By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept
Table of Contents
Title I: General Provisions
Art. 1 Subject MatterArt. 2 ScopeArt. 3 DefinitionsArt. 4 Implementing Acts
Title IA: General Purpose AI Systems
Art. 4a Compliance of General Purpose AI Systems with this RegulationArt. 4b AI LiteracyArt. 4c Exceptions to Article 4b
Title II: Prohibited Artificial Intelligence Practices
Art. 5 Prohibited Artificial Intelligence Practices
Title III: Classification of AI Systems as High-Risk
Chapter 1: Classification of AI Systems as High-Risk
Art. 6 Classification Rules for High-Risk AI Systems
Art. 7 Amendments to Annex IIIChapter 2: Requirements for High-Risk AI Systems
Art. 8 Compliance with the Requirements
Art. 9 Risk Management System
Art. 10 Data and Data Governance
Art. 11 Technical Documentation
Art. 12 Record-Keeping
Art. 13 Transparency and Provision of Information to Deployers
Art. 14 Human Oversight
Art. 15 Accuracy, Robustness and Cybersecurity
Chapter 3: Obligations of Providers and Users of High-Risk AI Systems and Other Parties
Art. 16 Obligations of Providers of High-Risk AI Systems
Art. 17 Quality Management System
Art. 18 Documentation Keeping
Art. 19 Conformity Assessment
Art. 20 Automatically Generated Logs
Art. 21 Corrective Actions and Duty of Information
Art. 22 Duty of Information
Art. 23 Cooperation with Competent Authorities
Art. 23a Conditions for Other Persons to be Subject to the Obligations of a Provider
Art. 24 [Deleted]
Art. 25 Authorised Representatives
Art. 26 Obligations of Importers
Art. 27 Obligations of Distributors
Art. 28 Responsibilities along the AI Value Chain
Art. 29 Obligations of Deployers of High-Risk AI Systems
Art. 29a Fundamental Rights Impact Assessment for High-Risk AI Systems
Chapter 4: Notifying Authorities and Notified Bodies
Art. 30 Notifying Authorities
Art. 31 Application of a Conformity Assessment Body for Notification
Art. 32 Notification Procedure
Art. 33 Requirements Relating to Notified BodiesArt. 33a Presumption of Conformity with Requirements Relating to Notified BodiesArt. 34 Subsidiaries of and Subcontracting by Notified Bodies
Art. 34a Operational Obligations of Notified Bodies
Art. 35 Identification Numbers and Lists of Notified Bodies Designated under this Regulation
Art. 36 Changes to Notifications
Art. 37 Challenge to the Competence of Notified Bodies
Art. 38 Coordination of Notified Bodies
Art. 39 Conformity Assessment Bodies of Third Countries
Chapter 5: Standards, Conformity Assessment, Certification, Registration
Art. 40 Harmonised Standards and Standardisation Deliverables
Art. 41 Common Specifications
Art. 42 Presumption of Conformity with Certain Requirements
Art. 43 Conformity Assessment
Art. 44 Certificates
Art. 45 Appeal Against Decisions of Notified Bodies
Art. 46 Information Obligations of Notified Bodies
Art. 47 Derogation from Conformity Assessment Procedure
Art. 48 EU Declaration of Conformity
Art. 49 CE Marking of Conformity
Art. 50 [Deleted]Art. 51 Registration
Title IV: Transparency Obligations for Providers and Deployers of Certain AI Systems
Art. 52 Transparency Obligations for Providers and Users of Certain AI Systems and GPAI Models
Title VIIIa: General Purpose AI Models
Chapter 1: Classification Rules
Art. 52a Classification of General Purpose AI Models as General Purpose AI Models with Systemic RiskArt. 52b ProcedureChapter 2: Obligations for Providers of General Purpose AI Models
Art. 52c Obligations for Providers of General Purpose AI ModelsArt. 52ca Authorised RepresentativeChapter 3: Obligations for Providers of General Purpose AI Models with Systemic Risk
Art. 52d Obligations for Providers of General Purpose AI Models with Systemic RiskArt. 52e Codes of Practice
Title V: Measures in Support of Innovation
