Article 3(11)
The supply of an AI system for first use directly to the deployer or for the provider's own use in the Union for its intended purpose. An in-house tool that is never sold can still be put into service and therefore in scope.
Intended purpose — Article 3(12)
The use for which an AI system is intended by the provider, including the specific context and conditions of use, as specified in the information supplied by the provider in the instructions for use, promotional or sales materials and statements, as well as in the technical documentation. Using a system outside its intended purpose can flip a deployer into the provider role.
Substantial modification — Article 3(23)
A change to an AI system after its placing on the market or putting into service which is not foreseen or planned in the initial conformity assessment carried out by the provider and as a result of which the compliance of the AI system with the requirements set out in Chapter III, Section 2 is affected, or which results in a modification of the intended purpose for which the AI system has been assessed. Under Article 25, a deployer that substantially modifies a high-risk AI system is treated as a new provider with the full set of provider obligations.
Serious incident — Article 3(49)
An incident or malfunctioning of an AI system that directly or indirectly leads to the death of a person or serious damage to a person's health, a serious and irreversible disruption of the management or operation of critical infrastructure, infringement of obligations under Union law intended to protect fundamental rights, or serious damage to property or the environment. Providers of high-risk AI systems must report such incidents to the relevant market-surveillance authority under Article 73.
Risk classification
The AI Act is risk-based: most systems are unregulated, a closed list is banned, a defined list is high-risk, and a separate transparency regime catches generative and impersonating systems regardless of risk tier.
Prohibited AI practice — Article 5
One of eight categorical bans, in force since 2 February 2025, covering subliminal or manipulative techniques, exploitation of vulnerabilities, social scoring, individual predictive policing, untargeted facial-image scraping, biometric categorisation by sensitive attributes, emotion recognition in workplaces and educational institutions (with narrow safety and medical exceptions), and real-time remote biometric identification by law enforcement in public spaces. Breach exposes operators to the top fine tier of EUR 35 million or 7% of worldwide annual turnover (Article 99(3)).
High-risk AI system — Article 6 + Annex I + Annex III
An AI system is high-risk either because it is a safety component of, or is itself, a product covered by Union harmonisation legislation listed in Annex I (e.g. medical devices, machinery, toys), or because it falls within one of the use cases listed in Annex III. High-risk status triggers the full Chapter III Section 2 requirements: risk management, data governance, technical documentation, logging, transparency to deployers, human oversight, accuracy, robustness and cybersecurity.
Annex III — Annex III, referenced by Article 6(2)
The closed list of eight high-risk use cases: (1) biometrics, (2) critical infrastructure, (3) education and vocational training, (4) employment, worker management and access to self-employment, (5) access to and enjoyment of essential private and public services and benefits, (6) law enforcement, (7) migration, asylum and border control, and (8) administration of justice and democratic processes. HR-tech systems used in recruitment, selection, promotion, performance evaluation and termination sit in point 4.
Article 6(3) carve-out — Article 6(3)
An Annex III system is not considered high-risk if it does not pose a significant risk of harm to health, safety or fundamental rights and falls into one of four narrow patterns: narrow procedural task, improvement of a previously completed human activity, detection of decision-making patterns without replacing human review, or preparatory task. The carve-out never applies where the system performs profiling of natural persons within the meaning of Article 4(4) GDPR, and the provider must document the assessment before placing the system on the market.
General-purpose AI (GPAI) model — Article 3(63), Chapter V
An AI model — including where trained with a large amount of data using self-supervision at scale — that displays significant generality and is capable of competently performing a wide range of distinct tasks regardless of how it is placed on the market, and that can be integrated into a variety of downstream systems or applications. Providers of GPAI models have a separate set of obligations (technical documentation, copyright policy, training-data summary) under Articles 53 to 55.
GPAI model with systemic risk — Article 51
A GPAI model is classified as having systemic risk if it has high-impact capabilities evaluated on the basis of appropriate technical tools and methodologies, or if the Commission designates it as such under criteria in Annex XIII. A model is presumed to have high-impact capabilities when the cumulative compute used for its training, measured in floating-point operations, is greater than 10^25 FLOPs — a rebuttable presumption, not a hard line. Designation triggers the heavier obligations of Article 55.
Conformity and registration
Conformity assessment — Article 43
The process of demonstrating that a high-risk AI system meets the Chapter III Section 2 requirements before being placed on the market or put into service. For Annex III points 2–8 (which includes employment AI), the route is internal control under Annex VI — no notified body is involved. For Annex III point 1 biometrics, providers choose between Annex VI internal control where harmonised standards are applied in full, or third-party assessment with a notified body under Annex VII.
Notified body — Article 3(22)
A conformity assessment body notified to the Commission by a Member State under Article 31 to carry out third-party conformity assessment for specified high-risk AI systems. Most Annex III use cases (employment, education, services, justice) do not need a notified body, because they go through internal control under Annex VI.
CE marking — Article 48
The marking by which a provider indicates that a high-risk AI system is in conformity with the requirements set out in Chapter III Section 2 and other applicable Union harmonisation legislation. For digital-only high-risk AI systems, the CE marking can be affixed in a digital form provided it is easily accessible via the interface or a machine-readable code.
EU declaration of conformity — Article 47
A written, machine-readable, physical or electronically signed declaration drawn up by the provider for each high-risk AI system stating that the system meets the Chapter III Section 2 requirements. Must be kept at the disposal of national competent authorities for ten years after the system is placed on the market or put into service.
EU database for high-risk AI systems — Article 71
A central, partly public EU database, managed by the Commission, in which providers (and certain public-authority deployers) must register Annex III high-risk systems before placing them on the market or putting them into service, in accordance with Article 49. Listings for law enforcement, migration, asylum and border-control use sit in a non-public section.
Deployer-facing obligations
These are the obligations that most often land on customers of AI vendors rather than on the vendors themselves, which is why HR, finance and operations functions need to recognise them.
Instructions for use — Article 13
Information that the provider must supply with every high-risk AI system, in a concise, complete, correct and clear form that is relevant, accessible and comprehensible to deployers. Must include the provider's identity, the system's characteristics and intended purpose, performance metrics, foreseeable risks, the human-oversight measures to be applied by the deployer, and the expected lifetime and required maintenance.
Human oversight — Article 14
Measures designed and implemented so that a high-risk AI system can be effectively overseen by natural persons during the period in which it is in use, aimed at preventing or minimising risks to health, safety or fundamental rights. Deployers must assign oversight to natural persons who have the necessary competence, training, authority and support (Article 26(2)). For certain biometric systems, Article 14(5) requires that no action or decision is taken on the basis of the system's output unless verified and confirmed by at least two natural persons.
Data governance (Article 10) — Article 10
Provider-side requirements on training, validation and testing datasets: relevance, representativeness, freedom from errors, and statistical properties appropriate to the intended persons or groups. Article 10(5) provides a narrow legal basis for processing special-category personal data strictly where necessary for bias detection and correction, subject to safeguards.
Logging / log retention — Article 12 + Article 26(6)
High-risk AI systems must technically allow for the automatic recording of events (logs) over their lifetime, with a minimum log-set defined for remote biometric identification systems in Article 12(3). Article 26(6) requires deployers under their control to keep those logs for a period appropriate to the intended purpose and at least six months, unless a longer period is required by Union or national law.
Article 26 deployer obligations — Article 26
The closed list of deployer duties for high-risk AI systems: use the system per instructions, assign human oversight, ensure input data is relevant and sufficiently representative, monitor operation, suspend use and inform provider and authority where serious incidents or non-compliance are suspected, keep logs, inform affected workers and worker representatives before putting the system into service in the workplace (Article 26(7)), and respect Article 86 individual rights to explanation.
Fundamental Rights Impact Assessment (FRIA) — Article 27
A pre-deployment assessment that bodies governed by public law, private operators providing public services, and any deployer using Annex III point 5(b) creditworthiness or point 5(c) life- and health-insurance risk-assessment systems must carry out before first use. It must describe the deployer's processes, period and frequency of use, affected categories of persons, specific risks of harm to those persons, the human-oversight measures, and the measures to take if those risks materialise. Distinct from a GDPR DPIA, although they can run in parallel.
AI literacy — Article 4
Both providers and deployers must take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context in which the AI systems are to be used. In force since 2 February 2025 and applies to all AI use, not only high-risk.
Transparency (Article 50)
Article 50 transparency obligations — Article 50
Apply from 2 August 2026 and cut across the risk tiers. Providers must design AI systems intended to interact directly with people so that those people are informed they are interacting with an AI unless that is obvious. Providers of generative AI must mark outputs as artificially generated in a machine-readable format. Deployers of emotion-recognition or biometric-categorisation systems must inform the natural persons exposed to them. Deployers of deep fakes must disclose that the content has been artificially generated or manipulated; deployers publishing AI-generated or AI-manipulated text on matters of public interest must disclose this, with exceptions for editorially-controlled text and creative or satirical works.
Deep fake — Article 3(60)
AI-generated or AI-manipulated image, audio or video content that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful. Deployers of AI systems producing deep fakes must disclose that the content has been artificially generated or manipulated under Article 50(4).
Real-time remote biometric identification — Article 3(42) and Article 5(1)(h)
A biometric identification system in which the capturing of biometric data, the comparison and the identification all occur without significant delay, comprising not only instant identification but also limited short delays to avoid circumvention. Use in publicly accessible spaces for law-enforcement purposes is prohibited under Article 5(1)(h) except for an exhaustive list of cases (e.g. targeted search for specific victims, prevention of a specific and imminent terrorist threat) subject to prior judicial or independent administrative authorisation.
Governance and timeline
AI regulatory sandbox — Article 57
A controlled framework set up by a competent authority that offers providers or prospective providers the possibility to develop, train, validate and test, where appropriate in real-world conditions, an innovative AI system, pursuant to a sandbox plan for a limited time under regulatory supervision. Member States must have at least one national sandbox operational by 2 August 2026.
