Delegation of Powers
The content specifically addresses 'Exercise of the delegation' which is a distinct procedural topic covering how delegated powers are exercised, implemented, and managed within the AI Act framework. This topic is not adequately covered by existing topics and deserves its own dedicated classification.
delegation of powers exercise of delegation delegated authority delegation procedures delegated acts implementing acts delegated powers power delegation
Overview
Legal Framework
The exercise of delegation is governed by Article 92 GDPR and Article 38 NIS2 Directive. These articles empower the European Commission to adopt delegated acts to supplement or amend non-essential elements of the respective legislation. The procedural framework for this delegation, including its exercise, is strictly defined by the parent regulations (GDPR and NIS2) and the general principles laid down in Articles 290 and 291 of the Treaty on the Functioning of the European Union (TFEU). The law requires that any delegation must be explicitly granted by the legislative act, specifying its objectives, content, scope, and duration. Delegated acts cannot modify the essential elements of the regulation or directive.
Practical Application
The interpretation, as synthesized from authoritative commentary, emphasizes that the exercise of delegated power is not discretionary; it is a bounded technical implementation. The Commission must act within the precise scope defined by the empowering article. For instance, under GDPR Article 92, delegated acts are limited to specifying further criteria and requirements for certification mechanisms, data protection seals, and codes of conduct. In practice, the Commission exercises this power by drafting a delegated act, which is then subject to scrutiny by the European Parliament and the Council, who have the right to object. The process ensures that the Commission's implementing measures align with the legislative intent.
Key Considerations
- Monitor Delegated Acts: Organizations must monitor the Official Journal of the EU for adopted delegated acts under GDPR and NIS2, as these directly create binding technical compliance obligations.
- Understand the Limits: Compliance measures should be based on the final, published delegated act, not on the broader base articles. The delegated act contains the specific, actionable rules.
- Scrutiny Period Awareness: Note that delegated acts enter into force only if no objection is raised by the co-legislators within the set scrutiny period (typically two months, extendable by two). Tracking this timeline helps anticipate the effective date of new requirements.
Laws (35)
View all 35Recital 101
Article 104
Amendment to Regulation (EU) No 168/2013
Article 106
Amendment to Directive (EU) 2016/797
Article 107
Amendment to Regulation (EU) 2018/858
Article 109
Amendment to Regulation (EU) 2019/2144
Article 107
Wijziging van Verordening (EU) 2018/858
Article 106
Wijziging van Richtlijn (EU) 2016/797
Article 104
Wijziging van Verordening (EU) nr. 168/2013
Article 103
Wijziging van Verordening (EU) nr. 167/2013
Recital 173
Recital 49
Recital 52
Recital 101
Recital 117
Recital 121
Recital 173
Article 103
Amendment to Regulation (EU) No 167/2013
Recital 138
Recital 138
Case Law (3)
FSV. Inzage.
Rechtbank
Inzageverzoek FSV. Beroep gegrond. Verweerder heeft in het verweerschrift in beroep de besluitvorming nader gemotiveerd. Daaruit blijkt al dat de beslissing op bezwaar niet correct was.
VB v Natsionalna agentsia za prihodite
C-340/21 (VB v Natsionalna agentsia)
Data breach alone does not establish inadequate security measures. Burden on controller to prove adequacy.
UI v Österreichische Post AG
C-300/21 (Österreichische Post)
Right to compensation under GDPR Article 82 requires proof of actual damage.
Guidance (3)
News (2)
Kort:
EU News
'This briefing analyses the establishment of the European Anti-Money Laundering Authority (AMLA) as a cornerstone of the EU’s 2024 Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) legislative reform. As AMLA formally began its operations in the summer of 2025, a key question ...
In short:
News from the European Union.
"This briefing analyzes the establishment of the European Authority for the Prevention of Money Laundering and the Financing of Terrorism (AMLA) as a key component of the reform of EU legislation on anti-money laundering and counter-terrorism financing (AML/CFT) in 2024. Now that AMLA has officially commenced its operations in the summer of 2025, a crucial question arises..."