Art. 53 AI Regulatory SandboxesArt. 53a Modalities and Functioning of AI Regulatory SandboxesArt. 54 Further Processing of Personal Data for Developing Certain AI Systems in the Public Interest in the AI Regulatory SandboxArt. 54a Testing of High-Risk AI Systems in Real World Conditions Outside AI Regulatory SandboxesArt. 54b Informed Consent to Participate in Testing in Real World Conditions Outside AI Regulatory SandboxesArt. 55 Measures for Deployers, in Particular SMEs, including Start-UpsArt. 55a Derogations for Specific Operators
Title VI: Governance
Art. 55b Governance at Union LevelChapter 1: European Artificial Intelligence Board
Art. 56 Establishment of the European Artificial Intelligence BoardArt. 57 [Deleted]
Art. 58 Tasks of the BoardArt. 58a Advisory ForumChapter 1A: Scientific Panel of Independent Experts
Art. 58b Scientific Panel of Independent ExpertsArt. 58c Access to the Pool of Experts by the Member StatesChapter 2: National Competent Authorities
Art. 59 Designation of National Competent Authorities and Single Point of Contact
Title VII: EU Database for High-Risk AI Systems Listed in Annex III
Art. 60 EU Database for High-Risk AI Systems Listed in Annex III
Title VIII: Post-Market Monitoring, Information Sharing, Market Surveillance
Chapter 1: Post-Market Monitoring
Art. 61 Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI SystemsChapter 2: Sharing of Information on Serious Incidents
Art. 62 Reporting of Serious IncidentsChapter 3: Enforcement
Art. 63 Market Surveillance and Control of AI Systems in the Union MarketArt. 63a Mutual Assistance, Market Surveillance and Control of General Purpose AI SystemsArt. 63b Supervision of Testing in Real World Conditions by Market Surveillance AuthoritiesArt. 64 Powers of Authorities Protecting Fundamental RightsArt. 65 Procedure for Dealing with AI Systems Presenting a Risk at National LevelArt. 65a Procedure for Dealing with AI Systems Classified by the Provider as a Not High-Risk in Application of Annex IIIArt. 66 Union Safeguard ProcedureArt. 67 Compliant AI Systems Which Present a RiskArt. 68 Formal Non-ComplianceArt. 68a Union Testing Facilities in the Area of Artificial IntelligenceChapter 3b: Remedies
Art. 68b Right to Lodge a Complaint with a Market Surveillance AuthorityArt. 68c A Right to Explanation of Individual Decision-MakingArt. 68d Amendment to Directive (EU) 2020/1828Art. 68e Reporting of Breaches and Protection of Reporting PersonsChapter 3c: Supervision, Investigation, Enforcement and Monitoring in Respect of Providers of General Purpose AI Models
Art. 68f Enforcement of Obligations on Providers of General Purpose AI ModelsArt. 68g Monitoring ActionsArt. 68h Alerts of Systemic Risks by the Scientific PanelArt. 68i Power to Request Documentation and InformationArt. 68j Power to Conduct EvaluationsArt. 68k Power to Request MeasuresArt. 68m Procedural Rights of Economic Operators of the General Purpose AI Model
Title IX: Codes of Conduct
Art. 69 Codes of Conduct for Voluntary Application of Specific Requirements
Title X: Confidentiality and Penalties
Art. 70 Confidentiality
Art. 71 PenaltiesArt. 72 Administrative Fines on Union Institutions, Agencies and BodiesArt. 72a Fines for Providers of General Purpose AI Models
Title XI: Delegation of Power and Committee Procedure
Art. 73 Exercise of the DelegationArt. 74 Committee Procedure
Title XII: Final Provisions
Art. 75 Amendment to Regulation (EC) No 300/2008Art. 76 Amendment to Regulation (EU) No 167/2013Art. 77 Amendment to Regulation (EU) No 168/2013Art. 78 Amendment to Directive 2014/90/EUArt. 79 Amendment to Directive (EU) 2016/797Art. 80 Amendment to Regulation (EU) 2018/858Art. 81 Amendment to Regulation (EU) 2018/1139Art. 82 Amendment to Regulation (EU) 2019/2144Art. 82a Guidelines from the Commission on the Implementation of this RegulationArt. 83 AI Systems Already Placed on the Market or Put into ServiceArt. 84 Evaluation and ReviewArt. 85 Entry into Force and Application
Privacy Policy | Liability

