2026-04-25·15 min read·sota.io team

EU AI Act Art.78: Confidentiality of Market Surveillance Information — Trade Secrets, IP, Source Code, and CLOUD Act Risk (2026)

EU AI Act Article 78 addresses a structural tension at the heart of AI regulation: effective market surveillance requires authorities to access sensitive commercial information — source code, training data documentation, proprietary model architectures, business strategies — but that access creates disclosure risk for the very actors the regulatory system is designed to oversee. Art.78 resolves this tension by establishing a framework of professional confidentiality obligations that bind all actors in the AI Act's enforcement architecture.

The article is short — five paragraphs — but its implications run through every market surveillance interaction under the Act. A provider that submits source code for MSA inspection under Art.64, a notified body that accesses technical documentation under Art.44, a research institution whose Art.77 registration materials sit in an NCA database — all of these actors are protected by Art.78's confidentiality regime. Understanding both what Art.78 protects and where it creates residual CLOUD Act exposure is essential for any compliance strategy that involves regulatory interaction.

Art.78 in the Chapter VIII Architecture

Art.78 functions as the confidentiality backstop for the entire Chapter VIII market surveillance framework. It operates alongside, not instead of, the specific information-sharing provisions in Art.74-77:

Article	Role	Art.78 Interface
Art.72	Post-market monitoring	PMM data submitted to MSAs is subject to Art.78 confidentiality when received by authorities
Art.73	Deployer obligations	Deployer-submitted incident reports and monitoring logs protected under Art.78(1)
Art.74	MSA investigative powers	Art.74(8) source code and documentation access specifically protected under Art.78(1)(a)
Art.75	Mutual assistance	Art.75 information exchanged between MSAs subject to Art.78(2) inter-authority controls
Art.76	Real-world testing supervision	Art.76 registration data protected under Art.78(1) — testing plans, system descriptions
Art.77	Scientific research supervision	Art.77 registration materials, research data, ethics committee reports protected
Art.78	Confidentiality framework	This guide
Art.79	Risk procedure at national level	Art.78 confidentiality protects investigation data exchanged during Art.79 evaluations; authorities bound by confidentiality obligations throughout Art.79 procedure

Art.78(1): Core Confidentiality Obligation — Protected Information Categories

Art.78(1) imposes the primary obligation: Member States shall take appropriate measures to ensure that authorities responsible for implementing the Regulation, as well as notified bodies, respect the confidentiality of information obtained in the course of their tasks and activities.

The obligation is broad in scope but specific in its enumerated protections:

Category (a): Intellectual Property Rights and Confidential Business Information

This is the broadest and most commercially significant protection. Art.78(1)(a) covers:

Intellectual property rights:

Patents on AI model architectures, training procedures, or inference optimisation
Copyright in training datasets, software implementations, and documentation
Trade marks and design rights associated with AI systems
Database rights in curated training datasets under EU Directive 96/9/EC

Confidential business information and trade secrets:

Proprietary training data curation methodologies
Model hyperparameters, fine-tuning techniques, and architectural choices
Business plans, customer lists, pricing strategies submitted in conformity documentation
Commercial agreements with component suppliers, cloud providers, or data licensors

Source code — explicit Art.78(1)(a) protection: The explicit mention of source code is significant. Art.64 gives MSAs access to source code for inspection purposes. Art.78(1)(a) ensures that source code accessed under Art.64 powers cannot be disclosed outside the enforcement context. This protection applies to:

Core model inference code
Training pipeline implementations
Data preprocessing scripts
Security-relevant implementation details

The Art.78(1)(a) Exception: The protection yields where "disclosure is required in order to protect fundamental rights or safety of persons." This creates a proportionality balancing: commercially sensitive source code can be disclosed by an MSA if non-disclosure would allow a safety risk to persist. The threshold is high — routine enforcement transparency does not meet it.

Category (b): Effective Implementation of the Regulation

Art.78(1)(b) protects information whose disclosure would undermine the regulatory process itself:

Ongoing investigation strategies and methodologies
Audit checklists and inspection protocols that would allow anticipatory compliance gaming
Information about which operators are under active investigation
Internal risk prioritisation frameworks used by MSAs to select enforcement targets

This category has no direct commercial equivalent — it protects regulatory effectiveness rather than private interests. Authorities may refuse to disclose this category even to the investigated party in appropriate circumstances.

Category (c): Public and National Security Interests

Art.78(1)(c) aligns the AI Act confidentiality framework with Member State security law. Specific protections include:

AI systems deployed in law enforcement, border control, or intelligence contexts
Technical specifications of AI systems whose disclosure would create security vulnerabilities
Information about AI systems used in critical infrastructure under NIS2 or DORA
AI testing results that reveal national security-relevant AI capabilities

For providers whose systems fall within Art.6(1) high-risk categories that overlap with security-sensitive applications (e.g., Annex III point 1 biometric identification, point 8 migration management), Art.78(1)(c) is particularly relevant to MSA information handling.

Category (d): Integrity of Criminal or Administrative Proceedings

Art.78(1)(d) prevents Art.78 from being weaponised to interfere with active investigations:

Information relevant to ongoing criminal investigations cannot be prematurely disclosed
Administrative enforcement proceedings depend on information remaining undisclosed until appropriate procedural stages
Witness and source protection in regulatory investigations

Art.78(2): Inter-Authority Information Exchange Controls

Art.78(2) governs what happens when MSAs, the AI Office, and the AI Board share information with each other — which is required for effective cross-border enforcement under Art.75 (mutual assistance) and Art.66 (market surveillance coordination).

The rule: information exchanged on a confidential basis between competent national authorities, and between competent national authorities and the Commission, shall not be disclosed without the prior consultation of the originating national authority and the user who requested confidentiality.

This creates a two-party consent model for disclosure of shared confidential information:

The originating authority — the MSA that first received or generated the confidential information must be consulted before re-disclosure
The requesting user — where a provider, deployer, or other regulated entity requested confidentiality under applicable Union or national law, that entity must also be consulted

Practical Implications for Providers

When an AI provider submits technical documentation to an MSA under Art.44 or Art.64, and that MSA shares the documentation with another MSA under Art.75 mutual assistance, Art.78(2) means:

The receiving MSA cannot publish the documentation without consulting the originating MSA and the provider
If the provider has explicitly requested confidentiality under applicable law (e.g., trade secret protection under Directive 2016/943), that request travels with the information
Downstream disclosure by receiving authorities requires fresh consultation, not just the original submission

Information Hygiene for Multi-Jurisdiction Submissions

Providers operating across multiple Member States face a practical challenge: the same technical documentation submitted to five different MSAs is now subject to five separate Art.78(2) confidentiality regimes. Best practice:

Clearly label all submissions with confidentiality requests under applicable national law
Maintain a submission register tracking which authority received which version of which document
Request explicit confidentiality acknowledgement from each receiving authority before submission

Art.78(3): Carve-outs — What Art.78 Does Not Restrict

Art.78(3) prevents confidentiality obligations from becoming obstacles to legitimate information sharing for public protection. The provision is explicit: Art.78(1) and Art.78(2) do not affect:

Rights and obligations regarding exchange of information and dissemination of warnings:

RAPEX/Safety Gate alerts about unsafe AI systems must be disseminated regardless of commercial confidentiality claims
Art.66 market surveillance coordination requires information sharing — Art.78 confidentiality cannot block it
AI Board coordination on cross-cutting AI risks requires information sharing — Art.78 creates process controls, not substantive blocks

Obligations to provide information under criminal law:

Competent criminal investigation authorities retain full access to information held by MSAs regardless of Art.78(1) protections
A provider cannot use Art.78(1)(d) protections (criminal proceedings integrity) to shield information from the very criminal proceedings that Art.78(1)(d) is designed to protect

The Safety Override in Practice

Where an Art.78(1) protection conflicts with an Art.78(3) public safety obligation, Art.78(3) prevails. The practical hierarchy:

Active criminal investigations: immediate override
RAPEX-type safety alerts: override where safety risk is imminent and significant
Art.75 mutual assistance: disclosure subject to Art.78(2) consultation controls, not blocked
Routine transparency requests: Art.78(1) protection applies in full

