Article 79 of Regulation (EU) 2024/1689 — National competent authority. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 79 of Regulation (EU) 2024/1689 requires each EU Member State to designate one or more national competent authorities for the purpose of supervising the application and enforcement of the AI Act. Each designated authority must be notified to the European Commission, which then makes this information publicly available.
The article distinguishes between two functional roles that may be fulfilled by the same or different national bodies: the market surveillance authority, responsible for overseeing AI systems placed on the market or put into service, and the notifying authority, responsible for establishing and carrying out the conformity assessment body designation process.
Member States must ensure that their designated authority or authorities are granted sufficient powers, resources, technical staff, and financial means to carry out their tasks effectively. Where a Member State designates more than one competent authority, it must clearly delineate their respective responsibilities and establish appropriate coordination mechanisms.
Article 79 also requires Member States to designate a competent authority responsible for supervising AI systems deployed by public bodies and institutions. This acknowledges the particular sensitivity of AI use in governmental contexts and the need for dedicated oversight that is independent from commercial market surveillance.
Member States must communicate their designations, and any subsequent changes, to the Commission without undue delay.
What This Means in Practice
For national governments, Article 79 is an organisational and institutional obligation: each Member State must make a concrete governmental decision about which existing regulatory body — or newly created institution — will hold supervisory powers under the AI Act.
In practice, many Member States are either expanding the mandate of existing data protection authorities or digital regulators, or creating new dedicated AI oversight bodies. Countries such as France (with the CNIL and Arcom playing roles), Germany (with the Bundesnetzagentur), and Spain (with the AESIA) have moved to identify or create competent authorities ahead of the applicable deadlines.
For operators — providers, deployers, importers, and distributors of high-risk AI systems — the designation of the national competent authority determines which body will conduct audits, investigations, and enforcement actions against them. This makes it essential to identify the relevant authority in each Member State where an AI system is placed on the market or put into service.
For deployers of AI systems within public administrations, the designated supervisory authority for public bodies may be separate from the general market surveillance authority. This means public-sector organisations must identify which body oversees their specific context.
Concrete example: a company providing a biometric identification system to a national border control agency must engage with two potentially distinct national competent authorities — the market surveillance authority (overseeing the product as a high-risk system) and the authority designated for public body deployments (overseeing the end use).
Operators should monitor the European AI Office's public register of national competent authority designations and establish direct points of contact with the relevant national body.
Key Obligations
- Member State designation: Each EU Member State must designate at least one national competent authority responsible for supervising the application of the EU AI Act and notify the European Commission of its designation.
- Dual-function coverage: Member States must ensure coverage of both the market surveillance function (for commercially placed AI systems) and the notifying authority function (for conformity assessment body accreditation), whether through one body or multiple coordinated bodies.
- Public-sector supervision: A competent authority must be specifically designated to oversee AI systems used by public authorities and bodies, acknowledging the particular accountability requirements in governmental AI deployment.
- Adequate resourcing: Designated authorities must be provided with sufficient technical expertise, human resources, and financial means to perform their supervisory and enforcement functions effectively.
- Coordination where multiple authorities: Where more than one national authority is designated, Member States must clearly delimit responsibilities and establish formal coordination mechanisms to avoid gaps or conflicts in oversight.
- Notification and transparency: Member States must communicate their designations to the Commission without undue delay, and the Commission must make this information publicly accessible.
Relationship to Other Articles
Article 79 is the institutional foundation for the entire Title IX enforcement and market surveillance architecture. It must be read alongside Article 74 (market surveillance and control of AI systems in the Union market), which sets out the substantive powers and procedures that national competent authorities exercise. Articles 75 and 76 address cross-border cooperation and information sharing between national authorities, which depends directly on the designations made under Article 79.
Article 77 governs the powers of authorities to access data and documentation from operators, powers which flow to the authority designated under Article 79. Article 80 provides for the single point of contact that national competent authorities must establish for cross-border coordination with the European AI Office established under Article 64.
At the Union level, the European AI Board (Article 65) and the European AI Office operate alongside national competent authorities, making Article 79 a critical node in the multi-level governance structure of the Regulation.
Compliance Timeline
The EU AI Act entered into force on 1 August 2024, following publication in the Official Journal. Its obligations apply on a phased basis:
- February 2025: Prohibitions on unacceptable-risk AI practices (Title II) became applicable.
- August 2025: Obligations relating to GPAI models (Title VIII), governance structures including the European AI Office, and — critically for Article 79 — national competent authority designation obligations became applicable. Member States should have communicated their designations to the Commission by this date.
- December 2026: High-risk AI system obligations under Annex I (product safety legislation) apply.
- August 2027: Full application of obligations for high-risk AI systems listed in Annex III, completing the phased rollout.
For operators, the practical significance of Article 79 becomes acute from August 2025 onward, as designated national competent authorities gain active supervisory and enforcement powers. Mapping which national authority oversees your AI systems in each relevant Member State should be treated as a compliance action completed by Q3 2025.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
Each EU Member State must designate one or more national competent authorities responsible for supervising the application and implementation of the EU AI Act, including market surveillance for high-risk AI systems placed on or put into service in their territory.
Member States have discretion in designating their authority, but each must notify the European Commission of its choice. The designated authority typically combines a market surveillance function with a notifying authority function, and must have adequate resources, technical expertise, and powers of enforcement.
Yes. Member States must also designate a competent authority responsible for supervising AI systems used by public authorities and bodies. This may be the same authority designated for market surveillance or a separate body, depending on national arrangements.
The obligations relating to national competent authorities under Article 79 apply from 2 August 2025, as part of the second phase of the EU AI Act's phased implementation schedule.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.