Source: OJ L, 2024/1689, 12.7.2024

Current language: EN

Article 20 Corrective actions and duty of information


Summary What does Article 20 of the AI Act say?

This article sets out the corrective action obligations for providers of high-risk AI systems when they become aware, or have reason to believe, that a system they have placed on the market or put into service is not compliant with the regulation.

It covers two connected scenarios: general non-conformity, which triggers remediation or recall duties, and the more serious case where the system presents a risk as defined under Article 79(1), which triggers an immediate investigation and notification to supervisory authorities.

Important points:

  • If you are a provider of a high-risk AI system that is non-conforming, immediately take corrective action — whether that means bringing the system into conformity, withdrawing it, disabling it, or recalling it — and notify distributors, deployers, authorised representatives, and importers accordingly.
  • Where the non-conformity rises to the level of a risk under Article 79(1), investigate the causes immediately, in collaboration with the reporting deployer where applicable, and inform the relevant market surveillance authorities and, where applicable, the notified body that issued the certificate under Article 44.
  • The notification to authorities must cover both the nature of the non-compliance and any corrective action taken.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Providers of high-risk AI systems which consider or have reason to consider that a high-risk AI system that they have placed on the market or put into service is not in conformity with this Regulation shall immediately take the necessary corrective actions to bring that system into conformity, to withdraw it, to disable it, or to recall it, as appropriate. They shall inform the distributors of the high-risk AI system concerned and, where applicable, the deployers, the authorised representative and importers accordingly.

    1. Where the high-risk AI system presents a risk within the meaning of Article 79(1) and the provider becomes aware of that risk, it shall immediately investigate the causes, in collaboration with the reporting deployer, where applicable, and inform the market surveillance authorities competent for the high-risk AI system concerned and, where applicable, the notified body that issued a certificate for that high-risk AI system in accordance with Article 44, in particular, of the nature of the non-compliance and of any relevant corrective action taken.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod