EU AI Act Registration, Regulator Interaction, and Enforcement

Article 71 establishes a publicly accessible EU database for registering high-risk AI systems listed in Annex III, managed by the European Commission. The database must be user-friendly, easily navigable, and machine-readable. It serves three distinct purposes: providing public transparency about which high-risk AI systems are operating in the EU market, enabling market surveillance authorities to identify and monitor systems within their jurisdiction, and creating a public record that affected persons can consult to understand whether AI systems are involved in decisions affecting them.

The Conformity Assessment Coordinator completes registration before the system is placed on the market or put into service. The information required is specified in Annex VIII and divided into three sections corresponding to different registration scenarios.

Section A covers provider registration under Article 49(1) for high-risk systems under Annex III, excluding critical infrastructure systems under Annex III point 2. Providers must submit: the provider's name, address, and contact details; the details of any person submitting on the provider's behalf; the authorised representative's details where applicable; the AI system's trade name and any additional unambiguous reference allowing identification and traceability; a description of the intended purpose; the system's status (on the market, in service, no longer on the market or in service, or recalled); the type, number, and expiry date of any certificate issued by a notified body along with that body's identification; the member states in which the system has been deployed; the URL of any comparable national or EU database entry; the URL for additional information on system operation or instructions for use; a concise description of the means by which training, validation, and testing data was collected; and electronic instructions for use.

Each item demands careful preparation. The "description of the intended purpose" must be precise and consistent with the aisdp Module 1 wording. The "concise description of data collection means" must be factually accurate without disclosing commercially sensitive details. The Technical SME prepares the electronic instructions for use in a format suitable for digital publication.

Section B covers provider registration under Article 49(2) for non-high-risk determinations. Providers who have concluded under Article 6(3) that their Annex III system is not high-risk must still register. They submit identification details, the system's trade name, the intended purpose description, the conditions under Article 6(3) justifying the non-high-risk determination, a short summary of the grounds for this conclusion, and the system's status. This registration is particularly important because it creates a public record of the provider's self-assessment. If a market surveillance authority later disagrees with the classification, the registered justification becomes central evidence. The Article 6(3) justification must therefore be thorough and defensible.

Section C covers deployer registration under Article 49(3). Public authority deployers must register themselves and the system's use, providing the deployer's contact details, the submitter's details, the URL of the system's existing entry in the EU database linking to the provider's registration, a summary of the Fundamental Rights Impact Assessment findings under Article 27, and a summary of any Data Protection Impact Assessment under GDPR Article 35. The deployer registration creates a chain from the provider's system entry to each public authority's specific use of that system, enabling oversight of how high-risk systems are deployed across the public sector.

High-risk AI systems under Annex III points 1, 6, and 7, covering biometric identification for law enforcement, migration, asylum, and border control, are registered in a secure, non-public section of the EU database. Only the Commission and national authorities designated under Article 74(8) can access this section. The information submitted is a subset of the full Section A requirements. Critical infrastructure systems under Annex III point 2 are registered at national level, outside the EU database entirely, reflecting their sensitivity and the national security considerations involved.

Article 60 permits providers and prospective providers of high-risk AI systems listed in Annex III to test those systems in real-world conditions before placing them on the market, provided specific safeguards are met. This provision applies to organisations conducting pilot deployments, A/B testing with real users, staged rollouts, or any form of pre-market evaluation exposing the system to real-world inputs and real affected persons outside a controlled environment.

The threshold triggering Article 60 is exposure to real-world conditions with real subjects. Internal testing on historical data, synthetic data, or within a controlled test environment with consenting employees acting as test subjects does not trigger the obligation. The obligation arises when the system processes real inputs from, or produces outputs that affect, persons participating in the test under real or near-real operational conditions. Organisations should assess each pilot deployment against this threshold and document the determination.

The EU database registration is publicly accessible, meaning errors are visible to market surveillance authorities, deployers, affected persons, competitors, and the media. Quality assurance before submission is not optional.

A structured internal review should precede every submission. The Conformity Assessment Coordinator prepares the registration data by extracting required fields from the AISDP and formatting them according to the database's submission requirements. The Technical SME reviews the technical content, including the system description, data collection description, and intended purpose, for accuracy and consistency with the AISDP. Legal counsel reviews legal content, including provider identification, authorised representative details, and any non-high-risk justification, for accuracy and completeness. The AI Governance Lead provides final approval before submission.

Registration information must be consistent with the AISDP, the Declaration of Conformity, and the Instructions for Use. The "description of the intended purpose" in the registration must match the intended purpose described in AISDP Module 1. The "concise description of data collection means" must be factually consistent with the data governance documentation in AISDP Module 4. Any inconsistency creates a compliance vulnerability: a competent authority comparing the registration against the AISDP may treat discrepancies as evidence of inadequate quality management.

