EU AI Act Enforcement: Who Can Act, When, and How

The EU AI Act's penalty ceiling gets the headlines. The enforcement architecture rarely does — which is why companies are surprised to learn that the infrastructure authorised to investigate, demand documents, and order market withdrawals has been operational since August 2025. Understanding who enforces the Regulation, what powers they hold, and which obligations are already enforceable today matters more than any deadline article, because it tells you where the real near-term exposure sits.

---

The enforcement bodies: three layers

National competent authorities (Article 70)

Each EU member state was required to designate at least one national competent authority (NCA) and notify the Commission by 2 August 2025. Article 70 sets out the requirement; member states get to decide the internal structure. In practice, most have assigned the role to an existing agency — a data protection authority, a market-surveillance body, or a sectoral regulator, depending on the country.

Germany designated the Bundesnetzagentur (Federal Network Agency) as its primary AI market-surveillance authority under a framework proposed in the KI-Marktüberwachungsgesetz (KI-MIG), which was approved by cabinet in February 2026 and is expected to enter into force before the end of 2026. France pointed to the CNIL and ANSSI for overlapping competences; Spain has the AESIA (Agencia Española de Supervisión de Inteligencia Artificial), operational since 2024. The exact configuration matters for companies because investigations, document requests, and corrective orders come from the NCA of the member state where you place a system on the market or where an incident occurs.

Under Article 70, each member state must also designate a single point of contact for coordination with the Commission and the AI Board.

The market surveillance authorities (Article 74)

Market surveillance is a distinct function from general NCA oversight. The market surveillance authorities (MSAs) — designated under Article 74 and aligned with Regulation (EU) 2019/1020 — are specifically responsible for monitoring products and AI systems already on the market. They hold the investigative powers: access to premises, document requests, orders to recall or withdraw systems, and coordination across borders.

The MSA framework is already live. The powers under Articles 74 and following apply from 2 August 2025. An MSA can today:

• Request access to any documentation required by the Regulation.
• Inspect technical documentation, risk management records, and conformity assessment files.
• Issue a corrective order requiring a provider to bring a non-compliant system into conformity.
• Order a market withdrawal if a system poses unacceptable risk that cannot be remedied.
• Coordinate with counterparts in other member states through the AI Board's facilitation mechanisms.

The fact that the high-risk obligations for Annex III systems do not yet apply (they will from 2 December 2027 under the Digital Omnibus) does not limit these investigative powers over the obligations that already apply — Article 5 prohibitions, GPAI obligations, and the Article 99 penalties framework.

The AI Office (Chapter VII)

The AI Office was established within the Commission to serve as the EU-level supervisory body for general-purpose AI (GPAI) models. Its mandate runs from 2 August 2025 in parallel with the GPAI obligations in Chapter V. The AI Office:

• Oversees the implementation of codes of practice under Article 56.
• Monitors GPAI providers for compliance with Articles 53 and 55.
• Can itself investigate GPAI providers and, for systemic-risk models, impose fines under Article 101 (up to €15 million or 3% of total worldwide annual turnover, whichever is higher).
• Coordinates with the scientific panel of independent experts established under Article 68, which can issue qualified alerts on systemic risks through the mechanism in Article 90.

The AI Office operates at Commission level, meaning it can act across the entire Single Market without waiting for national procedures.

The AI Board (Chapter VIII)

The AI Board consists of representatives from each member state's NCA plus the European Data Protection Supervisor as a non-voting observer. Its role is primarily coordination and guidance: it issues opinions on draft implementing acts, facilitates consistent application across member states, and supports cross-border investigations. The Board does not itself impose fines or issue enforcement orders — it is a governance layer that reduces the fragmentation risk inherent in having 27 NCAs operating under the same Regulation.

---

What is enforceable now

The common misconception is that enforcement only kicks in once the high-risk deadline arrives. That is wrong. The Regulation has three active enforcement layers as of today (June 2026):

1. Article 5 prohibitions — since 2 February 2025

The eight categorical prohibitions under Article 5 — subliminal manipulation (5(1)(a)), exploitation of vulnerabilities (5(1)(b)), social scoring by public authorities (5(1)(c)), predicting offending solely from profiling (5(1)(d)), untargeted facial-image scraping (5(1)(e)), emotion inference in workplaces and educational settings (5(1)(f)), biometric categorisation inferring sensitive attributes (5(1)(g)), and real-time remote biometric identification in publicly accessible spaces by law enforcement outside permitted exceptions (5(1)(h)) — have applied since 2 February 2025. There is no grace period and no conformity-assessment pathway. Any NCA can open an investigation today for a suspected violation. The penalty ceiling under Article 99(3): €35 million or 7% of total worldwide annual turnover, whichever is higher.

