Source: OJ L, 2024/1689, 12.7.2024Current language: EN
- Artificial intelligence act
Basic legislative acts
- AI act regulation
Article 70 Designation of national competent authorities and single points of contact
Summary What does Article 70 of the AI act regulation say?
This article establishes the national governance infrastructure required to enforce the AI Act at the Member State level.
Each country must designate at least one notifying authority and one market surveillance authority, and these bodies must operate independently and impartially.
The article goes beyond simply requiring their establishment — it also sets out requirements for their resourcing, reporting obligations, and the designation of a single point of contact per Member State for coordinating with the Commission.
Important points:
- Member States are required to designate national competent authorities covering both notifying and market surveillance functions, and must ensure those authorities are adequately resourced with staff possessing expertise across AI technologies, data protection, cybersecurity, and fundamental rights.
- Member States must report to the Commission by 2 August 2025, and every two years thereafter, on the financial and human resources of their national competent authorities.
- Where Union institutions, bodies, offices, or agencies fall within the scope of this Regulation, the European Data Protection Supervisor acts as the competent authority for their supervision.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of this Regulation. Those national competent authorities shall exercise their powers independently, impartially and without bias so as to safeguard the objectivity of their activities and tasks, and to ensure the application and implementation of this Regulation. The members of those authorities shall refrain from any action incompatible with their duties. Provided that those principles are observed, such activities and tasks may be performed by one or more designated authorities, in accordance with the organisational needs of the Member State.
Member States shall communicate to the Commission the identity of the notifying authorities and the market surveillance authorities and the tasks of those authorities, as well as any subsequent changes thereto. Member States shall make publicly available information on how competent authorities and single points of contact can be contacted, through electronic communication means by 2 August 2025. Member States shall designate a market surveillance authority to act as the single point of contact for this Regulation, and shall notify the Commission of the identity of the single point of contact. The Commission shall make a list of the single points of contact publicly available.
Member States shall ensure that their national competent authorities are provided with adequate technical, financial and human resources, and with infrastructure to fulfil their tasks effectively under this Regulation. In particular, the national competent authorities shall have a sufficient number of personnel permanently available whose competences and expertise shall include an in-depth understanding of AI technologies, data and data computing, personal data protection, cybersecurity, fundamental rights, health and safety risks and knowledge of existing standards and legal requirements. Member States shall assess and, if necessary, update competence and resource requirements referred to in this paragraph on an annual basis.
National competent authorities shall take appropriate measures to ensure an adequate level of cybersecurity.
When performing their tasks, the national competent authorities shall act in accordance with the confidentiality obligations set out in Article 78.
By 2 August 2025, and once every two years thereafter, Member States shall report to the Commission on the status of the financial and human resources of the national competent authorities, with an assessment of their adequacy. The Commission shall transmit that information to the Board for discussion and possible recommendations.
The Commission shall facilitate the exchange of experience between national competent authorities.
National competent authorities may provide guidance and advice on the implementation of this Regulation, in particular to SMEs including start-ups, taking into account the guidance and advice of the Board and the Commission, as appropriate. Whenever national competent authorities intend to provide guidance and advice with regard to an AI system in areas covered by other Union law, the national competent authorities under that Union law shall be consulted, as appropriate.
Where Union institutions, bodies, offices or agencies fall within the scope of this Regulation, the European Data Protection Supervisor shall act as the competent authority for their supervision.
Relevant recitals
Recital 148 Establishment of EU expertise and capabilities
This Regulation should establish a governance framework that both allows to coordinate and support the application of this Regulation at national level, as well as build capabilities at Union level and integrate stakeholders in the field of AI. The effective implementation and enforcement of this Regulation require a governance framework that allows to coordinate and build up central expertise at Union level. The AI Office was established by Commission Decision(45) and has as its mission to develop Union expertise and capabilities in the field of AI and to contribute to the implementation of Union law on AI. Member States should facilitate the tasks of the AI Office with a view to support the development of Union expertise and capabilities at Union level and to strengthen the functioning of the digital single market. Furthermore, a Board composed of representatives of the Member States, a scientific panel to integrate the scientific community and an advisory forum to contribute stakeholder input to the implementation of this Regulation, at Union and national level, should be established. The development of Union expertise and capabilities should also include making use of existing resources and expertise, in particular through synergies with structures built up in the context of the Union level enforcement of other law and synergies with related initiatives at Union level, such as the EuroHPC Joint Undertaking and the AI testing and experimentation facilities under the Digital Europe Programme.
Recital 153 Mandatory national authorities
Member States hold a key role in the application and enforcement of this Regulation. In that respect, each Member State should designate at least one notifying authority and at least one market surveillance authority as national competent authorities for the purpose of supervising the application and implementation of this Regulation. Member States may decide to appoint any kind of public entity to perform the tasks of the national competent authorities within the meaning of this Regulation, in accordance with their specific national organisational characteristics and needs. In order to increase organisation efficiency on the side of Member States and to set a single point of contact vis-à-vis the public and other counterparts at Member State and Union levels, each Member State should designate a market surveillance authority to act as a single point of contact.
Recital 154 Independence of national authorities
The national competent authorities should exercise their powers independently, impartially and without bias, so as to safeguard the principles of objectivity of their activities and tasks and to ensure the application and implementation of this Regulation. The members of these authorities should refrain from any action incompatible with their duties and should be subject to confidentiality rules under this Regulation.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
conformity assessment
Definition
instructions for use
Definition
testing in real-world conditions
Definition
provider
Definition
national competent authority
Definition
notifying authority
Definition
market surveillance authority
Definition
AI Office
Definition
personal data
Definition
subject
Definition
conformity assessment body
Definition
deployer
Definition
intended purpose
Definition
AI system
Definition
risk
Definition
general-purpose AI model
Footnote 45