The Conformity Assessment Coordinator should maintain a mapping table tracing each registration field to its source in the AISDP, enabling rapid consistency verification whenever either document is updated. After submission, the organisation should verify the published entry within one week. Display formatting, character encoding, and field truncation can introduce discrepancies that must be corrected immediately.

The European AI Office, established within the European Commission, serves as the central coordination point for AI Act implementation across the EU. It coordinates the consistent application of the AI Act across member states, develops guidelines, templates, and codes of practice, oversees GPAI model compliance and enforcement, manages the scientific panel of independent experts, administers the EU database, and monitors implementation progress. For providers of high-risk systems, the AI Office's most immediately relevant outputs are the implementing acts, delegated acts, and guidance documents that clarify ambiguous requirements.

The AI Office also has direct enforcement powers over GPAI model providers under Article 88. Providers of GPAI models with systemic risk interact directly with the AI Office, bypassing national competent authorities. For organisations whose high-risk systems incorporate GPAI models, for example by fine-tuning a foundation model, this creates a dual regulatory relationship: the national competent authority oversees the high-risk system, and the AI Office oversees the underlying GPAI model.

Organisations should monitor the AI Office's publications systematically. Guidelines, codes of practice, and implementing guidance refine the AI Act's requirements. These documents are non-binding in themselves, though they carry significant interpretive weight. A market surveillance authority assessing compliance will reference the AI Office's guidance. Departing from published guidance without documented justification is a compliance risk. Organisations can also participate in the AI Office's consultation processes, contributing expertise and anticipating forthcoming requirements.

Market surveillance authorities have broad investigative powers under Article 74, including the power to request documentation, conduct on-site inspections, and require access to the system's logging infrastructure. Organisations should maintain an "inspection-ready" posture at all times. This means the AISDP and evidence pack are current and not waiting for the next scheduled review. Evidence is organised and accessible so that an inspector does not need to wait for someone to locate it. Monitoring dashboards are operational and displaying current data. The human oversight interface can be demonstrated on request. Key personnel, including the AI Governance Lead, Technical SME, and Legal and Regulatory Advisor, are aware of their roles during an inspection and can be made available at short notice.

The Conformity Assessment Coordinator creates and maintains a pre-configured "regulatory-inspector" IAM role. This role provides read-only access to the evidence repository containing all AISDP modules, assessment records, and non-conformity registers. It also grants access to monitoring dashboards showing current and historical compliance metrics, the logging infrastructure enabling log queries for specific time ranges and inference IDs, the model registry with model metadata and provenance records, and AISDP documentation in current and historical versions. Access to proprietary source code, commercial contracts, employee personal data, and other non-compliance-relevant information should be excluded. The Legal and Regulatory Advisor tests the role monthly by activating it and confirming all expected access works.

Article 99 establishes a graduated penalty framework with three tiers calibrated to the severity of the violation, creating meaningful deterrence backed by the investigative powers national competent authorities hold under Article 74.

Tier 1 covers prohibited AI practices under Article 5, carrying fines up to EUR 35 million or 7 per cent of global annual turnover. This is the highest penalty tier in the EU regulatory landscape, exceeding GDPR's maximum of EUR 20 million or 4 per cent. It covers subliminal manipulation, exploitation of vulnerable persons, social scoring, and unauthorised real-time biometric identification.

Tier 2 covers high-risk system obligation breaches under Articles 8 to 15, 17, 25 to 27, and 43 to 49, carrying fines up to EUR 15 million or 3 per cent of global annual turnover. This tier is most directly relevant to AISDP preparation, covering failure to maintain adequate technical documentation, failure to conduct conformity assessment, failure to register in the EU database, failure to implement human oversight, failure to establish post-market monitoring, and failure to report serious incidents within required timelines.

Tier 3 covers incorrect, incomplete, or misleading information provided to notified bodies or competent authorities, carrying fines up to EUR 7.5 million or 1 per cent of global annual turnover. This includes inaccurate EU database registration data, misleading statements in the Declaration of Conformity, or incomplete responses to competent authority information requests.

In each tier, the higher of the two amounts (absolute figure or turnover percentage) applies, except for SMEs and start-ups, where Article 99(6) provides that the lower amount applies.

Article 57 requires each member state to establish at least one AI regulatory sandbox by August 2026, providing a controlled environment in which providers can develop, train, validate, and test AI systems under regulatory supervision before placing them on the market. Participation is voluntary but offers significant advantages for organisations developing novel or high-risk systems.

Sandbox participation provides direct regulatory feedback on the system's compliance approach before the conformity assessment, which reduces the risk of a failed assessment or post-market enforcement action. It creates a documented track record of regulatory cooperation, strengthening the organisation's credibility with market surveillance authorities. Sandbox participants benefit from a degree of regulatory flexibility: Article 57(8) permits the competent authority to agree on conditions that facilitate innovation. For systems in novel domains where the application of the AI Act's requirements is unclear, sandbox participation can help establish precedent.