AI Office — Article 64 + Commission Decision C(2024) 390
A body established within the European Commission with the exclusive supervisory and enforcement powers over providers of general-purpose AI models under Chapter V. The AI Office also supports the European Artificial Intelligence Board (Article 65) and contributes to consistent application of the Regulation across Member States.
Article 113 application dates — Article 113
The Regulation entered into force on 1 August 2024. Article 5 prohibitions and Article 4 AI literacy applied from 2 February 2025. Chapter V GPAI obligations and Chapter XII penalties (except Article 101 for GPAI providers) apply from 2 August 2025. The bulk of the Regulation, including Article 50 transparency and Annex III high-risk obligations, applies from 2 August 2026. Article 6(1) high-risk classification for AI used as a safety component of Annex I products applies from 2 August 2027.
NIS2 Directive — companion regime
The NIS2 Directive (Directive (EU) 2022/2555) is the EU's cybersecurity baseline for in-scope sectors. Member States had to transpose it by 17 October 2024 and produce a national list of in-scope entities by 17 April 2025 (Article 3(3)). NIS2 obligations sit alongside any AI Act obligations.
Essential entity — NIS2 Article 3(1) + Annex I
An entity of a type referred to in Annex I that meets or exceeds the size cap for large enterprises (at least 250 staff or annual turnover above EUR 50 million or balance sheet above EUR 43 million), plus certain identified entities regardless of size (e.g. DNS service providers, top-level domain name registries, qualified trust service providers, public electronic communications networks). Essential entities are subject to proactive supervision under NIS2 Article 32.
Important entity — NIS2 Article 3(2) + Annex II
Any entity of a type referred to in Annex I or II that does not qualify as essential — typically medium-sized entities (50 staff or EUR 10 million turnover or balance sheet, up to the large-enterprise thresholds), and Annex II sector entities at the large-enterprise size. Important entities are subject to ex-post supervision under NIS2 Article 33, triggered by indications of non-compliance.
Annex I sectors of high criticality — NIS2 Annex I
Eleven sectors NIS2 treats as the most critical: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, ICT service management (B2B), public administration entities of central governments and (where designated) at regional level, and space.
Annex II other critical sectors — NIS2 Annex II
Seven sectors that NIS2 considers critical but not at the highest criticality level: postal and courier services, waste management, manufacture, production and distribution of chemicals, production, processing and distribution of food, manufacturing (medical devices, computers, electronics, machinery, motor vehicles and other transport equipment), digital providers (online marketplaces, online search engines, social networking platforms), and research.
Cybersecurity risk-management measures — NIS2 Article 21
The closed list of ten minimum measures that essential and important entities must implement on an all-hazards, proportionate and risk-based basis: risk-analysis and information-system security policies; incident handling; business continuity (backups, disaster recovery, crisis management); supply-chain security; security in network and information system acquisition, development and maintenance, including vulnerability handling and disclosure; assessment of effectiveness; basic cyber hygiene and training; cryptography and where appropriate encryption; human resources security, access-control policies and asset management; and multi-factor or continuous authentication, secured voice/video/text and secured emergency communications.
Significant incident — NIS2 Article 23(3)
An incident is significant if it has caused or is capable of causing severe operational disruption of services or financial loss for the entity concerned, or it has affected or is capable of affecting other natural or legal persons by causing considerable material or non-material damage. Significant incidents trigger the staged notification timeline under Article 23(4).
24-hour / 72-hour / 1-month notification — NIS2 Article 23(4)
Essential and important entities must submit to their CSIRT or competent authority: an early warning within 24 hours of becoming aware of a significant incident, indicating whether the incident is suspected of being caused by unlawful or malicious acts and could have cross-border impact; an incident notification within 72 hours, updating that early warning and providing an initial assessment, severity and impact and where available indicators of compromise; and a final report no later than one month after the incident notification, with a detailed description of the incident, type of threat or root cause, applied and ongoing mitigations and any cross-border impact.
Size-cap rule — NIS2 Article 2(1) + Recommendation 2003/361/EC
By default NIS2 applies only to public or private entities of a type referred to in Annex I or II that qualify as medium-sized enterprises or exceed the ceilings for medium-sized enterprises (50 staff or EUR 10 million turnover or balance sheet). Micro and small enterprises are out of default scope. The size-cap rule is overridden for specific entity types listed in Article 2(2), which are in scope irrespective of size.
Supply-chain security (NIS2) — NIS2 Article 21(2)(d) + Article 22
Each essential and important entity must address the cybersecurity-related aspects of its relationships with direct suppliers and service providers, taking into account vulnerabilities specific to each supplier and the overall quality of suppliers' products and cybersecurity practices, including their secure development procedures. Article 22 lets the Cooperation Group, in cooperation with the Commission and ENISA, carry out coordinated security risk assessments of critical ICT supply chains.