Art.78(4) permits — but does not require — the Commission and Member States to share confidential AI Act enforcement information with regulatory authorities in third countries. The conditions:

Bilateral or multilateral arrangements: Information sharing must be governed by a formal agreement — not ad hoc requests
Adequate confidentiality guarantees: The third-country framework must provide confidentiality protections equivalent to Art.78(1)

US Regulatory Cooperation and the CLOUD Act Complication

Art.78(4) creates an authorised channel for EU-US regulatory cooperation, for example between an NCA and the US FTC or NIST on shared AI safety concerns. But it does not authorise disclosure to US government authorities outside formal bilateral frameworks — and critically, it does not override the CLOUD Act's separate extraterritorial reach.

The CLOUD Act problem for Art.78 is structural:

Scenario	Art.78 Status	CLOUD Act Status
NCA investigation files on EU sovereign infrastructure	Protected under Art.78(1)	Not compellable — no US-jurisdictional nexus
NCA investigation files on US-incorporated cloud (AWS/Azure/GCP)	Protected under Art.78(1)	Potentially compellable under CLOUD Act despite Art.78 — US government can seek domestic court order against the US-incorporated cloud provider
Provider's submitted technical docs on EU sovereign infra	Protected under Art.78(1)(a)	Not compellable
Provider's submitted technical docs on US-incorporated cloud	Protected under Art.78(1)(a) from EU disclosure	Potentially compellable via US service on the cloud provider, bypassing Art.78 entirely

The core risk: Art.78 protects confidential information from disclosure by EU authorities to third parties. It does not protect that information from compelled disclosure by the cloud provider storing it to US government requests. A provider whose regulatory submissions sit on AWS S3 (Delaware corporation) faces a legal architecture where Art.78 and the CLOUD Act operate in parallel but independently.

Mitigation: MSAs conducting investigations on EU-incorporated, EU-sovereign infrastructure eliminate the CLOUD Act compellability path for investigation files. Providers storing their own submission copies on EU-sovereign infrastructure eliminate it for provider-side copies.

Art.78(5): What May Be Made Public

Art.78(5) establishes the affirmative disclosure framework — what information authorities may publish or make available, notwithstanding Art.78(1) protections:

Conformity assessment procedures and outcomes:

The fact of a conformity assessment being conducted
The assessment outcome (positive or negative decision) with grounds
This enables market transparency without disclosing the technical content of the assessment

Market surveillance activities and outcomes:

Results of MSA inspections and investigations
Corrective measures imposed under Art.74
Market withdrawal and prohibition decisions under Art.62
Restrictions on commercial availability of specific AI systems

Registration information in the EU AI Database:

Art.60 EU AI Database entries are by design public (for the public-facing tier)
Art.78(5) confirms that database publication is not blocked by Art.78(1) confidentiality

What Art.78(5) Does NOT Authorise

Art.78(5) is a permissive list, not an obligation. Authorities may publish this information — but must balance against Art.78(1) protections even within these categories:

A conformity assessment outcome can be published; the detailed technical grounds that contain trade secrets need not be
A market surveillance action can be announced; investigation methodology under Art.78(1)(b) remains protected
EU DB registration data is public; supplementary restricted-access information submitted under Art.60(5) is not

Art.78 and the Notified Body Relationship

Notified bodies hold a unique position under Art.78. They are explicitly bound by Art.78(1) in the same terms as public authorities — despite being private entities. This means:

Technical documentation reviewed during conformity assessment under Art.43-44 is subject to professional confidentiality
Audit findings and non-conformities identified during assessment cannot be shared with competitors or disclosed commercially
Notified bodies that breach Art.78(1) face removal from the EU AI notified body register — the compliance mechanism is through notifying authority oversight, not Art.79 penalties

For providers selecting notified bodies, Art.78 compliance provides a baseline assurance. But it does not address the infrastructure risk: a notified body storing client technical documentation on US-incorporated cloud creates the same CLOUD Act exposure as an MSA doing so.

