Source: OJ L, 2024/1689, 12.7.2024

Current language: EN

Article 37 Challenge to the competence of notified bodies


Summary What does Article 37 of the AI act regulation say?

This article establishes the Commission's oversight role over notified bodies — the independent conformity assessment organisations that verify whether high-risk AI systems meet the requirements of the regulation.

It sets out the Commission's power to investigate notified bodies where their competence or continued compliance with the requirements of Article 31 is in doubt, and crucially, gives the Commission the ability to act directly if a Member State fails to address identified problems.

Important points:

  • The Commission has the power to investigate notified bodies where their competence or ongoing compliance is in question.
  • Notifying authorities are required to supply the Commission with all relevant information on request to support these investigations.
  • Where a Member State fails to take corrective action against a non-compliant notified body, the Commission may itself suspend, restrict or withdraw the body's designation through an implementing act.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The Commission shall, where necessary, investigate all cases where there are reasons to doubt the competence of a notified body or the continued fulfilment by a notified body of the requirements laid down in Article 31 and of its applicable responsibilities.

    1. The notifying authority shall provide the Commission, on request, with all relevant information relating to the notification or the maintenance of the competence of the notified body concerned.

    1. The Commission shall ensure that all sensitive information obtained in the course of its investigations pursuant to this Article is treated confidentially in accordance with Article 78.

    1. Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall inform the notifying Member State accordingly and request it to take the necessary corrective measures, including the suspension or withdrawal of the notification if necessary. Where the Member State fails to take the necessary corrective measures, the Commission may, by means of an implementing act, suspend, restrict or withdraw the designation. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 98(2).

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod