Joris DeeneMany companies choose to purchase AI systems from external vendors, possibly with additional customization. In the context of the European AI Act your supplier is then considered the "provider," while you yourself act as the "person responsible for use. Although most of the compliance obligations rest with the provider, you also bear important responsibilities as the person responsible for use:
- Verify that a CE mark is present
- Provide adequate human control by well-trained employees
- Carefully follow documentation requirements and permitted conditions of use
- Actively monitor the use of AI systems to detect problems in a timely manner
After all, you remain ultimately responsible (and liable) when the AI system fails to deliver what was promised. It is therefore essential to clearly assign certain risks to your supplier.
What do the new Model Contractual Clauses (MCC-AI) mean?
The EU Public Buyers Community recently published an updated version of its Model contract provisions for AI purchase (MCC-AI). These model clauses help you effectively manage risks of purchased AI systems.
These model contract provisions exist in two versions:
- MCC-AI-High-Risk: Specifically intended for AI systems identified as high risk under Article 6 of the AI Act.
- MCC-AI-Light: For AI systems that are not high-risk but still require transparency or explanation of decisions made.
What do these provisions focus on?
The MCC-AI are consistent with Chapter III of the AI Act and provide provisions regarding:
- Risk Management Systems
- Data Management
- Technical Documentation
- Human control
- Right of explanation for affected persons (Section 86 AI Act)
They also include important agreements on the division of responsibilities in the AI value chain, such as ownership of datasets, guarantees around third-party data and explanations to affected individuals.
No standard solution: an active approach is required
However, it is important to realize that the MCC-AI are not off-the-shelf solutions. Verbatim inclusion of these provisions in your procurement requirements without further reflection can create significant risks. Providers should be actively engaged in these provisions and should demonstrate an understanding of the obligations and challenges of implementing AI systems.
Prepare now for future compliance
Although the obligations for high-risk AI systems do not apply until next August (and some Annex I products not even until 2027), it is advisable to anticipate now. After all, the purchase of AI systems is an investment for several years. This makes it necessary to pay attention to AI Act compliance already during your next negotiations.
Dutch 
English