Market Surveillance
Jurisdiction
Enforcement of the AI Act takes place at two levels:
EU Level
- AI Office (within the European Commission) — responsible for GPAI models and systemic risks
- AI Board — coordination body of the Member States
National Level
- Market surveillance authorities — responsible for high-risk AI and other obligations
- Notifying authorities — supervision of notified bodies
Each Member State was required to designate its competent authorities by 2 August 2025.
Germany
In Germany, the Bundesnetzagentur (BNetzA) is the central market surveillance authority and single point of contact for the AI Act. The national authority architecture is set out in the KI-MIG (passed by the Bundestag on 11.06.2026, consent of the Bundesrat pending); sector-specific authorities (e.g. BaFin) retain their competencies.
For details see National Implementation – Germany (KI-MIG).
Powers of the Authorities
Market surveillance authorities have the following powers (from 2 August 2026; for high-risk systems as the respective obligations become applicable — Annex III from 02.12.2027):
- Access to AI systems and their documentation
- Access to source code (under certain conditions)
- Access to training data and test data
- Ordering corrective measures
- Market withdrawal and recall
- Imposition of fines