Chapter IX, Section 2 — Market surveillanceArticle 74

Article 74: Market Surveillance and Control of AI Systems in the Union Market

Applies from 2 Aug 20264 min readEUR-Lex verified Apr 2026

Article 74 establishes the market surveillance framework for AI systems in the Union. It designates Regulation (EU) 2019/1020 (the EU market surveillance regulation) as the baseline procedural framework and requires each Member State to designate market surveillance authorities for the AI Act. The article addresses authority powers (access to documentation, source code, data, system testing), coordination between national authorities, the role of the AI Office for GPAI enforcement, and the interface with data protection authorities where fundamental rights are at stake. It is the enforcement counterpart to Article 73 serious incident reporting.

Start free assessment All articles

Who does this apply to?

-National market surveillance authorities enforcing the AI Act
-Providers, importers, and distributors subject to authority inspections
-Deployers (particularly public-sector deployers subject to fundamental rights oversight)
-Data protection authorities where AI systems process personal data

Scenarios

A market surveillance authority receives a serious incident report under Article 73 and opens an investigation. It requests access to the provider's technical documentation and system logs.

Article 74 grants the authority power to access documentation, test the system, and require corrective actions. The provider must cooperate.

Ref. Art. 74 + Art. 73

A data protection authority identifies potential fundamental rights violations from a high-risk AI system used by a public body.

Article 74 coordinates AI Act enforcement with data protection supervision — the DPA may alert the market surveillance authority or act jointly.

Ref. Art. 74

Market surveillance structure (plain terms)

Article 74 builds on Regulation (EU) 2019/1020 (NLF market surveillance) and adapts it for AI:

Each Member State designates one or more market surveillance authorities for the AI Act
Authorities have access powers: technical documentation, source code (under safeguards), training/validation/testing data, system testing in real-world or simulated conditions
For GPAI models: the AI Office acts as the enforcement authority (not national MSAs)
Where fundamental rights are concerned, authorities must coordinate with data protection authorities and other relevant bodies
Authorities may require corrective actions including withdrawal or recall of non-compliant systems

How Article 74 connects to the rest of the Act

Article 73 — Serious incident reports that trigger Article 74 investigations.
Article 75–79 — Specific procedures for non-compliant systems, formal non-compliance, safeguard clause, and Union safeguard procedure.
Article 99 — Penalties that market surveillance authorities initiate.
Article 16 — Provider obligations that authorities verify.
Article 22 — Authorised representative as the authority's contact point.
Article 101 — GPAI fines (AI Office, not national MSAs).

Compliance checklist

Identify the market surveillance authority for each Member State where your system is available.
Prepare documentation packages that can be produced upon authority request.
Implement internal procedures for cooperating with authority investigations.
If source code access is requested: understand the safeguards and limits on EUR-Lex.
Coordinate with your authorised representative (Article 22) on authority interactions.
For GPAI: note that the AI Office — not national MSAs — handles enforcement.

Read the official text on EUR-Lex

Prepare for market surveillance—free assessment.

Start Free Assessment

Article 16: Obligations of Providers of High-Risk AI Systems

Article 22: Authorised Representatives of Providers of High-Risk AI Systems

Article 73: Reporting of Serious Incidents

Article 75: Mutual Assistance, Market Surveillance and Control of General-Purpose AI Systems

Article 79: Procedure at National Level for AI Systems Presenting a Risk

Article 99: Penalties for AI Act Infringements

Article 101: Fines for Providers of General-Purpose AI Models

Article 113: Entry into Force and Application Dates

Frequently asked questions

Can authorities access source code?

Article 74 provides for access to source code under specific safeguards. The exact conditions and limits are on EUR-Lex — this is not unlimited access.

Who enforces GPAI rules — national authorities or the AI Office?

The AI Office enforces GPAI model obligations under Chapter V. National market surveillance authorities handle high-risk AI system compliance.

What corrective actions can authorities require?

Withdrawal from the market, recall, disabling the system, requiring modifications — the full corrective powers flow through Articles 75–79.

On this page

Key terms

Market surveillance authority: A national authority designated under Article 74 to monitor and enforce AI Act compliance for AI systems on the Union market.
Regulation (EU) 2019/1020: The EU market surveillance and compliance of products regulation that provides the baseline procedural framework adapted by Article 74 for AI systems.
Source code access: The power of market surveillance authorities to request access to AI system source code where necessary to assess compliance, subject to confidentiality safeguards.

At a glance

Article: 74
Status: Upcoming
Timeline: 2 Aug 2026
Updated: 11 Apr 2026

Recommended next step

Run the short assessment to map risk class and obligations to your specific AI use case in minutes.

Start assessment now