Article 87 of Regulation (EU) 2024/1689 — Follow-up actions by the AI Office. Official text, practical interpretation, key obligations and compliance implications.
Official Text Summary
Article 87 of Regulation (EU) 2024/1689 establishes the procedural framework for follow-up actions by the AI Office when non-compliance by providers of general-purpose AI models (GPAIMs) has been identified. Where the AI Office concludes, following an evaluation conducted pursuant to Article 92 or an investigation under Articles 93 and 94, that a provider has failed to meet their obligations under Chapter V, it is empowered to initiate a structured escalation process.
The AI Office may request that the European Commission take action, which can include requiring the provider to implement specific remedial measures within a defined timeframe, withdraw the model from the market, or impose temporary restrictions on access to the model. The AI Office may also coordinate with national competent authorities where non-compliance has downstream implications for high-risk AI systems deployed within Member States.
Article 87 further provides that where the AI Office has reasonable grounds to believe that a GPAI model with systemic risk poses an immediate threat, it may request the Commission to apply interim measures pending the full conclusion of formal proceedings. The article also envisages cooperation with third-country authorities in cases where the non-compliant provider is established outside the European Union, consistent with the extraterritorial scope established in Article 2 of the Regulation.
What This Means in Practice
For providers of general-purpose AI models, Article 87 represents the enforcement backstop that gives procedural teeth to the entire GPAI compliance framework. In practical terms, this article describes what happens after the AI Office has gathered its evidence and concluded that a provider is in breach of the obligations set out in Articles 53 to 56.
Providers should understand Article 87 as defining the transition from investigation to consequence. A provider that has been subject to an evaluation under Article 92 — whether a model evaluation or an in-depth evaluation for systemic risk models — and found to be non-compliant can expect the AI Office to trigger the escalation pathway described here.
Concretely, a provider might receive a formal request to update technical documentation, modify the model's capabilities, implement additional safeguards in the model card or systemic risk assessment, or take the model off the market entirely. In urgent situations involving systemic risk models, interim restrictions could be applied before the full proceedings conclude.
For downstream deployers and integrators who rely on a GPAI model that becomes subject to Article 87 proceedings, there is a practical risk of disruption: if the AI Office restricts or suspends access to a model, applications built on that model may be affected. This makes contractual risk allocation between GPAI providers and deployers an important compliance consideration.
Organisations operating GPAI models at scale should incorporate Article 87 scenarios into their business continuity planning and ensure that remediation response procedures are documented in advance.
Key Obligations
- Cooperation with Commission measures: Providers against whom follow-up action is initiated must cooperate fully with any measures requested by the European Commission acting on the AI Office's recommendation, including implementing remedial actions within the timeframes specified.
- Timely remediation: Where the AI Office identifies non-compliance and requests corrective action, providers are required to implement the requested measures promptly and report back to the AI Office on the steps taken.
- Interim measure compliance: In urgent cases involving systemic risk, providers must comply with any interim measures ordered pending the conclusion of formal proceedings, even before a final determination of non-compliance has been made.
- Coordination with national authorities: Where the AI Office refers elements of a non-compliance finding to national competent authorities, providers must engage with those authorities in parallel, recognising that downstream high-risk AI system obligations remain under national jurisdiction.
- Market withdrawal if required: If the Commission, acting on the AI Office's recommendation, orders a withdrawal or access restriction, providers must execute the withdrawal in a timely and complete manner and cease making the model available in the manner identified as non-compliant.
- Third-country provider obligations: Providers established outside the EU that place GPAIMs on the Union market must comply with follow-up actions through their authorised representatives established in the EU, as required under Article 54.
Relationship to Other Articles
Article 87 sits at the centre of the AI Office's enforcement architecture and must be read in close conjunction with several other provisions. Articles 92, 93, and 94 provide the investigative and evaluation mechanisms that generate the factual basis upon which Article 87 follow-up actions are grounded — without a concluded evaluation or investigation, Article 87 cannot be triggered.
