Deployer Obligations:
Human Oversight, FRIA
& AI Literacy
The EU AI Act's deployer obligations are systematically misunderstood. The most common misconception: purchasing an AI system from a compliant provider transfers the compliance obligation to the provider. It does not. Article 26 establishes a distinct deployer obligation set that applies from the moment a high-risk AI system is put into service — independent of the provider's compliance status.
Overview
This paper addresses three deployer obligations that are simultaneously the most operationally demanding and the most commonly addressed inadequately: human oversight under Article 14, Fundamental Rights Impact Assessments under Article 27, and AI literacy training under Article 4. The central finding: effective deployer compliance is a product design and organisational capability challenge, not a documentation exercise. Oversight that is nominally in place but not embedded in product design is not compliant oversight. A FRIA completed after deployment is not a compliant FRIA.
Key takeaways
Executive Summary
1. Article 26: The Deployer’s Nine Obligations
2. Article 14: Engineering Meaningful Human Oversight
3. Automation Bias: The Compliance Risk Inside Every Oversight Process 4. Article 27: Fundamental Rights Impact Assessment
5. The Combined FRIA + DPIA: Section-by-Section Template
6. Article 4: AI Literacy Training — Role-Differentiated Framework