Python: ConfidentialityRecord

from dataclasses import dataclass, field
from enum import Enum
from datetime import date
from typing import Optional


class ProtectedCategory(Enum):
    """Art.78(1) protected information categories."""
    TRADE_SECRET = "Art.78(1)(a) — trade secret / confidential business information"
    INTELLECTUAL_PROPERTY = "Art.78(1)(a) — intellectual property right"
    SOURCE_CODE = "Art.78(1)(a) — source code"
    REGULATORY_EFFECTIVENESS = "Art.78(1)(b) — effective regulatory implementation"
    NATIONAL_SECURITY = "Art.78(1)(c) — public or national security"
    CRIMINAL_PROCEEDINGS = "Art.78(1)(d) — criminal or administrative proceedings integrity"


class DisclosureStatus(Enum):
    CONFIDENTIAL = "confidential — Art.78(1) protections apply"
    PERMISSIVE = "may be disclosed — Art.78(5) authorises publication"
    CARVE_OUT = "disclosure required — Art.78(3) carve-out applies"
    THIRD_COUNTRY = "third-country only — bilateral arrangement required Art.78(4)"


@dataclass
class ConfidentialityRequest:
    """Records an entity's confidentiality claim for submitted information."""
    submitted_by: str
    submission_date: date
    protected_categories: list[ProtectedCategory]
    legal_basis: str  # e.g. "Trade Secrets Directive 2016/943, Art.2(1)"
    confidentiality_request_reference: str
    receiving_authority: str
    originating_authority: Optional[str] = None  # if re-shared under Art.78(2)


@dataclass
class ConfidentialityRecord:
    """Tracks Art.78 confidentiality status for a body of regulatory information."""
    document_id: str
    document_type: str  # e.g. "technical documentation", "source code", "test results"
    protected_categories: list[ProtectedCategory]
    confidentiality_request: Optional[ConfidentialityRequest] = None
    inter_authority_sharing: list[str] = field(default_factory=list)  # list of authorities
    art78_5_disclosable: bool = False
    art78_3_carve_out: bool = False
    third_country_shared_with: list[str] = field(default_factory=list)
    notes: str = ""

    @property
    def disclosure_status(self) -> DisclosureStatus:
        if self.art78_3_carve_out:
            return DisclosureStatus.CARVE_OUT
        if self.art78_5_disclosable:
            return DisclosureStatus.PERMISSIVE
        if self.third_country_shared_with:
            return DisclosureStatus.THIRD_COUNTRY
        return DisclosureStatus.CONFIDENTIAL

    def can_share_with(self, target_authority: str, originating_authority: str) -> tuple[bool, str]:
        """
        Check Art.78(2) inter-authority sharing conditions.
        Returns (can_share, reason).
        """
        if self.art78_3_carve_out:
            return True, "Art.78(3) carve-out — safety or criminal law obligation overrides"
        if self.disclosure_status == DisclosureStatus.PERMISSIVE:
            return True, "Art.78(5) — information falls within permissive disclosure category"
        if target_authority in self.inter_authority_sharing:
            return True, f"Art.78(2) — prior consultation with {originating_authority} and requesting entity completed"
        return (
            False,
            f"Art.78(2) requires prior consultation with {originating_authority} "
            f"and requesting entity before sharing with {target_authority}"
        )

    def cloud_act_risk(self, storage_provider: str, storage_jurisdiction: str) -> dict:
        """Assess CLOUD Act compellability risk for this confidential document."""
        us_incorporated = storage_jurisdiction.upper() in ("US", "USA", "UNITED STATES")
        at_risk = us_incorporated and self.disclosure_status == DisclosureStatus.CONFIDENTIAL
        return {
            "storage_provider": storage_provider,
            "storage_jurisdiction": storage_jurisdiction,
            "cloud_act_risk": "HIGH" if at_risk else "LOW",
            "art78_protection": "protects against EU-authority disclosure only",
            "cloud_act_bypass": at_risk,
            "recommendation": (
                "Store on EU-sovereign infrastructure to eliminate CLOUD Act compellability"
                if at_risk else
                "EU-sovereign storage — CLOUD Act compellability eliminated"
            ),
        }

    def summary(self) -> dict:
        return {
            "document_id": self.document_id,
            "document_type": self.document_type,
            "protected_categories": [c.value for c in self.protected_categories],
            "disclosure_status": self.disclosure_status.value,
            "shared_with_authorities": self.inter_authority_sharing,
            "third_country_shared": self.third_country_shared_with,
        }


