Article 101 — Right to lodge a complaint with a market surveillance authority (EU AI Act)

Article 101 of Regulation (EU) 2024/1689 — Right to lodge a complaint with a market surveillance authority. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 101 of Regulation (EU) 2024/1689 (the EU AI Act) establishes the right of any natural or legal person to lodge a complaint with a competent market surveillance authority where that person considers that a provider, deployer, importer, distributor, or other relevant operator has infringed the provisions of this Regulation.

The article places an obligation on the receiving market surveillance authority to handle the complaint with appropriate diligence and to keep the complainant informed of the status of the investigation and of the outcome of proceedings, to the extent such communication does not jeopardise the investigation itself. Member States retain responsibility for ensuring that their designated authorities are adequately equipped to receive and process such complaints effectively.

The provision is deliberately broad in its personal scope: the right is not restricted to individuals who are directly affected or harmed by the AI system in question. Any person — natural or legal — who has reason to believe an infringement has occurred is entitled to invoke this mechanism. This inclusive standing reflects the legislator's intent to promote broad civil enforcement and public accountability for AI systems circulating in the EU market, complementing the official supervisory powers of national authorities and the European AI Office.

What This Means in Practice

For individuals and civil society, Article 101 creates an accessible enforcement channel that does not require initiating costly litigation. A consumer who believes an AI-powered decision-making tool has been deployed without required transparency disclosures, or a researcher who identifies what appears to be a prohibited practice under Article 5, can formally alert the relevant market surveillance authority and expect the matter to be investigated.

For businesses operating as providers, deployers, importers, or distributors of AI systems, Article 101 introduces a realistic risk of complaint-driven investigations triggered not only by direct competitors or regulators but by any third party — including journalists, advocacy groups, or affected communities. This widens the de facto enforcement surface considerably beyond the scope of routine supervisory inspections.

Practically, companies should ensure that their AI systems comply with all applicable obligations before market deployment, because a single well-documented complaint can initiate a formal investigation leading to corrective measures, withdrawal orders, or financial penalties. Compliance programmes should include mechanisms for monitoring potential public concerns and channels for proactively engaging with market surveillance authorities if a potential non-compliance is self-identified.

Member States must designate accessible points of contact and clear complaint submission procedures. Organisations deploying AI systems across multiple Member States should map the relevant market surveillance authorities in each jurisdiction and understand their procedural requirements.

Key Obligations

Right of access for all persons: Any natural or legal person — not only those directly harmed — holds the right to submit a complaint, ensuring broad standing for civil enforcement.
Authority diligence: The market surveillance authority that receives a complaint must handle it with appropriate diligence, including conducting any investigation warranted by the facts alleged.
Complainant information: The authority must keep the complainant informed of the progress and outcome of the complaint, subject to limits imposed by the protection of the ongoing investigation.
Operator accountability: Providers, deployers, importers, distributors, and other relevant operators are subject to complaint-driven scrutiny and must be prepared to cooperate with investigations arising from complaints.
Member State facilitation: Member States must ensure that their designated market surveillance authorities have the procedural frameworks and resources necessary to receive and act on complaints effectively.

Relationship to Other Articles

Article 101 operates as part of the broader enforcement architecture of the EU AI Act and should be read alongside several related provisions. Article 70 establishes the market surveillance authorities themselves and defines their powers. Articles 74 to 81 detail the supervisory and corrective measures those authorities may apply following an investigation — including orders to withdraw or recall AI systems from the market — which are the ultimate outputs of a successful complaint procedure.

Article 99 sets out the penalties that authorities may impose on operators found to have infringed the Regulation, giving material force to complaints. Article 85 concerns the right of affected persons to receive explanations for decisions taken by certain high-risk AI systems, a provision that may frequently underpin complaints submitted under Article 101. The complaint mechanism also complements Article 86, which grants persons subject to high-risk AI systems the right to lodge a complaint with the relevant deployer, creating a two-tier structure: internal recourse followed, where necessary, by escalation to the public authority under Article 101.

Compliance Timeline

The EU AI Act entered into force on 1 August 2024, following its publication in the Official Journal of the European Union. Application of the Regulation is phased:

2 February 2025 — Prohibitions on unacceptable-risk AI practices (Article 5) became applicable. Complaints relating to potential breaches of these prohibitions could in principle be submitted from this date.
2 August 2025 — Provisions on general-purpose AI models (Title VIII) and the governance framework, including the establishment of market surveillance authorities, became fully applicable. From this point, complaint mechanisms are fully operational for GPAI-related concerns.
2 August 2026 — Most high-risk AI system obligations under Annex I become applicable.
2 August 2027 — High-risk AI system obligations for systems covered by Annex I, point 1 (certain existing Union harmonisation legislation) become applicable.

Article 101 itself, situated in Title XII (Final Provisions), became applicable from 2 August 2026 alongside the main body of the Regulation. Organisations should already have internal processes in place to handle potential complaints and to cooperate with market surveillance investigations as these deadlines arrive.

Official AI Act Compliance Deadline Calendar

Updated 2026-06-22 · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.

Obligation	Applies to	Original date	New date	Status	Countdown	Legal basis
Prohibited Practices (Art. 5)	All providers and deployers	2 February 2025	2 February 2025	active	—	AI Act Art. 5
GPAI Rules (Chapter 5)	GPAI model providers	2 August 2025	2 August 2025	active	—	AI Act Art. 51-56
High-risk AI — Annex III (standalone)	Providers of standalone Annex III systems	2 August 2026	2 December 2027	deferred	—	AI Omnibus 2026 Art. 6(2)
High-risk AI — Annex I (embedded)	AI embedded in Annex I regulated products	2 August 2026	2 August 2028	deferred	—	AI Omnibus 2026 Art. 6(1)
AI-Generated Content Marking	Providers of generative GPAI systems	2 August 2025	2 August 2025	active	—	AI Act Art. 50(2)
Regulatory Sandboxes	National competent authorities	2 August 2026	2 August 2026	active	—	AI Act Art. 57

⬇ Download JSON · CC BY 4.0

AI Act meets DORA and NIS2

Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.

Explore regulation-dora.eu ↗

Frequently Asked Questions

Who can lodge a complaint under Article 101 of the EU AI Act?

Any natural or legal person — including individuals, civil society organisations, and businesses — who has reason to believe that an AI system does not comply with the EU AI Act may submit a complaint to the competent market surveillance authority in their Member State.

Which authority receives complaints under Article 101?

Complaints are submitted to the market surveillance authority designated by each EU Member State. This authority is responsible for overseeing compliance with the EU AI Act in their jurisdiction. Complainants should identify the authority in the Member State where the AI system was placed on the market or put into service, or where they are affected by the system.

What happens after a complaint is submitted?

The market surveillance authority is required to handle the complaint and keep the complainant informed of the progress of the investigation and its outcome. Authorities must treat complaints with appropriate diligence and conduct any necessary investigation into the alleged non-compliance.

Does Article 101 grant individual rights similar to GDPR complaint rights?

Article 101 mirrors the complaint mechanism familiar from Article 77 of the GDPR. It grants individuals and organisations an enforceable right to approach a supervisory body, ensuring that concerns about non-compliant AI systems can be escalated to a public authority rather than requiring private litigation alone.

Can an organisation lodge a complaint on behalf of affected individuals?

Yes. Article 101 is not limited to directly affected individuals. Any natural or legal person — which includes advocacy groups, trade associations, and non-governmental organisations — may submit a complaint, provided they have reason to believe a violation of the Regulation has occurred.

Stay ahead of AI Act changes

Get compliance alerts when deadlines or obligations change.

No spam. One-click unsubscribe.