Lesson10 minChapter 5 of 8
Market Surveillance
How authorities monitor AI systems in the market.
Learning Objectives
By the end of this chapter, you will be able to:
- Explain the market surveillance framework established by Articles 74-78
- Identify surveillance triggers and proactive monitoring mechanisms
- Understand authority powers during surveillance activities
- Prepare for inspections and respond to surveillance actions
- Navigate cross-border surveillance coordination
Market Surveillance Framework Overview
Market surveillance ensures AI systems remain compliant throughout their lifecycle—from market placement through deployment and ongoing operation. Unlike one-time conformity assessment, surveillance is continuous and reactive to market developments.
Legal Framework
| Article | Title | Key Content |
|---|---|---|
| Article 74 | Market surveillance and control | Authority powers, surveillance activities |
| Article 75 | Mutual assistance | Cross-border cooperation |
| Article 76 | Procedure at national level | National enforcement procedures |
| Article 77 | Powers of authorities protecting fundamental rights | EU-wide protective measures |
| Article 78 | Formal non-compliance | Procedural violations |
Surveillance Objectives
| Objective | Activities | Outcome |
|---|---|---|
| Compliance verification | Testing, documentation review | Confirm ongoing compliance |
| Risk identification | Incident monitoring, complaints | Detect emerging risks |
| Enforcement | Corrective measures, penalties | Address non-compliance |
| Market protection | Withdrawal, recall | Remove non-compliant AI |
| Information gathering | Sector sweeps, studies | Inform policy |
Surveillance Triggers
Proactive Surveillance
| Trigger | Description | Likelihood |
|---|---|---|
| Random sampling | Authorities select AI systems for review | Moderate |
| Sector sweeps | Targeted examination of high-risk sectors | Moderate for priority sectors |
| New guidance implementation | Check compliance with new requirements | High after guidance issued |
| Scheduled reviews | Regular review programmes | Varies by authority |
| Risk-based targeting | Focus on high-risk categories | High for Annex III areas |
Reactive Surveillance
| Trigger | Source | Response Time |
|---|---|---|
| Complaints | Users, affected persons, competitors | Days to weeks |
| Serious incidents | Provider reports, media, authorities | Immediate to days |
| Whistleblowers | Internal or external disclosure | Variable |
| Media reports | Investigative journalism, publicity | Days |
| Other authority referral | Data protection, sector regulators | Weeks |
| Post-market monitoring data | Provider's own monitoring | Depends on severity |
| Cross-border alerts | Other Member State authorities | Days |
High-Priority Surveillance Areas
| Area | Why Priority | Expected Surveillance |
|---|---|---|
| Biometric identification | Fundamental rights impact | High scrutiny |
| Employment AI | Worker protection, discrimination | Active surveillance |
| Credit and insurance | Consumer protection | Sector-specific focus |
| Migration/asylum | Vulnerable groups | Political priority |
| Law enforcement | Civil liberties | Enhanced oversight |
| Healthcare AI | Patient safety | MDR coordination |
| Education AI | Child protection | Emerging focus |
Authority Surveillance Powers (Article 74)
Information and Access Powers
| Power | Scope | Legal Basis |
|---|---|---|
| Document requests | Technical documentation, test reports, logs | Article 74(3)(a) |
| AI system access | Operating systems for testing | Article 74(3)(b) |
| Source code access | Where necessary for assessment | Article 74(3)(b) |
| Data access | Training, validation, test data | Article 74(3)(c) |
| Premises access | Offices, data centres, production | Article 74(3)(e) |
| Personnel interviews | Staff, management, contractors | Article 74(3)(f) |
Investigation Powers
| Power | Application | Constraints |
|---|---|---|
| Unannounced inspections | On-site without prior notice | Proportionality |
| Sample collection | AI systems or components for testing | Testing purposes |
| Expert engagement | Technical specialists for assessment | Complex systems |
| Third-party information | Suppliers, customers, partners | Value chain tracing |
| Digital evidence | System logs, communications | Privacy limits |
Testing and Evaluation
| Test Type | Purpose | Methodology |
|---|---|---|
| Functional testing | System performs as documented | Use case scenarios |
| Accuracy testing | Meets stated performance | Benchmark datasets |
| Robustness testing | Handles edge cases, adversarial inputs | Stress testing |
| Bias testing | Non-discrimination verification | Demographic analysis |
| Safety testing | Risk controls effective | Failure mode analysis |
| Documentation audit | Records complete and accurate | Document review |
Surveillance Process
Stage 1: Initiation
| Activity | Timeline | Your Response |
|---|---|---|
| Surveillance notice | Day 0 | Acknowledge, identify contact point |
| Scope clarification | Days 1-3 | Understand what's being examined |
| Initial document request | Days 3-7 | Begin gathering documentation |
| Inspection scheduling | Days 7-14 (if inspection) | Arrange logistics, personnel |
Stage 2: Investigation
| Activity | Description | Your Role |
|---|---|---|
| Document review | Authority reviews provided materials | Respond to follow-up requests |
| On-site inspection | Physical visit to premises | Facilitate access, provide support |
| System testing | Evaluation of AI system operation | Provide test access, explain operation |
| Personnel interviews | Questions to relevant staff | Make personnel available, prepare them |
| Third-party contact | Authority contacts suppliers/customers | Be aware, coordinate if needed |
Stage 3: Preliminary Findings
| Finding Type | Authority Action | Your Response Options |
|---|---|---|
| No issues | Close investigation | Document for records |
| Minor issues | Request clarification | Provide explanation |
| Concerns identified | Preliminary finding letter | Respond with evidence, remediation |
