Source: OJ L, 2024/1689, 12.7.2024

Current language: EN

Article 24 Obligations of distributors


Summary What does Article 24 of the AI act regulation say?

This article sets out the obligations of distributors — those in the supply chain who make high-risk AI systems available on the Union market without being the original provider or importer.

It sits alongside Articles 22 and 23, which cover authorised representatives and importers respectively, and together these articles define the responsibilities of each actor in the distribution chain.

Article 24 requires distributors to conduct upfront verification checks before placing a system on the market, to manage compliance risks while the system is under their control, and to take corrective action — including withdrawal or recall — if non-conformity is discovered after the fact.

Distributors are also required to cooperate with competent authorities on request.

Important points:

  • Verify, before making a high-risk AI system available, that it bears the CE marking, is accompanied by the EU declaration of conformity and instructions for use, and that the provider and importer have met their respective obligations.
  • Do not make a high-risk AI system available on the market if you have reason to consider it is not in conformity, and take corrective action — including withdrawal or recall — if non-conformity is identified after it has been made available.
  • Distributors are required to cooperate with competent authorities and provide all relevant information and documentation upon a reasoned request.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Before making a high-risk AI system available on the market, distributors shall verify that it bears the required CE marking, that it is accompanied by a copy of the EU declaration of conformity referred to in Article 47 and instructions for use, and that the provider and the importer of that system, as applicable, have complied with their respective obligations as laid down in Article 16, points (b) and (c) and Article 23(3).

    1. Where a distributor considers or has reason to consider, on the basis of the information in its possession, that a high-risk AI system is not in conformity with the requirements set out in Section 2, it shall not make the high-risk AI system available on the market until the system has been brought into conformity with those requirements. Furthermore, where the high-risk AI system presents a risk within the meaning of Article 79(1), the distributor shall inform the provider or the importer of the system, as applicable, to that effect.

    1. Distributors shall ensure that, while a high-risk AI system is under their responsibility, storage or transport conditions, where applicable, do not jeopardise the compliance of the system with the requirements set out in Section 2.

    1. A distributor that considers or has reason to consider, on the basis of the information in its possession, a high-risk AI system which it has made available on the market not to be in conformity with the requirements set out in Section 2, shall take the corrective actions necessary to bring that system into conformity with those requirements, to withdraw it or recall it, or shall ensure that the provider, the importer or any relevant operator, as appropriate, takes those corrective actions. Where the high-risk AI system presents a risk within the meaning of Article 79(1), the distributor shall immediately inform the provider or importer of the system and the authorities competent for the high-risk AI system concerned, giving details, in particular, of the non-compliance and of any corrective actions taken.

    1. Upon a reasoned request from a relevant competent authority, distributors of a high-risk AI system shall provide that authority with all the information and documentation regarding their actions pursuant to paragraphs 1 to 4 necessary to demonstrate the conformity of that system with the requirements set out in Section 2.

    1. Distributors shall cooperate with the relevant competent authorities in any action those authorities take in relation to a high-risk AI system made available on the market by the distributors, in particular to reduce or mitigate the risk posed by it.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod