2026-04-25·13 min read·sota.io team

EU AI Act Art.91: AI Office Inspections of GPAI Providers — On-Site and Remote Access Developer Guide (2026)

EU AI Act Article 91 is the AI Office's most intrusive investigative power: the right to physically enter a GPAI model provider's premises, examine systems and documents, take copies, and seal records. If an Art.90 information request is the documentary phase of a GPAI investigation, Art.91 is the access phase. Where Art.90 asks the provider to send documents, Art.91 sends AI Office inspectors to the provider's location — or, in a remote variant, connects directly to the provider's systems.

Art.91 inspections are not routine audits. They are triggered when the AI Office has reason to believe that an Art.90 response was incomplete, when the provider is non-cooperative, when the Scientific Panel has raised a qualified alert requiring physical verification of model infrastructure, or when the AI Office determines that on-site access is necessary to assess systemic risk. The Commission decision that authorises an inspection under Art.91 is itself a formal enforcement act — challengeable before the Court of Justice of the European Union — and the penalties for obstructing an inspection under Art.99(4)(e) are equal in severity to penalties for refusing an Art.90 information request.

For GPAI model providers, Art.91 is the provision that makes data centre location, compute infrastructure sovereignty, and document-management practices directly material to regulatory risk. A provider whose model training infrastructure sits entirely within EU jurisdiction, with AI Office-accessible documentation, faces a fundamentally different inspection exposure than a provider whose model weights, training data, and benchmark results are stored on US cloud infrastructure subject to CLOUD Act jurisdiction.

Art.91 became applicable on 2 August 2025, concurrent with all GPAI obligations in Chapter V.

Art.91 in the GPAI Enforcement Chain

Art.91 sits between the documentary investigation (Art.90) and emergency enforcement measures (Art.93):

Article	Function	Stage
Art.51	GPAI classification and systemic risk designation	Pre-investigation
Art.53	Technical documentation and reporting obligations	Ongoing compliance
Art.55	AI Office evaluation and Scientific Panel alerts	Monitoring
Art.90	AI Office information requests (documentary)	Investigation — Stage 1
Art.91	AI Office inspections (access-based)	Investigation — Stage 2
Art.93	AI Office interim measures (urgency)	Emergency enforcement
Art.89	Right to be heard before enforcement measures	Pre-decision procedural right
Art.99	Penalties	Final enforcement

In practice, most Art.91 inspections are preceded by an Art.90 request. The information request establishes what documentation exists; the inspection verifies it. However, Art.91 does not legally require a prior Art.90 request — the Commission can authorise an inspection directly where circumstances demand immediate access.

Art.91(1): Commission Decision Authorising Inspection

Unlike the Art.90 simple request, which the AI Office can issue without Commission involvement, an Art.91 inspection always requires a Commission decision. The decision must specify:

Legal basis — Art.91 of Regulation (EU) 2024/1689
Subject of the inspection — the GPAI model provider and the specific model(s) under investigation
Purpose and scope — what the AI Office is seeking to verify
Commencement date — when the inspection begins
Obstruction consequences — reference to Art.99(4)(e) penalties

The Commission decision is a formal legal act. It can be challenged before the CJEU under Art.263 TFEU, although a challenge does not automatically suspend the inspection obligation. Providers who believe an Art.91 decision is procedurally defective — for instance, because the stated purpose is disproportionately broad — should engage EU regulatory counsel immediately and assess whether an application for interim suspension before the General Court is warranted.

The requirement for a Commission decision (rather than a mere AI Office determination) reflects the severity of on-site inspection as an investigative measure. It creates an institutional check: the AI Office must persuade the Commission that physical access is necessary and proportionate before inspectors can arrive at a provider's premises.

Art.91(2): On-Site Inspection Powers

When authorised by Commission decision, AI Office officials are empowered to:

Enter any premises of the provider — offices, data centres, computing facilities, storage locations
Examine books, records, and documents relating to the GPAI model — technical documentation, training data records, model architecture files, benchmark results, evaluation reports, contracts with downstream providers
Take copies of any documents examined — physical or digital
Seal premises, books, or records for the duration of the inspection, to the extent necessary and proportionate
Request oral explanations from any staff member present

The sealing power is particularly significant for compute infrastructure. AI Office inspectors can seal server rooms, restrict access to model weights stored on-site, and prevent modification of training data repositories during the inspection period. Sealing is explicitly limited by proportionality — it cannot be used beyond what the inspection requires — but in practice, a sealed compute environment can halt model operations.

The right to enter "any premises" is not limited to the provider's registered office. It extends to any location where the provider conducts business related to the GPAI model: co-location data centres where the provider has leased rack space, third-party compute providers with which the provider has a contractual relationship for model training, and any facility where model-related documentation is stored.

