Provider (Art. 16)
The provider bidding must deliver technical documentation (Annex IV) and CE marking for any Annex III system.
AI Assurance — Public Sector
AI Assurance for public administrations and their suppliers
In the public sector AI is not built — it is procured. The supply chain distributes obligations: the provider delivers technical documentation and CE marking (Art. 16), the integrator signs conformity (Art. 24), and the deploying public administration (Art. 26) carries out the fundamental-rights impact assessment and ongoing monitoring. Bringing conformity to a single platform avoids rebuilding documentation for every tender.
What we see in this sector
Scattered inventory of AI systems across departments, with diffuse accountability.
Insufficient traceability for audit — minutes in Word, evidence in emails.
EU AI Act deadlines overlapping with national security framework obligations and automated administrative action duties.
Typical use cases
- Assisted administrative decisions (benefits, grants)
- Justice, migration, public order
- Fraud detection in public services
- Adaptive education and assessment
Applicable regulatory frameworks
Primary frameworks
Reglamento (UE) 2024/1689 — Reglamento de Inteligencia Artificial
Reg. (UE) 2024/1689 · Official source →
EU AI Act. Applies whenever the system operates in the EU.
ENS — Esquema Nacional de Seguridad
RD 311/2022 · Official source →
Spanish security framework for public administrations and their suppliers.
Ley 40/2015 — Actuación administrativa automatizada
Ley 40/2015 Art. 41 · Official source →
Traceability and disclosure of algorithms used by public administrations.
Cross-cutting frameworks
GDPR Art. 22 — Decisiones automatizadas
Reg. (UE) 2016/679 Art. 22 · Official source →
Automated individual decisions with legal effects on people.
ISO/IEC 42001:2023 — Sistema de Gestión de IA
ISO/IEC 42001:2023 · Official source →
Voluntary AI management framework, alignable with the EU AI Act.
AI supply chain — your role determines your obligations
The EU AI Act distributes obligations by role (Arts. 16, 24, 26). In this sector each role contributes a different piece to assurance.
Integrator (Art. 24)
The integrator (consultancy, JV) is responsible for conformity of the delivered product and assumes Art. 24 obligations.
Deployer (Art. 26)
The deploying public administration (Art. 26) must verify the supplier's CE marking, conduct fundamental-rights impact assessments and monitor the system in production.