2. GPAI model obligations — since 2 August 2025

GPAI providers — companies placing a general-purpose AI model on the EU market under their own name — have been subject to Chapter V since 2 August 2025. That includes: technical documentation (Article 53), downstream information obligations (Article 53), a copyright compliance policy (Article 53), and for systemic-risk GPAI providers, model evaluations, adversarial testing, incident reporting, and cybersecurity measures (Article 55). The AI Office is the enforcing body; fines reach €15 million or 3% under Article 101.

3. Penalties framework — since 2 August 2025

Article 99 (the general penalty article) became applicable on 2 August 2025. That means the legal basis for fines exists now, not in 2027. In practice, regulators will focus first on the prohibitions and the GPAI obligations where evidence is clear — but the machinery is in place.

---

When enforcement ramps phase by phase

Article 50 transparency — 2 August 2026

Limited-risk systems come under Article 50 from 2 August 2026. This covers: AI-interaction disclosure (chatbots must identify themselves as AI), synthetic-content marking, emotion-recognition and biometric-categorisation disclosure, and deepfake labelling. Non-compliance with these transparency obligations falls under Article 99(4): €15 million or 3% of total worldwide annual turnover, whichever is higher.

High-risk Annex III systems — 2 December 2027

Stand-alone high-risk AI systems — the Annex III list covering recruitment, creditworthiness, biometrics (where lawful), education, critical infrastructure, law enforcement, migration, and the administration of justice — must comply with the full high-risk stack by 2 December 2027. This date was pushed back from the original 2 August 2026 under the Digital Omnibus (political agreement between Parliament and Council, May 2026; formal adoption expected before 2 August 2026).

The obligations due by 2 December 2027 include: a risk management system under Article 9, data governance under Article 10, Annex IV technical documentation under Article 11, record-keeping under Article 12, transparency to deployers under Article 13, human oversight under Article 14, accuracy and cybersecurity under Article 15, a quality management system under Article 17, conformity assessment under Article 43, EU declaration of conformity under Article 47, CE marking under Article 48, and registration in the EU database under Article 49.

Non-compliance after that date exposes providers and deployers to Article 99(4) fines: €15 million or 3% of total worldwide annual turnover, whichever is higher. For supplying incorrect or misleading information to a notified body or competent authority, Article 99(5) applies: €7.5 million or 1%.

One proportionality note that matters for smaller organisations: under Article 99(6), fines for SMEs and start-ups are capped at the lower of the percentage or the fixed amount — so a €5 million-turnover company facing a 3% fine is capped at €150,000, not €15 million. This is a genuine protection, though it does not reduce the obligation itself.

High-risk AI embedded in regulated products — 2 August 2028

High-risk AI systems that function as safety components of products governed by EU product safety legislation listed in Annex I — including medical devices under MDR, machinery under the Machinery Regulation, aviation, and automotive safety — must comply by 2 August 2028. These systems follow the Article 6(1) route rather than Article 6(2)/Annex III, and their conformity assessment is typically integrated into the existing product-law conformity procedure.

---

How market surveillance works in practice

Article 74 and the following provisions give MSAs a structured escalation toolkit. The sequence, broadly, runs like this:

1. Trigger: a complaint, a serious-incident report under Article 73, a cross-border alert from another MSA, or the authority's own market monitoring.

2. Document request: the MSA requests access to technical documentation, logs, risk management records, and the conformity assessment file. For high-risk systems this is the Annex IV technical documentation pack. Providers and deployers must cooperate under Article 74; refusal or obstruction is itself a basis for sanctions.

3. On-site inspection: where remote document access is insufficient, inspectors can visit premises — subject to appropriate judicial authorisation in some member states.

4. Preliminary finding: if the authority identifies a potential non-conformity, it issues a preliminary finding and invites the company to respond.

5. Corrective order: where non-conformity is confirmed, the MSA can order the provider to bring the system into conformity within a set deadline, suspend deployment, or restrict access to the EU market.

6. Market withdrawal: for systems posing unacceptable risk, the MSA can order recall or market withdrawal and notify other member states through RAPEX (the EU rapid alert system) and the AI Board.

7. Penalty referral: the MSA can refer the case to the penalty-imposing authority (in most member states, a separate administrative court or the NCA acting in its penalty capacity) for imposition of Article 99 fines.

Throughout this process, the AI Board facilitates cross-border coordination. If a system is placed on the market in multiple member states, the lead MSA (typically the member state where the provider is established) coordinates with the others.

---

The key practical implication: the infrastructure is live before the high-risk deadline

Companies sometimes treat December 2027 as the start date for any enforcement risk on high-risk AI. That is a misreading. Consider what is already in place:

• NCAs have been designated and notified.
• MSAs hold live investigative powers under Articles 74+.
• Article 99 penalties apply since August 2025.
• The AI Office is monitoring GPAI providers now.
• Serious-incident reporting obligations under Article 73 apply to any high-risk system providers have already placed on the market — with a 15-day window from awareness of a serious incident (2 days for widespread infringement or critical-infrastructure disruption; 10 days where a fatality is involved).

