Market Surveillance Authority (EU AI Act): Role, Powers, and National Models

Every AI system placed on the EU market can, in principle, be investigated, pulled from sale, or ordered corrected by a national public body. That body is the market surveillance authority — the primary enforcement arm of the EU AI Act at Member State level. Understanding who it is, what it can do, and how it differs from other oversight bodies is essential for any provider or deployer with EU exposure.

The EU AI Act definition

Article 3, point 26 of Regulation (EU) 2024/1689 defines "market surveillance authority" by direct cross-reference: it is the national authority responsible for carrying out the activities and taking the measures pursuant to Regulation (EU) 2019/1020 — the Market Surveillance Regulation — which governs how Member States supervise products on the EU internal market.

That cross-reference matters. Regulation (EU) 2019/1020 is a standalone EU law on market surveillance and product compliance — it is not an article or annex of the EU AI Act. When the AI Act incorporates it by reference, it imports the full procedural framework: investigation powers, corrective measures, market-restriction orders, and the RAPEX rapid-alert system. The EU AI Act then layers on top of that foundation its own enforcement chapter (Title VIII, Articles 74–101), including specific investigation procedures and fine-setting rules.

The practical upshot: Member States did not need to invent market surveillance from scratch. The authorities that already inspect pressure vessels, medical devices, and toy safety now apply the same investigative toolkit to AI systems — with AI Act-specific powers added on.

What a market surveillance authority does

Designation under Article 70

Member States were required to designate one or more market surveillance authorities — and at least one notifying authority — and notify the Commission by 2 August 2025. That deadline has passed; designations are a completed step, not a future obligation. Member States also designate a single point of contact to coordinate between multiple MSAs where they have chosen a distributed model.

Where a Member State designates multiple authorities, national law must clearly delineate which one handles which categories of AI system. Ambiguity in that delineation is an enforcement risk for providers: if it is unclear which MSA has jurisdiction over your system, you may face parallel investigations or gaps in the complaint mechanism.

Investigation and documentation powers

An MSA can require a provider or deployer to produce:

• the technical documentation required under Article 11 (compiled according to Annex IV);
• the logs generated and retained under Article 12 (record-keeping) and Article 26 (deployer logs, retained for at least six months);
• the EU declaration of conformity under Article 47;
• the results of any conformity assessment carried out under Article 43.

Beyond documents, an MSA may order testing, access source code, interview staff, and inspect premises. The investigation framework is backed by Regulation (EU) 2019/1020, which grants these powers teeth: non-cooperation can itself constitute a breach.

Corrective action and withdrawal under Article 79

When an MSA has reasonable grounds to consider that an AI system presents a risk — including a risk that does not yet constitute a serious incident — Article 79 activates the corrective procedure. The authority may:

1. Require the provider (or the authorised representative under Article 22) to take corrective action within a set period: modifying the system, withdrawing it from the market, or recalling it from end users.
2. Impose interim restrictions on making the system available if the risk is serious and immediate.
3. Coordinate with MSAs in other Member States through the RAPEX system where the system is on the market across borders.

A withdrawal differs from a recall: withdrawal removes the system from further distribution; a recall brings back systems already deployed with users. The MSA chooses based on the severity and reach of the risk. Either step can be ordered before any fine is imposed — they are protective measures, not punitive ones.

Administrative fines under Article 99

Fines under the EU AI Act are not imposed automatically by the Commission (except for GPAI providers — see below). For AI systems used by companies and public bodies, it is the national MSA that initiates and issues the fine, following the Article 79 procedure. Three tiers apply, each expressed as "whichever is higher" of a fixed ceiling or a percentage of total worldwide annual turnover:

One protection worth knowing: Article 99(6) caps fines for SMEs and start-ups at the lower of the percentage or the fixed amount. A small provider facing a 3% turnover fine that would arithmetically exceed €15 million in theory is still capped at the fixed ceiling, and vice versa, whichever is lower applies. For most early-stage companies this means the fixed ceiling governs — a material difference from the GDPR structure.

Penalties applied from 2 August 2025, the date on which the penalty provisions entered into operation alongside the GPAI and governance chapters of the Act.

Single vs distributed national models

Member States have taken different structural approaches, and the choice has practical consequences for which desk you deal with.

Centralised model — single dedicated MSA

Spain established the Agencia Española de Supervisión de la Inteligencia Artificial (AESIA), a purpose-built AI supervisory body with cross-sectoral competence. A Spanish company deploying a high-risk HR screening tool faces a single regulator. AESIA also has a remit covering limited-risk transparency obligations under Article 50. The Spain enforcement guide covers AESIA's structure in more detail.

Germany's designated primary MSA is the Bundesnetzagentur (Federal Network Agency), which already supervises digital markets and telecommunications. Germany's approach — confirmed in the draft KI-Marktüberwachungsgesetz (KI-MÜG, cabinet approval February 2026, not yet enacted as of mid-2026) — distributes some sectoral competence to existing regulators (BaFin for financial AI, BfArM for medical device AI) while giving the Bundesnetzagentur the coordinating MSA role. The Germany enforcement guide tracks this as national implementing law progresses.

Distributed sectoral model

Some Member States are mapping AI Act competence onto existing sectoral regulators: financial AI to the financial regulator, health AI to the medicines agency, employment AI to a labour inspectorate. This matches domain expertise to use case, but it creates complexity for cross-sectoral AI systems (a recruitment tool used by a bank may fall under both the financial and employment sectoral authority).

