Art. 80 Procedure for dealing with AI systems classified by the provider as non-high-risk in application of Annex III | AI act regulation | AI act

This article establishes the procedure for challenging a provider's own risk classification of an AI system.

It directly connects to Article 6(3), which allows providers to self-declare that a system listed in Annex III is not high-risk.

Article 80 is the enforcement counterpart to that self-classification mechanism: it gives market surveillance authorities the power to investigate and overturn such a classification where they have sufficient reason to believe it is incorrect.

If the authority confirms the system is indeed high-risk, it can require the provider to remediate and bring the system into compliance.

Failure to do so opens the provider up to fines under Article 99.

Notably, the article also singles out providers who deliberately misclassified their system to avoid high-risk obligations, making them separately liable for fines.

Important points:

Market surveillance authorities are empowered to evaluate and overturn a provider's non-high-risk classification, using Article 6(3) conditions and Commission guidelines as the basis for their assessment.
If a system is found to be high-risk, providers must bring it into compliance across all versions made available on the Union market, and non-compliance within the prescribed period triggers fines under Article 99.
Providers found to have intentionally misclassified an AI system as non-high-risk to circumvent Chapter III, Section 2 requirements are subject to fines under Article 99.

1. Where a market surveillance authority has sufficient reason to consider that an AI system classified by the provider as non-high-risk pursuant to Article 6(3) is indeed high-risk, the market surveillance authority shall carry out an evaluation of the AI system concerned in respect of its classification as a high-risk AI system based on the conditions set out in Article 6(3) and the Commission guidelines.
1. Where, in the course of that evaluation, the market surveillance authority finds that the AI system concerned is high-risk, it shall without undue delay require the relevant provider to take all necessary actions to bring the AI system into compliance with the requirements and obligations laid down in this Regulation, as well as take appropriate corrective action within a period the market surveillance authority may prescribe.
1. Where the market surveillance authority considers that the use of the AI system concerned is not restricted to its national territory, it shall inform the Commission and the other Member States without undue delay of the results of the evaluation and of the actions which it has required the provider to take.
1. The provider shall ensure that all necessary action is taken to bring the AI system into compliance with the requirements and obligations laid down in this Regulation. Where the provider of an AI system concerned does not bring the AI system into compliance with those requirements and obligations within the period referred to in paragraph 2 of this Article, the provider shall be subject to fines in accordance with Article 99.
1. The provider shall ensure that all appropriate corrective action is taken in respect of all the AI systems concerned that it has made available on the Union market.
1. Where the provider of the AI system concerned does not take adequate corrective action within the period referred to in paragraph 2 of this Article, Article 79(5) to (9) shall apply.
1. Where, in the course of the evaluation pursuant to paragraph 1 of this Article, the market surveillance authority establishes that the AI system was misclassified by the provider as non-high-risk in order to circumvent the application of requirements in Chapter III, Section 2, the provider shall be subject to fines in accordance with Article 99.
1. In exercising their power to monitor the application of this Article, and in accordance with Article 11 of Regulation (EU) 2019/1020, market surveillance authorities may perform appropriate checks, taking into account in particular information stored in the EU database referred to in Article 71 of this Regulation.