AI Act General Procedural Framework
The source document is specifically titled 'Procedure' from the AI Act, suggesting a comprehensive procedural section that warrants a dedicated topic covering the general procedural framework, mechanisms, and requirements applicable across the regulation.
AI Act procedures procedural framework AI general procedures procedural requirements procedural mechanisms procedural steps procedural timelines procedural safeguards
Overview
Legal Framework
The general procedural framework for the AI Act is established primarily in Articles 63 through 71 of the Regulation. These articles create a cohesive procedural architecture for market surveillance, conformity assessment, and enforcement. The framework mandates that Member States designate national competent authorities and market surveillance authorities, outlining their powers and obligations. Key procedures include those for investigating AI systems presenting a risk, handling non-compliant systems, and facilitating cross-border cooperation through an information-sharing system (AI regulatory sandboxes and real-world testing are governed by separate procedural rules in Articles 53 and 57, respectively). Recital 60, while focused on a specific domain, underscores the procedural imperative for authorities to ensure the accuracy, non-discrimination, and transparency of AI systems, given their profound impact on fundamental rights.
Practical Application
The procedural framework is designed for a coordinated EU-wide enforcement model. In practice, this means national market surveillance authorities act as the primary front-line investigators, utilizing their powers under Article 65 to require information, conduct inspections, and test systems. A critical procedural mechanism is the mandatory consultation and cooperation process outlined in Article 66. Before adopting measures against a non-compliant AI system, an authority must consult with the provider and the relevant notified body, if applicable, and notify other Member States through the dedicated information system. This prevents fragmented enforcement and ensures a consistent regulatory approach across the single market.
Key Considerations
- Map Your Supervisory Landscape: Providers must identify the relevant market surveillance authority in each Member State where their high-risk AI system is placed on the market or put into service, as procedural actions will originate from these national bodies.
- Prepare for Investigative Powers: Organizations must have internal procedures to promptly respond to formal information requests and potential on-site inspections from authorities, including providing access to data and documentation as required under Article 65.
- Engage in Mandatory Consultation: If notified of potential non-compliance, actively engage in the Article 66 consultation procedure with the authority and your notified body; this is a formal opportunity to provide corrective input before enforcement measures are finalized.
Laws (1)
Guidance (12)
Richtsnoeren 05/2022 voor het gebruik van gezichtsherkenningstechnologie in het kader van rechtshandhaving
guidelines gebruik gezichtsherkenning bij rechtshandhaving
Steeds meer rechtshandhavingsinstanties passen gezichtsherkenningstechnologie toe of zijn voornemens deze toe te passen. De technologie kan worden gebruikt om een persoon te authenticeren of te identificeren en kan voor video's (bijv. CCTV) of foto's worden ingezet, maar ook voor andere doeleinden, waaronder het opzoeken van personen op signaleringslijsten van de politie of het volgen van de bewegingen van een persoon in de openbare ruimte. Gezichtsherkenningstechnologie is gebaseer...
Richtsnoeren 03/2021 voor de toepassing van artikel 65, lid 1, punt a), AVG
guidelines voor de toepassing van artikel 60 AVG
Richtsnoeren 9/2020 inzake relevant en gemotiveerd bezwaar overeenkomstig Verordening 2016/679
Guidelines 04/2021 on Codes of Conduct as tools for transfers
Guidelines on codes of conduct and monitoring bodies
The GDPR requires in its Article 46 that controllers/processors shall put in place appropriate safeguards for transfers of personal data to third countries or international organisations. To that end, the GDPR diversifies the appropriate safeguards that may be used by organisations under Article 46 for framing transfers to third countries by introducing amongst others, codes of conduct as a new transfer mechanism (articles 40-3 and 46-2-e). In this respect, as provi...
Guidelines 03/2021 on the application of Article 65(1)(a) GDPR
Guidelines on the application of Article 60 GDPR
Version history
Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
Guidelines 01/2022 on data subject rights - Right of access
Guidelines on data subject rights - Right of access
The right of access of data subjects is enshrined in Art. 8 of the EU Charter of Fundamental Rights. It has been a part of the European data protection legal framework since its beginning and is now further developed by more specified and precise rules in Art. 15 GDPR.
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679
Guidelines on relevant and reasoned objection under Regulation 2016/679
Guidelines 02/2022 on the application of Article 60 GDPR
Guidelines on the application of Article 60 GDPR
With the introduction of the GDPR, the concept of the one-stop shop was established as one of the main innovations. In cross-border processing cases, the supervisory authority in the Member State of the controller's or processor's main establishment is the authority leading the enforcement of the GDPR for the respective cross-border processing activities, in cooperation with all the authorities which may face the effects of the processing activities at stake: be it through the establishments ...
Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement
Guidelines on the use of facial recognition technology in the area of law enforcement
More and more law enforcement authorities (LEAs) apply or intend to apply facial recognition technology (FRT). It may be used to authenticate or to identify a person and can be applied on videos (e.g. CCTV) or photographs. It may be used for various purposes, including to search for persons in police watch lists or to monitor a person's movements in the public space. FRT is built on the processing of biometric data , therefore, it encompasses the processing of special categories ...
Versiegeschiedenis
guidelines doorgifte van persoonsgegevens tussen overheidsinstanties en -organen binnen en buiten de EER
Richtsnoeren 02/2022 voor de toepassing van artikel 60 AVG
guidelines voor de toepassing van artikel 60 AVG
Een van de belangrijkste innovaties bij de invoering van de AVG was de introductie van het concept 'één-loketmechanisme'. In gevallen van grensoverschrijdende verwerking is de toezichthoudende autoriteit in de lidstaat van de hoofdvestiging van de verwerkingsverantwoordelijke of verwerker de autoriteit die leidinggeeft aan de handhaving van de AVG met betrekking tot de grensoverschrijdende verwerkingsactiviteiten in kwestie. Daarbij wordt samengewerkt met alle autoriteiten die de gevolge...