Article 63

Market Surveillance and Control of AI Systems in the Union Market

Updated on Feb 6th 2024 based on the version endorsed by the Coreper I on Feb 2nd

1. Regulation (EU) 2019/1020 shall apply to AI systems covered by this Regulation. However, for the purpose of the effective enforcement of this Regulation:

  1. any reference to an economic operator under Regulation (EU) 2019/1020 shall be understood as including all operators identified in Article 2(1) of this Regulation;
  2. any reference to a product under Regulation (EU) 2019/1020 shall be understood as including all AI systems falling within the scope of this Regulation.

2. As part of their reporting obligations under Article 34(4) of Regulation (EU) 2019/1020, the market surveillance authorities shall report annually, to the Commission and relevant national competition authorities any information identified in the course of market surveillance activities that may be of potential interest for the application of Union law on competition rules. They shall also annually report to the Commission about the use of prohibited practices that occurred during that year and about the measures taken.

3. For high-risk AI systems, related to products to which legal acts listed in Annex II, section A apply, the market surveillance authority for the purposes of this Regulation shall be the authority responsible for market surveillance activities designated under those legal acts. By derogation from the previous paragraph in justified circumstances, Member States may designate another relevant authority to act as a market surveillance authority provided that coordination is ensured with the relevant sectoral market surveillance authorities responsible for the enforcement of the legal acts listed in Annex II.

3a. The procedures referred to in Articles 65, 66, 67 and 68 of this Regulation shall not apply to AI systems related to products, to which legal acts listed in Annex II, section A apply, when such legal acts already provide for procedures ensuring an equivalent level of protection and having the same objective. In such a case, these sectoral procedures shall apply instead.

3b. Without prejudice to the powers of market surveillance authorities under Article 14 of Regulation 2019/1020, for the purpose of ensuring the effective enforcement of this Regulation, market surveillance authorities may exercise the powers referred to in Article 14(4)(d) and (j) of Regulation 2019/1020 remotely as appropriate.

4. For high-risk AI systems placed on the market, put into service or used by financial institutions regulated by Union legislation on financial services, the market surveillance authority for the purposes of this Regulation shall be the relevant national authority responsible for the financial supervision of those institutions under that legislation in so far as the placement on the market, putting into service or the use of the AI system is in direct connection with the provision of those financial services.

4a. By way of a derogation from the previous subparagraph, in justified circumstances and provided that coordination is ensured, another relevant authority may be identified by the Member State as market surveillance authority for the purposes of this Regulation.

National market surveillance authorities supervising regulated credit institutions regulated under Directive 2013/36/EU, which are participating in the Single Supervisory Mechanism (SSM) established by Council Regulation No 1204/2013, should report, without delay, to the European Central Bank any information identified in the course of their market surveillance activities that may be of potential interest for the European Central Bank’s prudential supervisory tasks as specified in that Regulation.

5. For high-risk AI systems listed in point 1 in so far as the systems are used for law enforcement purposes and for purposes listed in points 6, 7 and 8 of Annex III, Member States shall designate as market surveillance authorities for the purposes of this Regulation either the competent data protection supervisory authorities under Regulation 2016/679, or Directive (EU) 2016/680 or any other authority designated pursuant to the same conditions laid down in Articles 1 to 44 of Directive or Directive (EU) 2016/680. Market surveillance activities shall in no way affect the independence of judicial authorities or otherwise interfere with their activities when acting in their judicial capacity.

