Article 75 — Mutual assistance, market surveillance, and control of general-purpose AI models (EU AI Act)

Article 75 of Regulation (EU) 2024/1689 — Mutual assistance, market surveillance, and control of general-purpose AI models. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 75 of Regulation (EU) 2024/1689 establishes the market surveillance and cross-border mutual assistance framework applicable to AI systems generally, and introduces specific oversight mechanisms for general-purpose AI (GPAI) models. The article is situated within Title IX, which governs post-market monitoring and market surveillance across the AI value chain.

For AI systems other than GPAI models, Article 75 requires Member States to designate market surveillance authorities competent to verify compliance with the Regulation and to coordinate with one another and with the Commission. These authorities are vested with the investigatory and enforcement powers provided under Regulation (EU) 2019/1020 (the Market Surveillance Regulation), adapted to the specificities of AI.

For general-purpose AI models — including those classified as presenting systemic risk under Article 51 — the article assigns primary supervisory competence to the European AI Office, operating under the authority of the Commission. The AI Office is empowered to request documentation and technical information from GPAI model providers, conduct evaluations, assess compliance with the obligations set out in Articles 53 and 55, and take or recommend corrective measures. Where a GPAI model with systemic risk is found to be non-compliant, the AI Office may require the provider to take remedial action, restrict access to the model, or initiate withdrawal procedures. National authorities retain the ability to act in relation to specific downstream AI systems deployed in their territory, even where the underlying GPAI model is supervised at Union level.

What This Means in Practice

Article 75 creates a two-tier enforcement architecture that practitioners and compliance teams must understand clearly.

For providers and deployers of AI systems that are not GPAI models — particularly high-risk systems listed in Annexes I and III — market surveillance is conducted by national authorities designated under Article 70. Those authorities have powers to inspect, audit, and order corrective action. If a non-compliant AI system is identified in one Member State, Article 75 requires that authority to notify other Member States and the Commission through the RAPEX/Safety Gate mechanism, triggering a coordinated response. Companies operating across multiple EU jurisdictions must therefore be prepared to engage with more than one national authority and must maintain documentation that can be produced promptly upon request anywhere in the Union.

For GPAI model providers — including foundation model developers who make models available via APIs, open weights, or integrated products — the practical implications are more significant. The European AI Office acts as the primary interlocutor. Providers should expect the AI Office to request access to technical documentation, training data summaries, evaluation methodologies, red-teaming results, and incident reports. Where systemic risk is determined under Article 51 (currently triggered at or above the 10^25 FLOP training threshold, or by Commission designation), Article 75 empowers the AI Office to conduct its own adversarial testing or commission third-party evaluations.

Downstream deployers integrating GPAI models into high-risk applications must be aware that a finding against the upstream provider under Article 75 may affect the compliance status of their own product. Contracts with GPAI model providers should include provisions addressing notification obligations, cooperation duties, and remediation timelines in the event of an AI Office investigation.

Key Obligations

• Member States must designate or establish one or more national market surveillance authorities competent for AI systems, and notify the Commission of those designations, ensuring those authorities have adequate powers, resources, and independence.
• National market surveillance authorities must cooperate with each other and with the European AI Office, share information about non-compliant AI systems through Union information-sharing mechanisms, and take coordinated action when a risk is identified in more than one Member State.
• GPAI model providers must cooperate with the European AI Office upon request, provide access to technical documentation, model evaluations, and safety-relevant information, and implement corrective measures as directed by the AI Office within prescribed timeframes.
• Providers of GPAI models with systemic risk are subject to enhanced supervision by the AI Office, including the possibility of direct evaluation, independent audits, and binding measures up to and including market withdrawal.
• Downstream providers and deployers must, upon request by competent national authorities, provide all information necessary to assess the compliance of an AI system, including information about the GPAI model or components supplied by third parties.
• The European AI Office must maintain coordination with national market surveillance authorities when exercising its supervisory powers over GPAI models, to avoid conflicting decisions and ensure consistent application of the Regulation across the Single Market.

Relationship to Other Articles

Article 75 cannot be read in isolation. It operationalises the obligations laid down in Articles 53 and 55 for GPAI model providers, and the high-risk system obligations in Articles 9 through 17, by establishing who enforces them and how.

Article 70 governs the designation and organisation of national market surveillance authorities and should be read as the foundational provision to which Article 75 adds cross-border and GPAI-specific dimensions. Article 71 addresses market surveillance activities more broadly, while Article 72 covers the EU database for high-risk AI systems that supports surveillance efforts.

Article 51 is directly relevant because it defines the systemic risk threshold that triggers the enhanced AI Office oversight under Article 75. Article 94 grants the Commission implementing powers to adopt procedural rules for AI Office investigations. Article 80 governs Union protective measures where a Member State takes action against a non-compliant system, which interacts with Article 75 mutual assistance obligations. Practitioners should also consult Regulation (EU) 2019/1020, which provides the baseline market surveillance procedural framework that Article 75 incorporates and adapts for AI.

Compliance Timeline

The EU AI Act entered into force on 1 August 2024, twenty days after publication in the Official Journal. The Regulation then applies in phases:

• 2 February 2025 — Provisions on prohibited AI practices (Title II, Article 5) became applicable.
• 2 August 2025 — Provisions on general-purpose AI models (Chapter V, Articles 51–56) and the market surveillance framework including Article 75 became applicable. Member States were required by this date to have designated their national market surveillance authorities and notified the Commission.
• 2 December 2026 — High-risk AI systems covered by Annex I (product safety legislation) must comply fully with the Regulation.
• 2 August 2027 — All remaining high-risk AI systems listed in Annex III must comply, completing the full phased application of the Regulation.

For GPAI model providers, Article 75 is therefore already in force. The European AI Office has been operational since its establishment within the Commission structure, and providers should treat its investigatory powers as immediately exercisable. National market surveillance authorities are equally active for non-GPAI AI systems already on the market.