Accuracy, robustness and cybersecurity
Performance and resilience requirements against error/manipulation.
Why it matters for SMEs: Technical quality requirements with compliance consequences.
EU AI Act Compliance Glossary
Expanded reference of core terms (including key Article 3 definitions) with plain-English guidance for SMEs.
AI literacy
Obligation to ensure relevant staff have sufficient AI understanding.
Why it matters for SMEs: Practical training requirement for safe operation.
AI model
A computational model enabling inference and output generation, often integrated into an AI system.
Why it matters for SMEs: Important for understanding model vs system responsibilities.
AI Office
EU-level governance body coordinating implementation and oversight aspects.
Why it matters for SMEs: Shapes guidance and supervisory interpretation.
AI system
A machine-based system that can infer from input to generate outputs such as predictions, content, recommendations, or decisions.
Why it matters for SMEs: Core scope term: determines whether the Act applies to your tool/workflow.
Authorized representative
EU-established entity mandated by provider to perform specified legal tasks.
Why it matters for SMEs: Critical for non-EU providers operating in EU markets.
Biometric categorisation
Assigning people to categories using biometric data.
Why it matters for SMEs: Can raise discrimination and rights risks.
Biometric identification
Recognition/verification of persons based on biometric data patterns.
Why it matters for SMEs: Highly sensitive and often tightly restricted.
CE marking
Mark indicating conformity with relevant Union harmonisation legislation.
Why it matters for SMEs: Signals lawful placement where required.
Conformity assessment
Procedure demonstrating compliance with applicable requirements before market use.
Why it matters for SMEs: Central for high-risk pathways.
Data governance
Controls ensuring data quality, relevance, representativeness, and bias handling.
Why it matters for SMEs: Directly affects system reliability and fairness.
Deployer
A natural or legal person using an AI system under its authority in professional activity.
Why it matters for SMEs: Most SMEs are deployers and still have obligations.
Deployer instructions
Provider-supplied instructions for lawful and safe use of AI system.
Why it matters for SMEs: Deployers must align operations with these constraints.
Distributor
Actor in the supply chain, other than provider/importer, making AI systems available on market.
Why it matters for SMEs: Distribution context requires due diligence before onward supply.
Emotion recognition system
AI inferring emotional states from biometric or behavioral signals.
Why it matters for SMEs: Restricted in certain workplace/education scenarios.
EU database
Union-level database for relevant AI system registrations/disclosures.
Why it matters for SMEs: Registration status may be a legal requirement.
Fundamental Rights Impact Assessment (FRIA)
Assessment of rights impacts and mitigations for high-impact deployments.
Why it matters for SMEs: Important for rights-sensitive use cases and governance evidence.
General-purpose AI model (GPAI)
Model displaying significant generality and capable of many distinct tasks.
Why it matters for SMEs: Widely relevant due to ChatGPT/Copilot-style adoption.
High-risk AI system
AI system meeting risk criteria under legal framework and Annex categories.
Why it matters for SMEs: High-risk status drives deeper controls and documentation.
Human oversight
Measures enabling human monitoring and intervention in AI operation.
Why it matters for SMEs: Reduces automation harm in consequential contexts.
Importer
EU-based actor placing on the Union market an AI system bearing a non-EU provider’s name.
Why it matters for SMEs: Importer checks can affect procurement and market entry.
Intended purpose
Use intended by provider, reflected in instructions, promotional materials, and documentation.
Why it matters for SMEs: Drives risk classification and compliance scope.
Logging (record-keeping)
Automatic recording of events enabling traceability and investigation.
Why it matters for SMEs: Critical for incident analysis and accountability.
Making available on the market
Supply of system/model for distribution or use in EU commercial activity.
Why it matters for SMEs: Important for supply-chain actors and contracts.
National competent authority
Member State authority responsible for supervision/enforcement tasks.
Why it matters for SMEs: Primary contact point in national compliance interactions.
Notified body
Designated independent conformity-assessment body under EU framework.
Why it matters for SMEs: May be required depending on assessment route.
Placing on the market
First making available of an AI system/model on EU market.
Why it matters for SMEs: Triggers key market entry compliance checkpoints.
Post-market monitoring
Continuous collection and review of system performance/risk data after deployment.
Why it matters for SMEs: Essential for lifecycle compliance and incident prevention.
Post-market monitoring plan
Documented process for monitoring, incident detection, and corrective actions.
Why it matters for SMEs: Key evidence artifact in audits and reviews.
Prohibited AI practices
AI uses considered unacceptable and banned by law.
Why it matters for SMEs: Immediate no-go gate for product and deployment decisions.
Provider
A natural or legal person that develops or places an AI system/model on the market under its name.
Why it matters for SMEs: Provider obligations are broader and lifecycle-heavy.
Putting into service
First use of system/model by deployer for intended purpose in EU.
Why it matters for SMEs: Operational launch point for deployer duties.
Quality management system (QMS)
Organizational system of policies/processes ensuring consistent compliance execution.
Why it matters for SMEs: Required maturity layer for sustained compliance.
Real-time remote biometric identification
Immediate/near-immediate remote identification processing.
Why it matters for SMEs: Particularly sensitive in public-space contexts.
Reasonably foreseeable misuse
Use not intended but reasonably predictable due to behavior or context.
Why it matters for SMEs: Must be considered in risk management and safety planning.
Regulatory sandbox
Supervised environment for developing/testing innovative AI under authority guidance.
Why it matters for SMEs: Useful path for innovation with controlled risk.
Remote biometric identification
Biometric identification at distance without active subject cooperation.
Why it matters for SMEs: Use context is heavily regulated and scrutinized.
Risk management system
Iterative process for identifying, evaluating, mitigating, and monitoring AI risks.
Why it matters for SMEs: Foundational control layer for high-risk compliance.
Safety component
Component of a product/system that fulfills a safety function where failure endangers safety.
Why it matters for SMEs: Can elevate compliance obligations in regulated products.
Serious incident
Incident causing or likely causing serious harm to health, safety, rights, or property.
Why it matters for SMEs: Triggers escalation and reporting processes.
Substantial modification
Change affecting compliance with requirements or intended purpose profile.
Why it matters for SMEs: Can shift role and obligations, including provider-like duties.
Systemic risk (GPAI)
High-impact risk from very capable models with broad downstream effects.
Why it matters for SMEs: Impacts advanced model governance expectations.
Technical documentation
Detailed documentation package demonstrating design, function, and compliance controls.
Why it matters for SMEs: Core evidence for high-risk systems.
Transparency obligations
Duty to inform users/subjects in specific AI interaction/content contexts.
Why it matters for SMEs: Frequent requirement for deployers and public-facing tools.
Value chain actor
Any participant in production, distribution, import, deployment, or operation of AI.
Why it matters for SMEs: Clarifies shared responsibilities in contracts and controls.