6. Where Union institutions, agencies and bodies fall within the scope of this Regulation, the European Data Protection Supervisor shall act as their market surveillance authority except in relation to the Court of Justice acting in its judicial capacity.

7. Member States shall facilitate the coordination between market surveillance authorities designated under this Regulation and other relevant national authorities or bodies which supervise the application of Union harmonisation legislation listed in Annex II or other Union legislation that might be relevant for the high-risk AI systems referred to in Annex III.

7a. Market surveillance authorities and the Commission shall be able to propose joint activities, including joint investigations, to be conducted by either market surveillance authorities or market surveillance authorities jointly with the Commission, that have the aim of promoting compliance, identifying non-compliance, raising awareness and providing guidance in relation to this Regulation with respect to specific categories of high-risk AI systems that are found to present a serious risk across several Member States in accordance with Article 9 of the 2019/1020. The AI Office shall provide coordination support for joint investigations.

7a. Without prejudice to powers provided under Regulation (EU) 2019/1020, and where relevant and limited to what is necessary to fulfil their tasks, the market surveillance authorities shall be granted full access by the provider to the documentation as well as the training, validation and testing datasets used for the development of the high-risk AI system, including, where appropriate and subject to security safeguards, through application programming interfaces (‘API’) or other relevant technical means and tools enabling remote access.

7b. Market surveillance authorities shall be granted access to the source code of the high-risk AI system upon a reasoned request and only when the following cumulative conditions are fulfilled:

  1. access to source code is necessary to assess the conformity of a high-risk AI system with the requirements set out in Title III, Chapter 2; and
  2. testing/auditing procedures and verifications based on the data and documentation provided by the provider have been exhausted or proved insufficient.

7c. Any information and documentation obtained by market surveillance authorities shall be treated in compliance with the confidentiality obligations set out in Article 70.

[Previous version]

1. Regulation (EU) 2019/1020 shall apply to AI systems covered by this Regulation. However, for the purpose of the effective enforcement of this Regulation:

  1. any reference to an economic operator under Regulation (EU) 2019/1020 shall be understood as including all operators identified in Article 2 of this Regulation;
  1. any reference to a product under Regulation (EU) 2019/1020 shall be understood as including all AI systems falling within the scope of this Regulation.

2. As part of their reporting obligations under Article 34(4) of Regulation (EU) 2019/1020, the market surveillance authorities shall report to the Commission about the outcomes of relevant market surveillance activities under this Regulation.

3. For high-risk AI systems, related to products to which legal acts listed in Annex II, section A apply, the market surveillance authority for the purposes of this Regulation shall be the authority responsible for market surveillance activities designated under those legal acts or, in justified circumstances and provided that coordination is ensured, another relevant authority identified by the Member State.

The procedures referred to in Articles 65, 66, 67 and 68 of this Regulation shall not apply to AI systems related to products, to which legal acts listed in Annex II, section A apply, when such legal acts already provide for procedures having the same objective. In such a case, these sectoral procedures shall apply instead.

4. For high-risk AI systems placed on the market, put into service or used by financial institutions regulated by Union legislation on financial services, the market surveillance authority for the purposes of this Regulation shall be the relevant national authority responsible for the financial supervision of those institutions under that legislation in so far as the placement on the market, putting into service or the use of the AI system is in direct connection with the provision of those financial services.

By way of a derogation from the previous subparagraph, in justified circumstances and provided that coordination is ensured, another relevant authority may be identified by the Member State as market surveillance authority for the purposes of this Regulation.

National market surveillance authorities supervising regulated credit institutions regulated under Directive 2013/36/EU, which are participating in the Single Supervisory Mechanism (SSM) established by Council Regulation No 1204/2013, should report, without delay, to the European Central Bank any information identified in the course of their market surveillance activities that may be of potential interest for the European Central Bank’s prudential supervisory tasks as specified in that Regulation.