A company deploying an Annex III high-risk system today — a recruitment screening tool, a credit-scoring model — does so in a regulatory environment where market surveillance authorities can already request its documentation. They cannot yet require conformity assessment compliance (that obligation applies from December 2027), but they can investigate prohibited practices in the system's design, verify that the company is not making false compliance claims, and monitor for serious incidents.

The enforcement ramp is not a cliff edge in December 2027. It is a slope that started in February 2025 and gets steeper at each application date.

---

How Confir helps

Building an audit-ready evidence file before the enforcement authorities ask for it is the core use case. Confir's rule-based classification engine — deterministic and reproducible by design — walks your team through Article 6/Annex III scoping, derives your role as provider or deployer, and generates the Article 11/Annex IV technical documentation pack in a format ready to hand to an MSA. The audit log is immutable: every assessment step, the rule that fired, and the user who confirmed it are recorded. When an NCA sends a document request, you are not starting from scratch.

Confir does not automate legal judgment or replace qualified counsel. It gives compliance teams the structured evidence base that makes an MSA inspection manageable rather than panic-inducing.

---

FAQ

Who enforces the EU AI Act in each member state?

Each EU member state designates at least one national competent authority (NCA) and market surveillance authority (MSA) under Article 70. The NCA handles general supervision and coordination; the MSA holds the investigative powers — document requests, on-site inspections, corrective orders, and market withdrawal. The designated body varies by country: Germany uses the Bundesnetzagentur framework (proposed under KI-MIG, not yet enacted as of mid-2026); Spain has the AESIA. A company should identify the competent authority in each member state where it places systems on the market.

When did enforcement powers actually begin?

The Article 99 penalty framework and the market surveillance powers under Articles 74+ became applicable on 2 August 2025 — the same date GPAI obligations began. The Article 5 prohibitions became enforceable from 2 February 2025. The enforcement infrastructure is therefore already operational; what the 2 December 2027 and 2 August 2028 dates add is the applicability of the full high-risk obligation stack, making non-compliance with those obligations sanctionable.

What is the AI Office and what can it do?

The AI Office is a Commission body established to oversee GPAI model compliance across the EU. It monitors providers of general-purpose AI models, oversees codes of practice under Article 56, and can impose fines under Article 101 — up to €15 million or 3% of worldwide annual turnover, whichever is higher — for GPAI-specific violations. For systemic-risk GPAI models, the AI Office reviews model evaluations and can mandate corrective measures. It coordinates with the scientific panel of independent experts, which can issue qualified alerts on systemic risks through Article 90.

What happens when a market surveillance authority investigates my company?

The MSA will typically start by requesting access to your technical documentation: the risk management system records (Article 9), technical documentation file (Article 11/Annex IV), conformity assessment (Article 43), and incident logs (Article 12). Cooperation is mandatory. If non-conformity is found, the authority can issue a corrective order setting a deadline for remedy, suspend market access, or — for serious cases — order market withdrawal. Penalties follow if the corrective order is not complied with or if the initial violation was itself a sanctionable act. Supplying incorrect information to the authority adds a separate exposure under Article 99(5): €7.5 million or 1% of worldwide turnover.

Does the December 2027 deadline mean I have no enforcement risk before then for high-risk AI?

Not quite. Market surveillance authorities can investigate right now — including requesting documentation from operators of Annex III systems — for suspected Article 5 violations, GPAI-obligation breaches, or misleading compliance claims. What they cannot do before December 2027 is sanction you specifically for failing to meet the Article 9–15 and Article 43 high-risk obligations, because those obligations are not yet applicable. But the investigative apparatus is live, and any Article 5 issues discovered during a broader investigation will be pursued regardless of where the high-risk deadline sits.

What are the penalty tiers under Article 99?

Three tiers, each structured as "whichever is higher" of a fixed ceiling or a percentage of total worldwide annual turnover for the preceding financial year: (1) €35 million or 7% for Article 5 prohibition violations (Article 99(3)); (2) €15 million or 3% for most other obligations, including high-risk requirements and provider/deployer duties (Article 99(4)); (3) €7.5 million or 1% for supplying incorrect, incomplete, or misleading information to authorities or notified bodies (Article 99(5)). Under Article 99(6), for SMEs and start-ups these are capped at the lower of the fixed sum or the percentage. GPAI-specific fines are separately governed by Article 101.

---

Related guides

• EU AI Act timeline: full application dates
• Article 99 penalties explained
• Germany's AI enforcement authority
• Article 5 prohibited practices
• EU AI Act fundamentals