The four roles: developers, providers, deployers, users
Governance responsibilities shift across the AI life cycle. Know each role's signature duties → and the terminology trap that the Colorado AI Act says Developer while the EU AI Act says Provider for similar actors.
Governance responsibilities shift depending on where you sit in the AI life cycle. Know each role's signature duties and the example entities.
| Role | Signature duties | Examples |
|---|---|---|
| Developers | Design, develop and implement models, algorithms, applications · clean, preprocess and transform raw data for training · test for accuracy, reliability and bias · hand deployers documentation covering foreseeable uses, known harmful uses, training data summaries and system limitations · mitigate algorithmic discrimination risks, make public statements about systems and risk management, notify authorities and deployers of newly discovered risks | Cybersecurity firm building AI network monitoring · startup with a public GenAI chatbot |
| Providers | Ensure safety, transparency and accountability standards before going to market · comply with legal requirements incl. data security and ethical use · manage risk across the life cycle · prepare comprehensive technical documentation, especially for general-purpose AI incl. training content · report serious incidents, notify authorities of systemic risks · carry accountability and potential liability | Company developing and selling an AI recruitment automation system |
| Deployers | Use AI per regulations and provider instructions · maintain human oversight, esp. high-risk · train staff, build AI literacy · for high-risk systems ensure input data is relevant, representative, error-free and complete · monitor continuously, report risks and serious incidents to providers · keep detailed logs, run regular impact assessments (Colorado AI Act) · notify consumers when high-risk AI makes consequential decisions about them · maintain a risk management policy and programme | Bank using AI to assist loan decisions · company using an external AI customer service tool |
| Users | Recognise when they are engaging with AI · follow guidelines · give feedback on performance and issues · understand and exercise rights → notice and human review for consequential decisions | Individual using GenAI for creative work · customer chatting with a website bot |
Needs at a glance. Developers need clarity on the algorithm's purpose and applicable legal limits, resources for constraints and governance, and feedback from deployers and users. Providers need clear information on purpose and construction, resources for governance and mitigations, and feedback from deployers and users. Deployers need clear information on how it was made, guidance on parameters for appropriate use, and feedback from users. Users need clear guidance for use incl. governance tools and documentation, and knowledge of how to feed back to the deployer.
Terminology trap → the Colorado AI Act says "developers" while the EU AI Act says "providers" for similar actors. And roles overlap → a developer can also be a deployer, and multiple entities can serve as developers and deployers across an AI's lifespan.