| Serious issues | Formal notice of non-compliance | Legal review, response, corrective action |
Stage 4: Outcome
| Outcome | Description | Timeline |
|---|---|---|
| Closure | No action, compliance confirmed | Variable |
| Recommendations | Non-binding improvement suggestions | Implement voluntarily |
| Corrective measures | Binding order to address issues | Specified deadline |
| Market withdrawal | Order to remove from market | Immediate to 30 days |
| Product recall | Retrieve from deployers/users | Specified deadline |
| Administrative fine | Financial penalty | Appeal period |
Inspection Preparation
Documentation Readiness
| Document Category | Items | Location |
|---|---|---|
| Technical documentation | Annex IV complete package | Accessible repository |
| Conformity records | CE declaration, assessment reports | Compliance files |
| Testing evidence | Validation reports, benchmark results | Quality records |
| Risk management | Risk assessment, mitigation evidence | Risk files |
| Post-market data | Monitoring reports, incident records | Operations files |
| Training records | Staff training, competency records | HR files |
Personnel Preparation
| Role | Preparation | Responsibilities During Inspection |
|---|---|---|
| Inspection coordinator | Single point of contact | Manage logistics, coordinate responses |
| Technical lead | Understand AI system thoroughly | Answer technical questions |
| Compliance officer | Know regulatory requirements | Explain compliance approach |
| Legal counsel | Understand legal framework | Review responses, protect rights |
| Subject matter experts | Detailed knowledge of components | Provide specialist information |
Facility Preparation
| Area | Preparation |
|---|---|
| Meeting room | Private space for discussions |
| System access | Demo environment, credentials ready |
| Document room | Organised documentation for review |
| Secure areas | Protocols for sensitive areas |
| IT support | Available for system access needs |
Inspection Conduct
| Do | Don't |
|---|---|
| Be helpful and responsive | Volunteer excessive information |
| Answer questions accurately | Speculate or guess |
| Provide requested documents | Provide unrequested documents |
| Take notes of proceedings | Record without permission |
| Seek clarification if unclear | Make assumptions about requests |
| Involve legal if needed | Make legal admissions |
Non-Compliance Responses
Corrective Measures (Article 79)
| Measure | When Applied | Response |
|---|---|---|
| Warning | Minor issues, first instance | Address and document |
| Compliance order | Specific violations identified | Implement corrections |
| Withdrawal order | System not safe for market | Remove from market |
| Recall order | Deployed systems pose risk | Retrieve from deployers |
| Prohibition | Fundamental non-compliance | Cease all market activity |
Response Strategy
| Scenario | Recommended Response |
|---|---|
| Factual dispute | Provide evidence, request reconsideration |
| Technical disagreement | Expert opinion, detailed explanation |
| Accept finding | Remediation plan, timeline, evidence |
| Procedural challenge | Legal review, formal objection if merited |
| Appeal | Within statutory deadline, legal grounds |
Appeal Rights
| Element | Typical Provision |
|---|---|
| Right to appeal | Generally available |
| Appeal deadline | 30-60 days (varies by Member State) |
| Appeal body | Administrative court or tribunal |
| Suspensive effect | Varies—may or may not suspend order |
| Legal representation | Advisable for formal appeals |
Cross-Border Surveillance (Article 75)
Mutual Assistance Mechanisms
| Mechanism | Purpose | Process |
|---|---|---|
| Information requests | Authority A requests info from Authority B | Formal request, response obligation |
| Joint investigations | Coordinated multi-authority investigation | Agreed protocol, shared findings |
| Enforcement requests | Request action in another territory | Where operator based elsewhere |
| Alert notifications | Warn other authorities of risks | Rapid information sharing |
EU-Wide Safeguard Procedure (Article 77)
| Stage | Description | Timeline |
|---|---|---|
| National action | Member State takes protective measure | Immediate |
| Commission notification | Authority informs Commission | Without delay |
| Commission review | Assess whether measure justified | 30 days |
| Union-wide decision | Commission may extend to all Member States | Following review |
Managing Cross-Border Exposure
| Strategy | Implementation |
|---|---|
| Consistent compliance | Same standards across all markets |
| Centralised coordination | Single team handles multi-jurisdiction |
| Lead authority identification | Understand which authority leads |
| Proactive communication | Keep all relevant authorities informed |
| Documentation alignment | Same documentation available everywhere |
Surveillance Response Checklist
Immediate Response (Days 1-3)
- Acknowledge surveillance notice
- Identify internal response team
- Brief legal counsel
- Assess scope and urgency
- Begin gathering requested documentation
Short-Term (Days 3-14)
- Complete document gathering
- Prepare inspection logistics
- Brief personnel involved
- Identify any gaps or concerns
- Prepare explanatory materials
During Surveillance
- Designate single coordinator
- Track all requests and responses
- Document all interactions
- Escalate issues appropriately
- Maintain constructive relationship
Post-Surveillance
- Review findings thoroughly
- Assess response options
- Implement corrective measures
- Document remediation
- Update compliance programme
What You Learned
Key concepts from this chapter
**Market surveillance is ongoing**—initial conformity doesn't guarantee permanent compliance
Surveillance can be triggered by **multiple sources**—complaints, incidents, random sampling, cross-border alerts
Authorities have **extensive powers** including unannounced inspections, source code access, and system testing
**Preparation is essential**—maintain inspection-ready documentation and trained personnel
**Cooperation generally helps**—resistance tends to escalate, cooperation often leads to better outcomes