Source: OJ L, 2024/1689, 12.7.2024

Current language: EN

Article 82 Compliant AI systems which present a risk

Summary What does Article 82 of the AI act regulation say?

This article addresses a specific edge case that sits alongside the main non-compliance procedure established in Article 79: what happens when a high-risk AI system is found to be technically compliant with the regulation, yet still poses a risk to health, safety, fundamental rights, or public interest.

In that scenario, the market surveillance authority of a Member State can still compel the relevant operator to take corrective action.

The article then sets out the notification chain that follows, requiring Member States to inform the Commission and other Member States, after which the Commission evaluates the national measures taken and decides whether they are justified.

Important points:

  • Market surveillance authorities are empowered to require corrective action from operators even when an AI system is fully compliant with the regulation, if it nonetheless presents a risk.
  • Operators must apply any corrective action across all affected AI systems they have made available on the Union market, within the timeline set by the relevant authority.
  • Member States must immediately inform the Commission and other Member States of any such finding, including details on the AI system, its supply chain, the nature of the risk, and the measures taken.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Where, having performed an evaluation under Article 79, after consulting the relevant national public authority referred to in Article 77(1), the market surveillance authority of a Member State finds that although a high-risk AI system complies with this Regulation, it nevertheless presents a risk to the health or safety of persons, to fundamental rights, or to other aspects of public interest protection, it shall require the relevant operator to take all appropriate measures to ensure that the AI system concerned, when placed on the market or put into service, no longer presents that risk without undue delay, within a period it may prescribe.

    1. The provider or other relevant operator shall ensure that corrective action is taken in respect of all the AI systems concerned that it has made available on the Union market within the timeline prescribed by the market surveillance authority of the Member State referred to in paragraph 1.

    1. The Member States shall immediately inform the Commission and the other Member States of a finding under paragraph 1. That information shall include all available details, in particular the data necessary for the identification of the AI system concerned, the origin and the supply chain of the AI system, the nature of the risk involved and the nature and duration of the national measures taken.

    1. The Commission shall without undue delay enter into consultation with the Member States concerned and the relevant operators, and shall evaluate the national measures taken. On the basis of the results of that evaluation, the Commission shall decide whether the measure is justified and, where necessary, propose other appropriate measures.

    1. The Commission shall immediately communicate its decision to the Member States concerned and to the relevant operators. It shall also inform the other Member States.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod