Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Explainer

Procuring AI in government: AI Act compliance as a tender requirement

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

A public body that procures an AI system becomes a deployer under the AI Act, and sometimes a provider itself. Make compliance, documentation and the rights impact assessment hard tender requirements, not loose ends in the contract.

Short answer: When a public body procures an AI system, it usually becomes a deployer under the AI Act โ€” and, with its own branding or substantial modification, even a provider. Procurement rules (Directive 2014/24/EU) leave room to make AI Act compliance a technical specification and award criterion. Do so: make compliance, documentation and explainability hard requirements in the tender.

Who is what in the chain?

The AI Act assigns obligations by role. The provider develops or has developed and places on the market; the deployer uses the system under its own authority. A procuring public body is usually a deployer. But anyone who has a system built under their own name, substantially modifies it, or uses it for a different purpose than intended shifts into the provider role โ€” with the heavy high-risk obligations that entails. Settle that allocation before the tender, because it drives the requirements.

Compliance as a procurement requirement

Much government AI falls into an Annex III high-risk category (education, employment, essential services, law enforcement, migration). For such systems you may require the supplier to provide:

  • a CE marking and EU declaration of conformity;
  • the technical documentation and instructions for use (Art. 13);
  • evidence of risk management, data quality and logging;
  • registration in the EU database for high-risk systems.

These belong in the technical specifications (selection) and in the award criteria (quality counts, not just price). Prohibited uses you exclude categorically โ€” see prohibited AI practices.

Fundamental rights and transparency

As a public institution deploying a high-risk system, you must carry out a fundamental rights impact assessment before use โ€” see FRIA: the fundamental rights assessment. Reserve in the contract the access to information you need for it. Also plan entry into the algorithm register and explainability towards citizens; treat these as deliverables, not wishes. See also AI in the public sector.

Avoid vendor lock-in on compliance

A supplier may offer compliance as a black box. That is risky: as deployer you remain accountable. Counter it with contractual audit and information rights, exit arrangements (data portability, handover of documentation) and liability for non-conformity. Tie payment to demonstrable compliance, not delivery alone.

What to do

  • Determine your role (deployer or provider) before the call; it drives every requirement.
  • Put compliance in the tender: CE marking, technical documentation, logging and EU registration as a knock-out and an award criterion.
  • Secure rights: contractual access for the FRIA and entry in the algorithm register.
  • Demand audit and exit rights to avoid lock-in on compliance.
  • Tie payment to demonstrated compliance, not mere delivery.

For AI, procurement is not an administrative step but the first compliance decision. What you do not require in the tender, you do not buy โ€” and will have to fix yourself later.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): obligations for providers and deployers, high-risk Annex III.
  2. https://eur-lex.europa.eu/eli/dir/2014/24/oj
    Directive 2014/24/EU (public procurement): framework for technical specifications, selection and award criteria.

Share on LinkedIn

Read next

U

Right to explanation of an AI decision: what Article 86 of the AI Act gives you

If you are affected by a decision based (in part) on a high-risk AI system, Article 86 of the AI Act gives you the right to a clear explanation of the AI system's role and the main elements of the decision โ€” from the deployer, on top of your GDPR rights.

W

The EU declaration of conformity under the AI Act (Article 47)

The EU declaration of conformity is the written statement by which the provider itself confirms that a high-risk AI system meets the AI Act. Article 47 sets out its content, language and retention; the provider bears full responsibility for it.

W

Distributor duties under the AI Act (Article 24)

A distributor makes a high-risk AI system available without being its provider or importer. Article 24 asks for a lighter but real check: confirm CE marking, declaration of conformity and documentation are present, and do not pass it on where there is doubt.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.