# --- Example: technical documentation under MSA investigation ---

tech_doc_record = ConfidentialityRecord(
    document_id="TD-2026-MSA-DE-00142",
    document_type="Technical documentation including source code — Art.64 submission",
    protected_categories=[
        ProtectedCategory.SOURCE_CODE,
        ProtectedCategory.TRADE_SECRET,
        ProtectedCategory.INTELLECTUAL_PROPERTY,
    ],
    confidentiality_request=ConfidentialityRequest(
        submitted_by="AI Provider GmbH",
        submission_date=date(2026, 4, 15),
        protected_categories=[ProtectedCategory.SOURCE_CODE, ProtectedCategory.TRADE_SECRET],
        legal_basis="Trade Secrets Directive 2016/943 Art.2(1); UWG §17(2) [DE]",
        confidentiality_request_reference="CONF-REQ-2026-00142",
        receiving_authority="Bundesnetzagentur (DE NCA)",
    ),
    inter_authority_sharing=[],
    art78_5_disclosable=False,
    art78_3_carve_out=False,
)

can_share, reason = tech_doc_record.can_share_with(
    target_authority="ANSSI (FR NCA)",
    originating_authority="Bundesnetzagentur (DE NCA)"
)
print(f"Can share with FR NCA: {can_share} — {reason}")

cloud_risk = tech_doc_record.cloud_act_risk(
    storage_provider="AWS S3 (Frankfurt region)",
    storage_jurisdiction="US"
)
print(f"CLOUD Act risk: {cloud_risk['cloud_act_risk']} — {cloud_risk['recommendation']}")

Series: EU AI Act Market Surveillance Framework (Chapter VIII)

Article	Title	Focus
Art.72	Post-Market Monitoring	PMM obligations for providers
Art.73	Obligations of Deployers	Deployer monitoring cooperation
Art.74	Market Surveillance Powers	MSA investigative authority
Art.75	Mutual Assistance	Cross-border MSA + GPAI supervision
Art.76	Real-World Testing Supervision	Commercial testing outside sandboxes
Art.77	Scientific Research Testing	Research exception conditions
Art.78	Confidentiality of Information	This guide — MSA confidentiality obligations

Art.78 Compliance Checklist (10 Items)

#	Item	Requirement
1	Confidentiality request on all submissions	Explicitly invoke Art.78(1)(a)-(d) protections with legal basis when submitting to any MSA or notified body
2	Trade secret documentation	Document which specific elements are trade secrets under Directive 2016/943 Art.2(1) before submission
3	Source code protection flagging	Identify all source code submissions explicitly as protected under Art.78(1)(a) in submission cover letter
4	Inter-authority sharing register	Maintain a register of which authorities have received which confidential documents
5	Art.78(2) consultation rights	Know your right to be consulted before the receiving authority shares your confidential information with a third authority
6	Notified body confidentiality clauses	Include Art.78 confidentiality obligations explicitly in notified body engagement contracts
7	Third-country authority requests	Verify bilateral arrangement exists before consenting to Art.78(4) third-country sharing
8	CLOUD Act risk assessment	Identify which regulatory submissions and copies are stored on US-incorporated cloud — assess CLOUD Act compellability
9	EU-sovereign infrastructure for regulatory files	Store all technical documentation, submission copies, and regulatory correspondence on EU-sovereign infrastructure
10	Art.78(5) proactive disclosure	Identify which conformity assessment outcomes and market surveillance information falls within Art.78(5) permissive disclosure — publish proactively to demonstrate transparency

This guide is part of the sota.io EU AI Act developer series. For AI providers storing technical documentation and regulatory submissions on EU-sovereign infrastructure — eliminating CLOUD Act compellability risk for Art.78-protected confidential information — see sota.io.