For a provider or deployer with market presence across several Member States, the practical implication is that the "MSA" is not one organisation but potentially several, with the lead MSA being the one in the Member State where you have your establishment (or, for third-country providers, where your authorised representative is based under Article 22).

MSA vs notifying authority vs the EU AI Office

These three bodies are distinct. Conflating them is a common error when mapping the governance architecture of the EU AI Act.

Market surveillance authority — the national enforcement body. It investigates AI systems on the market, verifies conformity with the Act, orders corrections or withdrawals under Article 79, and imposes Article 99 fines on providers and deployers.

Notifying authority — a separate national body whose sole function is to assess, designate, and oversee notified bodies (the third-party conformity-assessment organisations that conduct the Annex VII audits required for certain high-risk AI systems, mainly in biometrics). The notifying authority does not investigate individual AI systems; it supervises the bodies that do the audits. Article 70 requires Member States to designate the notifying authority and ensure it is functionally separate from the MSA so that no single body both authorises auditors and enforces the law. In practice some Member States house both functions within the same ministry, with operational separation required by law.

EU AI Office — established within the European Commission (Brussels), the AI Office has no direct jurisdiction over national AI system markets. Its competence is:

• Supervision of GPAI model providers under Chapter V (Articles 51–56), including codes of practice, model evaluation, and systemic-risk designation. These are the companies training large foundation models — OpenAI, Mistral, Google, Meta.
• Cross-border coordination between national MSAs.
• Maintaining the EU database for high-risk AI systems (Article 71) into which providers register under Article 49.

A company deploying a third-party GPAI model (say, in a customer-service tool) is regulated as a deployer by its national MSA. The GPAI model itself is supervised by the EU AI Office. The two enforcement lines run in parallel; the AI Office's jurisdiction over the model provider does not insulate the deployer from MSA scrutiny of how the system is used.

Frequently Asked Questions

Which market surveillance authority is responsible for my AI system?

Generally, the MSA of the Member State where you, as provider, have your principal establishment in the EU — or, if you are established outside the EU, where your Article 22 authorised representative is based. If your system is available in multiple Member States, the MSA where you are established takes the lead, and MSAs in other Member States can act if a risk arises in their territory. In a distributed-competence model (like Germany's draft structure), the sectoral regulator with jurisdiction over the field your system operates in may share competence with the cross-sectoral MSA.

When did MSAs get their enforcement powers?

The penalty provisions of Article 99 and the governance and enforcement framework (Title VIII) applied from 2 August 2025. That is the date from which MSAs could initiate investigations and impose fines under the Act. The prohibited-practice prohibitions under Article 5 applied earlier, from 2 February 2025, and could be enforced from that date. High-risk obligations under the main compliance stack (Articles 9–17, 43, 47–49) do not apply until 2 December 2027 for stand-alone Annex III systems — meaning MSAs cannot fine a company for failing to have compliant technical documentation until that date.

Can an MSA fine a company before it launches an AI system?

Not for pre-launch compliance failures — the fines under Article 99(4) concern non-compliance with obligations that apply once a system is on the market or put into service. However, an MSA can investigate as soon as it has reasonable grounds to believe a risk exists, and it can seek corrective action and interim restrictions before any harm occurs. The investigation power precedes the fine.

What is the difference between a withdrawal and a recall under Article 79?

A withdrawal prohibits further making available of the AI system — it applies to stock in distribution channels and future sales. A recall requires the operator to retrieve systems already placed with end users. An MSA orders a withdrawal when the risk can be contained by stopping future distribution; a recall is ordered when systems already deployed need to be removed because the risk persists in the field. Both measures can be ordered simultaneously with or instead of a fine.

Do GPAI model providers deal with their national MSA or the EU AI Office?

GPAI model providers — companies that train and make available general-purpose AI models (foundation models above relevant thresholds, and systemic-risk models) — are supervised by the EU AI Office, not national MSAs, for their GPAI obligations under Articles 51–56. National MSAs retain competence over the systems built on top of those models, classified by their use. So if a German company builds a recruitment tool on a third-party GPAI model, the German MSA looks at the recruitment tool; the EU AI Office looks at the GPAI model provider's compliance with Chapter V.

What documentation should a provider prepare to engage with an MSA investigation?

An MSA investigation typically begins with a request for the technical documentation (Article 11 / Annex IV pack), the EU declaration of conformity (Article 47 / Annex V), and evidence of the conformity assessment (Article 43). For high-risk systems, the risk management system records under Article 9 and the post-market monitoring data under Article 72 will be requested. Providers should also expect requests for the instructions for use delivered to deployers under Article 13 and any serious-incident reports filed under Article 73. Confir generates the Article 11 / Annex IV technical documentation pack and the Article 47 / Annex V declaration as part of its rule-based compliance workflow — documentation that is structured to respond to exactly this kind of regulatory inquiry.

Related terms

• EU AI Act enforcement timeline — when each enforcement chapter became active and the key dates ahead
• Notifying authority — the separate body that designates and oversees notified bodies for conformity assessment
• EU AI Act penalties (Article 99) — the three fine tiers, the SME cap, and how MSAs apply them
• EU AI Act penalties overview — practical guide to fine exposure and how the percentage vs fixed-ceiling calculation works
• Germany — EU AI Act enforcement — Bundesnetzagentur designation, the draft KI-MÜG, and sectoral distribution
• Spain — EU AI Act enforcement — AESIA's role, cross-sectoral competence, and what providers operating in Spain need to know