5. For high-risk AI systems listed in point 1(a) in so far as the systems are used for law enforcement purposes, points 6, 7 and 8 of Annex III, Member States shall designate as market surveillance authorities for the purposes of this Regulation either the national authorities supervising the activities of the law enforcement, border control, immigration, asylum or judicial authorities, or the competent data protection supervisory authorities under Directive (EU) 2016/680, or Regulation 2016/679. Market surveillance activities shall in no way affect the independence of judicial authorities or otherwise interfere with their activities when acting in their judicial capacity.

6. Where Union institutions, agencies and bodies fall within the scope of this Regulation, the European Data Protection Supervisor shall act as their market surveillance authority.

7. Member States shall facilitate the coordination between market surveillance authorities designated under this Regulation and other relevant national authorities or bodies which supervise the application of Union harmonisation legislation listed in Annex II or other Union legislation that might be relevant for the high-risk AI systems referred to in Annex III.

8. Without prejudice to powers provided under Regulation (EU) 2019/1020, and where relevant and limited to what is necessary to fulfil their tasks, the market surveillance authorities shall be granted full access by the provider to the documentation as well as the training, validation and testing datasets used for the development of the high-risk AI system, including, where appropriate and subject to security safeguards, through application programming interfaces (‘API’) or other relevant technical means and tools enabling remote access.

9. Market surveillance authorities shall be granted access to the source code of the high-risk AI system upon a reasoned request and only when the following cumulative conditions are fulfilled:

  1. Access to source code is necessary to assess the conformity of a high-risk AI system with the requirements set out in Title III, Chapter 2, and
  1. testing/auditing procedures and verifications based on the data and documentation provided by the provider have been exhausted or proved insufficient.

10. Any information and documentation obtained by market surveillance authorities shall be treated in compliance with the confidentiality obligations set out in Article 70.

11. Complaints to the relevant market surveillance authority can be submitted by any natural or legal person having grounds to consider that there has been an infringement of the provisions of this Regulation.

In accordance with Article 11(3)(e) and (7)(a) of Regulation (EU) 2019/1020, complaints shall be taken into account for the purpose of conducting the market surveillance activities and be handled in line with the dedicated procedures established therefore by the market surveillance authorities.

Suitable Recitals
(76)
(79)
(80)
(83)
Article 1
Article 2
Article 3
Article 4
Article 4a
Article 4b
Article 4c
Article 5
Article 6
Article 7
Article 8
Article 9
Article 10
Article 11
Article 12
Article 13
Article 14
Article 15
Article 16
Article 17
Article 18
Article 19
Article 20
Article 21
Article 22
Article 23
Article 23a
Article 24
Article 25
Article 26
Article 27
Article 28
Article 29
Article 29a
Article 30
Article 31
Article 32
Article 33
Article 33a
Article 34
Article 34a
Article 35
Article 36
Article 37
Article 38
Article 39
Article 40
Article 41
Article 42
Article 43
Article 44
Article 45
Article 46
Article 47
Article 48
Article 49
Article 50
Article 51
Article 52
Article 52a
Article 52b
Article 52c
Article 52ca
Article 52d
Article 52e
Article 53
Article 53a
Article 54
Article 54a
Article 54b
Article 55
Article 55a
Article 55b
Article 56
Article 57
Article 58
Article 58a
Article 58b
Article 58c
Article 59
Article 60
Article 61
Article 62
Article 63
Article 63a
Article 63b
Article 64
Article 65
Article 65a
Article 66
Article 67
Article 68
Article 68a
Article 68b
Article 68c
Article 68d
Article 68e
Article 68f
Article 68g
Article 68h
EU AI Act Table of Contents
Report error

Report error

Please keep in mind that this form is only for feedback and suggestions for improvement.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© EUAIAct.com. All rights reserved.