GovCompass
Responsible AI
ReferenceAccountability

Art. 54 EU AI Act: authorised representatives of GPAI providers

By GovCompass.ai· · Aligned with the consolidated EU AI Act, including the 2026 Omnibus amendments.

Art. 54 requires a provider of a general-purpose AI model established outside the EU to appoint, by written mandate, an authorised representative located in the Union before placing the model on the EU market. The representative is the Union-based point of contact that the AI Office and national authorities can address, and it holds the documentation and cooperates with supervision on the provider's behalf. It is the mechanism that keeps a non-EU model provider reachable under the Act.

Why a representative is required

A large share of the most significant general-purpose AI models are developed by providers established outside the EU. Art. 54 ensures that placing such a model on the Union market does not put it beyond the reach of EU supervision. A providerproviderThe actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.Open full entry → established in a third country must, prior to making its model available in the Union, appoint by written mandate an authorised representative established in the Union. This mirrors the authorised-representative mechanism that exists elsewhere in EU product and digital regulation.

What the representative does

The authorised representative is not a formality. Under its mandate it performs a defined set of tasks on behalf of the provider. It verifies that the technical documentation required under Art. 53 has been drawn up and that the provider has met its obligations. It keeps a copy of that documentation available for the AI Office and national competent authorities for the required period. It serves as the point of contact for the authorities on all matters relating to the model's compliance, and it cooperates with them on any action they take. The mandate must empower the representative to be addressed, alongside or instead of the provider, on compliance matters.

The representative also has a duty to act where the provider does not. If the representative considers that the provider is acting contrary to its obligations under the Act, it must terminate the mandate and inform the AI Office, which prevents the representative role from being used as a shield.

Why it matters

For a downstream organisation in the EU integrating a model from a non-EU provider, Art. 54 is the reason there is an accountable, reachable party inside the Union. The authorised representative is who EU authorities engage when a question arises about the model, which means the regulatory line does not stop at the EU border even when the model was built outside it.

In the GovCompass-7

Art. 54 is an accountabilityaccountabilityThe principle that a named human or organization answers for an AI system's outcomes, through ownership, documentation, audit trails and redress — never the system itself.Open full entry → provision. It guarantees that for every general-purpose AI modelgeneral-purpose AI modelEU AI Act term for a model displaying significant generality and capable of many distinct tasks, typically integrated into downstream systems; carries its own obligation set, with extra duties for models posing systemic risk.Open full entry → on the EU market there is an identifiable, reachable party within the Union who is answerable for the model's documentation and cooperates with supervision.

Continue reading

Legal referencesArt. 54

More on Accountability

Art. 10 EU AI Act: data and data governance for high-risk AI

Reference

Art. 10 requires that the training, validation, and testing data for high-risk AI systems meets quality criteria: relevant, sufficiently representative, and as free of errors and complete as possible for the intended purpose. It also requires documented data governance practices covering collection, preparation, bias examination, and gap mitigation, and it permits the limited processing of special-category data where strictly necessary to detect and correct bias, under safeguards.

Art. 12 EU AI Act: record-keeping and logging for high-risk AI

Reference

Art. 12 requires high-risk AI systems to technically allow for the automatic recording of events (logs) over their lifetime. The logging must enable traceability of the system's functioning at a level appropriate to its intended purpose, support post-market monitoring, and help identify situations that may lead to risk or substantial modification. It is a design obligation on the provider that makes the system auditable by construction.

Art. 19 EU AI Act: keeping the automatically generated logs

Reference

Art. 19 requires providers of high-risk AI systems to keep the logs that the system automatically generates (under Art. 12) for as long as they control them, for a period appropriate to the intended purpose and at least six months unless other law requires longer. It is the retention counterpart to the Art. 12 logging capability, and it works alongside the deployer retention duty in Art. 26.6.

Art. 26.1 EU AI Act: following provider instructions as a deployer

Reference

Art. 26.1 requires deployers to use high-risk AI systems strictly in accordance with the provider's instructions for use. This means using the system only for its intended purpose, within its specified technical configuration, and by qualified users, and documenting that compliance. Deviating from the instructions can shift liability entirely to the deployer.