The EU AI Act establishes a comprehensive market surveillance framework under Art.74-79 that empowers national authorities to test AI systems, access documentation, request corrective actions, and restrict non-compliant products. The framework includes provisions for whistle-blower protection and a structured process for addressing AI systems that present risks to health, safety, or fundamental rights.
Market Surveillance and Compliance Checks for AI Systems
Overview of the Market Surveillance Framework
Market surveillance under the EU AI Act builds upon the existing framework established by Regulation (EU) 2019/1020 on market surveillance and compliance of products, while introducing AI-specific adaptations. The regime ensures that AI systems placed on the EU market or put into service within the Union continue to meet regulatory requirements throughout their lifecycle.
The framework operates on two levels: proactive monitoring through planned surveillance activities, and reactive enforcement in response to complaints, incident reports, or information from other authorities. This dual approach reflects the dynamic nature of AI systems, which can change behavior over time through learning processes.
Testing and Inspection Powers Under Art.74
Market surveillance authorities under Art.74 possess a range of investigative and testing powers:
- Access to AI systems, their documentation, and data used for testing and validation
- Power to request information from providers, deployers, importers, and distributors
- Authority to conduct unannounced inspections of premises and facilities
- Ability to obtain samples of AI systems for examination and testing
- Power to test AI systems in real-world conditions where appropriate
- Access to source code where necessary to assess compliance
These powers are exercised in accordance with national procedural law and are subject to the principle of proportionality. Authorities must consider the nature and severity of the suspected non-compliance when determining the scope of their investigation.
Testing Methodologies
The regulation recognizes that AI systems require specialized testing approaches. Under Art.74, authorities can employ technical testing to verify that AI systems meet the requirements set out in Chapter III, Section 2, including accuracy, robustness, and cybersecurity requirements under Art.15.
Testing may involve examining training data governance practices under Art.10, verifying the accuracy of technical documentation under Art.11, and assessing whether risk management systems under Art.9 are functioning as designed.
Corrective Actions and Enforcement
Non-Compliant AI Systems
Art.79 establishes the procedure for dealing with AI systems that present a risk at the national level. When a market surveillance authority finds that an AI system does not comply with the regulation, it requires the relevant economic operator to take corrective action within a reasonable period. Possible corrective measures include:
| Measure | Application |
|---|---|
| Bring into conformity | When non-compliance can be remedied through modifications |
| Restrict availability | When the system presents a limited risk pending correction |
| Withdraw from market | When the system must be removed from circulation |
| Recall | When systems already deployed must be returned or deactivated |
| Prohibit market placement | When future availability must be prevented |
Union Safeguard Procedure
Art.80-81 establish the Union safeguard procedure that applies when a member state takes restrictive measures against an AI system. The procedure ensures that national enforcement actions are reviewed at the Union level to prevent unjustified trade barriers while maintaining consistent safety standards.
When a member state notifies the Commission of a restrictive measure, other member states have the opportunity to submit observations. The Commission then evaluates whether the national measure is justified and proportionate, providing a final determination that is binding on all member states.
Whistle-Blower Protections
Art.87 establishes specific protections for individuals who report violations of the AI Act. The provision references Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law, ensuring that:
- Reporting channels are accessible and confidential
- Whistle-blowers are protected from retaliation including dismissal, demotion, and harassment
- Reports are followed up with appropriate diligence
- The identity of reporting persons is protected to the extent permitted by law
These protections are particularly important in the AI context, where employees or contractors may be the first to identify that an AI system is not functioning as intended or that compliance documentation does not accurately reflect the system's actual behavior.
Preparing for Market Surveillance
Organizations subject to market surveillance should maintain comprehensive and up-to-date compliance documentation, implement internal monitoring systems that can detect drift or degradation in AI system performance, and establish clear procedures for responding to authority inquiries.
The MmowW platform at mmoww.net/ai/app/ helps organizations build the daily documentation habits that form the backbone of market surveillance readiness, creating an auditable trail of AI governance activities that authorities can review.
Start your AI compliance journey with MmowW — Ready before you deploy.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.