AI Act Procedures
The 'Procedure' section of the AI Act establishes the overarching procedural framework and mechanisms for implementing and enforcing the regulation. This topic is needed to capture the procedural architecture that underpins all compliance, assessment, and enforcement activities under the AI Act.
AI Act procedures procedural framework procedural mechanisms regulatory procedures compliance procedures enforcement procedures procedural requirements procedural timelines
Overview
Legal Context
The procedural architecture of the AI Act is deliberately modular, allowing each operator to navigate a clear path from initial registration to final enforcement. Articles 30‑nl and 30‑en set the stage for the aanmeldingsprocedure (registration) and notification procedure, establishing the prerequisites for an AI system to enter the regulatory register. Articles 52‑en and 52‑nl describe the overarching procedure—the workflow that governs assessment, monitoring, and enforcement across the EU. Articles 63‑en and 63‑nl introduce derogations for specific operators, giving tailored flexibility for niche or high‑risk categories. Finally, articles 79‑en and 79‑nl outline a national‑level procedure for dealing with AI systems that present a risk, ensuring that national authorities can intervene when necessary. Together, these provisions form a coherent procedural chain that spans the entire lifecycle of an AI system, from inception to compliance review.
Core Requirements
- Registration & Notification – Operators must file a detailed dossier under article 30‑nl, followed by a notification under article 30‑en, which triggers the official entry of the system into the EU AI register.
- Compliance Assessment – Article 52‑en requires periodic assessment reports, while article 52‑nl mandates the submission of corrective actions if non‑compliance is detected.
- Derogations – Article 63‑en and 63‑nl allow operators in certain sectors (e.g., medical AI, autonomous vehicles) to apply simplified or extended procedures, subject to conditions set by the European Commission.
- Risk‑Based National Procedure – Articles 79‑en and 79‑nl provide a framework for national authorities to manage high‑risk AI systems, including risk‑assessment protocols and enforcement mechanisms.
Practical Considerations
- Timing: Operators should align their registration and notification filings with the EU AI register’s quarterly cycle to avoid delays.
- Documentation: Maintain a master file that consolidates all procedural documents, ensuring traceability across the different articles.
- Cross‑border Coordination: For multinational operators, harmonize the Dutch and English procedural steps to avoid duplication of effort.
- Monitoring & Enforcement: Leverage the enforcement provisions in article 52 to schedule audits and remedial actions, ensuring continuous compliance.
Connections
The procedural framework outlined here dovetails with the broader AI Act General Procedural Framework, providing the operational backbone for compliance oversight. It also feeds into the AI Act Compliance Overview by offering a structured audit trail. The procedural provisions support AI Investigative Powers by establishing clear reporting lines, and they reinforce Supervision mechanisms through the risk‑based national procedure, ensuring that national authorities can intervene effectively when high‑risk AI systems are identified.
Laws (1)
Guidance (11)
Guidelines 04/2021 on Codes of Conduct as tools for transfers
Guidelines on codes of conduct and monitoring bodies
The GDPR requires in its Article 46 that controllers/processors shall put in place appropriate safeguards for transfers of personal data to third countries or international organisations. To that end, the GDPR diversifies the appropriate safeguards that may be used by organisations under Article 46 for framing transfers to third countries by introducing amongst others, codes of conduct as a new transfer mechanism (articles 40-3 and 46-2-e). In this respect, as provi...
Version history
Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679
Guidelines on relevant and reasoned objection under Regulation 2016/679
Guidelines 02/2022 on the application of Article 60 GDPR
Guidelines on the application of Article 60 GDPR
With the introduction of the GDPR, the concept of the one-stop shop was established as one of the main innovations. In cross-border processing cases, the supervisory authority in the Member State of the controller's or processor's main establishment is the authority leading the enforcement of the GDPR for the respective cross-border processing activities, in cooperation with all the authorities which may face the effects of the processing activities at stake: be it through the establishments ...
Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement
Guidelines on the use of facial recognition technology in the area of law enforcement
More and more law enforcement authorities (LEAs) apply or intend to apply facial recognition technology (FRT). It may be used to authenticate or to identify a person and can be applied on videos (e.g. CCTV) or photographs. It may be used for various purposes, including to search for persons in police watch lists or to monitor a person's movements in the public space. FRT is built on the processing of biometric data , therefore, it encompasses the processing of special categories ...
Versiegeschiedenis
guidelines doorgifte van persoonsgegevens tussen overheidsinstanties en -organen binnen en buiten de EER
Richtsnoeren 05/2022 voor het gebruik van gezichtsherkenningstechnologie in het kader van rechtshandhaving
guidelines gebruik gezichtsherkenning bij rechtshandhaving
Steeds meer rechtshandhavingsinstanties passen gezichtsherkenningstechnologie toe of zijn voornemens deze toe te passen. De technologie kan worden gebruikt om een persoon te authenticeren of te identificeren en kan voor video's (bijv. CCTV) of foto's worden ingezet, maar ook voor andere doeleinden, waaronder het opzoeken van personen op signaleringslijsten van de politie of het volgen van de bewegingen van een persoon in de openbare ruimte. Gezichtsherkenningstechnologie is gebaseer...
Richtsnoeren 03/2021 voor de toepassing van artikel 65, lid 1, punt a), AVG
guidelines voor de toepassing van artikel 60 AVG
Richtsnoeren 9/2020 inzake relevant en gemotiveerd bezwaar overeenkomstig Verordening 2016/679
Guidelines 03/2021 on the application of Article 65(1)(a) GDPR
Guidelines on the application of Article 60 GDPR
Richtsnoeren 02/2022 voor de toepassing van artikel 60 AVG
guidelines voor de toepassing van artikel 60 AVG
Een van de belangrijkste innovaties bij de invoering van de AVG was de introductie van het concept 'één-loketmechanisme'. In gevallen van grensoverschrijdende verwerking is de toezichthoudende autoriteit in de lidstaat van de hoofdvestiging van de verwerkingsverantwoordelijke of verwerker de autoriteit die leidinggeeft aan de handhaving van de AVG met betrekking tot de grensoverschrijdende verwerkingsactiviteiten in kwestie. Daarbij wordt samengewerkt met alle autoriteiten die de gevolge...