The commitment is significant. Sandbox programmes typically run six to twelve months. The organisation must prepare an application demonstrating the system's intended purpose, risk profile, and development stage. Once admitted, regular reporting to the supervising authority is expected, including progress updates, test results, and any issues encountered.

Organisations should prioritise sandbox participation for their highest-risk or most novel systems, where regulatory uncertainty is greatest and the benefit of direct supervisory feedback is most valuable. Lower-risk systems with well-understood compliance pathways are better served by the standard internal conformity assessment process.

Organisations deploying high-risk AI systems across multiple member states face a coordination challenge that compounds with each additional jurisdiction. The AI Act is a regulation and applies uniformly, but the implementation ecosystem of competent authorities, guidance documents, inspection practices, and enforcement priorities varies by member state.

The organisation should designate a single internal coordination point, typically the Conformity Assessment Coordinator or a dedicated regulatory affairs function. This role maintains a register of all relevant authorities across deployment jurisdictions, monitoring jurisdiction-specific guidance and procedural requirements, coordinating registration and reporting across multiple databases and authorities, ensuring consistency of information submitted to different authorities, and managing language requirements. The jurisdiction register should capture, for each deployment member state, the designated national competent authority, the market surveillance authority if different, the relevant data protection authority, any sector-specific regulators with overlapping jurisdiction, published guidance, preferred communication channels and language requirements, and any jurisdiction-specific registration requirements. The register should be reviewed quarterly.

Several practical challenges arise for multi-state deployments. National authorities may interpret ambiguous provisions differently. One authority may consider a specific use case within Annex III scope while another classifies it differently. One authority may interpret "sufficient level of AI literacy" under Article 4 to require formal certification while another accepts documented on-the-job training. Staggered authority maturity means engagement strategies must be calibrated per jurisdiction: proactive engagement with mature authorities, monitoring with developing authorities, and conservative compliance posture with silent authorities.

Voluntary withdrawal may occur for commercial reasons such as product discontinuation, for technical reasons where the system can no longer be maintained to the required standard, or for compliance reasons where the organisation determines the system cannot achieve or maintain conformity. Voluntary withdrawal requires updating the EU database registration status to "no longer on the market/in service," notifying all deployers with a timeline, providing transition guidance covering alternative systems, data export, and wind-down procedures, and retaining the complete AISDP, evidence pack, and version history for the ten-year retention period.

A competent authority may order withdrawal of a non-conforming system under Article 79. Mandated withdrawal imposes additional obligations: the provider must take corrective action or withdraw the system within the authority's timeframe, inform other member state authorities and the Commission if non-compliance affects cross-jurisdiction systems, and failure to comply is an aggravating factor for penalty determination. Article 79 also empowers authorities to order a recall, which requires the provider to retrieve the system from deployers who have already acquired it. Recall is more severe than withdrawal and is typically reserved for systems presenting a serious risk. The provider must notify all deployers, coordinate recall logistics, and report the outcome to the competent authority.

Withdrawal does not extinguish the provider's obligations. The ten-year documentation retention period continues. If come to light after withdrawal, for example where affected persons report harm that occurred while the system was in service, the provider must still report them under Article 73. Post-market monitoring obligations continue for the period during which the system was in service, as the provider may be required to analyse historical monitoring data in response to post-withdrawal investigations.

Conflicting guidance from different member states is a realistic risk during the early implementation period. National competent authorities may interpret ambiguous provisions differently, particularly where the Commission has not yet published implementing guidance.

The Legal and Regulatory Advisor should maintain a register of jurisdiction-specific guidance relevant to the organisation's AI systems. When a new guidance document is published by any member state authority in which the system is deployed, it should be assessed for consistency with guidance from other relevant authorities and with the AI Office's publications. Where a conflict is identified, the register records the specific provision in dispute, the conflicting interpretations, and the affected AISDP modules.

The default resolution is to adopt the more conservative interpretation, unless doing so would conflict with a third authority's guidance or create a technical impossibility. The rationale for the chosen interpretation is documented in the AISDP's compliance rationale section with references to the specific guidance documents considered. If the conflict is material, affecting system design, the human oversight model, or the scope of the intended purpose, the organisation should consider raising the issue with the AI Office, which has a mandate to coordinate consistent application across member states. An advisory opinion from the competent authority in the primary deployment jurisdiction should be sought, documenting both the request and the response as evidence.

Regardless of how any conflict is resolved, the organisation should document its interpretation, its reasoning, the guidance it considered, and the evidence supporting its position. If the conflict is later resolved by the AI Office, a court, or harmonised standards, the organisation should assess whether the resolution affects its compliance posture and update the AISDP accordingly. A well-documented position, even if it later proves to be on the wrong side of a resolved conflict, demonstrates good faith compliance effort.