The recipient is the only one with the private key because they generate the private key (simultaneously with the public key) on their own computer and then they don’t give anyone else a copy.
There is no mechanism per se that ensures only the recipient receives the encrypted message. But only someone with the private key can decrypt it.