The substantive obligations whose breach Article 87 is designed to remedy are found in Chapter V, particularly Articles 53 (obligations for all GPAI model providers), 54 (authorised representatives), 55 (obligations for providers of GPAI models with systemic risk), and 56 (adversarial testing). Article 101 governs the administrative fines that can follow confirmed non-compliance, making it the natural downstream consequence of the process initiated under Article 87.
For high-risk AI systems that incorporate non-compliant GPAIMs, the interaction with Articles 72 to 74 (post-market monitoring and market surveillance by national authorities) is significant, as Article 87 provides the coordination mechanism between the AI Office and Member State authorities in such cross-cutting cases.
Compliance Timeline
The EU AI Act entered into force on 1 August 2024, initiating the phased application schedule established in Article 113. Article 87, as part of the general-purpose AI model framework in Chapter V and the enforcement architecture in Title IX, falls within the application window that became operative on 2 August 2025 — twelve months after entry into force — when GPAI-specific obligations became enforceable.
This means that as of August 2025, the AI Office has full operational authority to conduct evaluations and investigations that could trigger Article 87 follow-up actions. Providers of general-purpose AI models that have not yet completed their compliance programmes under Articles 53 to 56 are already within scope for potential Article 87 proceedings.
The high-risk AI system provisions under Annex III become fully applicable for most systems in December 2026, with a further extended deadline of August 2027 for certain legacy systems. Where Article 87 actions relate to GPAIMs integrated into high-risk systems, the coordination with national authorities will intensify as those downstream deadlines pass and market surveillance activities by Member States increase.
Official AI Act Compliance Deadline Calendar
Updated · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.
| Obligation | Applies to | Original date | New date | Status | Countdown | Legal basis |
|---|---|---|---|---|---|---|
| Prohibited Practices (Art. 5) | All providers and deployers | active | — | AI Act Art. 5 | ||
| GPAI Rules (Chapter 5) | GPAI model providers | active | — | AI Act Art. 51-56 | ||
| High-risk AI — Annex III (standalone) | Providers of standalone Annex III systems | deferred | — | AI Omnibus 2026 Art. 6(2) | ||
| High-risk AI — Annex I (embedded) | AI embedded in Annex I regulated products | deferred | — | AI Omnibus 2026 Art. 6(1) | ||
| AI-Generated Content Marking | Providers of generative GPAI systems | active | — | AI Act Art. 50(2) | ||
| Regulatory Sandboxes | National competent authorities | active | — | AI Act Art. 57 |
⬇ Download JSON · CC BY 4.0
AI Act meets DORA and NIS2
Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.
Explore regulation-dora.eu ↗Frequently Asked Questions
The AI Office can request that the European Commission initiate measures including requesting providers of general-purpose AI models to take remedial actions, restricting access to models, or referring matters to competent national authorities. These actions are triggered when the AI Office identifies non-compliance following evaluations or investigations.
Follow-up actions under Article 87 primarily target providers of general-purpose AI models (GPAIMs) that have been found non-compliant with the obligations set out in Chapter V of the EU AI Act, particularly following evaluations conducted under Article 92 or investigations under Articles 93 and 94.
Article 87 establishes a coordination mechanism between the AI Office and national market surveillance authorities. Where the AI Office identifies non-compliance affecting specific downstream use cases or high-risk AI systems, it may refer the matter to the relevant national authorities who retain jurisdiction over those downstream applications under Chapter VII.
The AI Office does not directly impose fines under Article 87 but can recommend and initiate measures through the European Commission. Administrative fines for providers of general-purpose AI models are governed by Article 101, which sets out the penalty framework applicable following confirmed non-compliance identified through the processes referenced in Article 87.
Stay ahead of AI Act changes
Get compliance alerts when deadlines or obligations change.
No spam. One-click unsubscribe.