We have considered in some detail the reliance that providers of AI systems will have on third parties when providers assure others of their compliance with regulatory and societal requirements. The EU’s draft AI Act defines a provider as follows:

- ‘provider’ means a natural or legal person, public authority, agency or other body that develops an AI system or that has an AI system developed with a view to placing it on the market or putting it into service under its own name or trademark, whether for payment or free of charge.

Earlier drafts of the Act identified the reliance providers would have on third party suppliers. One draft noted that:

- in the light of the complexity of the artificial intelligence value chain, relevant third parties, notably the ones involved in the sale and the supply of software, software tools and components, pre-trained models and data, or providers of network services, should cooperate, as appropriate, with providers and users to enable their compliance with the obligations under this Regulation and with competent authorities established under this Regulation.

We developed what we called a “minimum viable solution” to the problem. We deliberately adopted terminology that alludes to the “start-up” nature of developments in this field. We want to encourage an industry-led multi-stakeholder approach to the problem. We call this the “multi-actor governance framework” or MAGF for short.