Art.91(3): Remote Inspection

Art.91 also provides for remote inspection as an alternative to or supplement for on-site access. Remote inspection may be used where:

The information needed can be obtained without physical presence
On-site inspection would be disproportionately disruptive
The provider is located in a jurisdiction where logistics of on-site access are complex
A targeted verification of specific digital assets can be conducted via secure connection

Remote inspection involves AI Office officials connecting to the provider's systems — model repositories, documentation databases, evaluation environments — via a secure channel under conditions set by the Commission decision. Providers must grant access and cannot selectively filter what is accessible during the remote session.

For providers with EU-based infrastructure, remote inspection is operationally manageable: establish a dedicated secure access environment, ensure documentation is organised and retrievable, and have technical staff available to answer AI Office inspector questions. For providers whose infrastructure is outside the EU, remote inspection creates jurisdictional complexity — the question of which law governs a remote access session that crosses international boundaries is not resolved by Art.91 and requires legal analysis.

Art.91(4): NCA Assistance Obligation

When the AI Office conducts an inspection, National Competent Authorities (NCAs) must provide active assistance to AI Office officials. This assistance obligation has several practical dimensions:

Facilitation of entry — NCAs can exercise their domestic inspection powers under national law to support AI Office access where the provider attempts to obstruct entry
Joint inspection teams — NCA officials can accompany AI Office inspectors and participate in the inspection
Expertise provision — NCAs with sector-specific knowledge (for instance, a financial services NCA where the GPAI model is used in banking applications) can provide technical assistance
Post-inspection enforcement — where an inspection reveals non-compliance that falls within NCA jurisdiction (for example, high-risk AI system obligations under Art.73), NCAs can initiate parallel enforcement action

The NCA assistance obligation reflects the dual-authority structure of GPAI enforcement: the AI Office has primary jurisdiction over GPAI model providers under Chapter V, but NCAs retain jurisdiction over downstream deployers and high-risk AI system applications. An Art.91 inspection of a GPAI provider may simultaneously reveal information relevant to NCA enforcement actions against downstream deployers — and the NCA assistance structure creates a pathway for that information to flow appropriately.

Art.91(5): Obstruction Penalties

Refusing or obstructing an Art.91 inspection triggers penalties under Art.99(4)(e):

Violation	Maximum Penalty
Refusing inspection entry	EUR 3,000,000 or 1% of global annual turnover (whichever is higher)
Incomplete cooperation during inspection	EUR 3,000,000 or 1% of global annual turnover
Breaking or tampering with seals	EUR 3,000,000 or 1% of global annual turnover
Providing misleading information to inspectors	EUR 3,000,000 or 1% of global annual turnover

Art.101 adds periodic penalty payments of up to 1.5% of average daily global turnover per day for continued non-compliance. These penalties are cumulative with penalties for underlying substantive violations of GPAI obligations under Art.99(3) (EUR 15,000,000 or 3%).

The obstruction penalties apply to any conduct that impedes the inspection — not only outright refusal to open premises. Selectively withholding access to server rooms, providing inspectors with an employee who lacks knowledge of the relevant systems, or "losing" documentation between an Art.90 response and an Art.91 inspection visit can all constitute obstruction.

Art.90 vs Art.91: The Escalation Matrix

Dimension	Art.90 (Information Request)	Art.91 (Inspection)
Authorization required	AI Office determination	Commission decision
Provider location required	No — documents sent to AI Office	Yes (on-site) or provider provides remote access
Scope	Documentary — specific information items	Physical access — premises, systems, records
Sealing power	No	Yes — premises, books, records
NCA assistance	Optional	Mandatory
CJEU challenge	Decision mode only	Yes — Commission decision is challengeable
Preparation time	Deadline stated in request (typically 30 days)	Commission decision states commencement date
Obstruction penalty	Art.99(4)(d)	Art.99(4)(e)
Typical trigger	First-stage investigation	Incomplete Art.90 response; systemic risk verification

For providers facing an Art.90 information request, the Art.90 response is therefore a critical threshold: a complete, well-organised response that satisfies the AI Office's underlying concerns prevents the investigation from escalating to Art.91. An Art.90 response that appears evasive — even if technically complete — increases the probability of an Art.91 follow-up.

CLOUD Act Intersection: Physical Infrastructure

Art.91 has significant CLOUD Act implications when a GPAI provider's compute infrastructure is hosted on US-based cloud services.

Infrastructure Element	Art.91 Relevance	CLOUD Act Risk
Model weights stored on US cloud (AWS/Azure/GCP)	AI Office seeks on-site access to where weights are stored	US provider may receive CLOUD Act order for same data; EU-GDPR protects EU-resident data against US disclosure
Training data in US-jurisdiction data centres	Inspector access to training environment may require US-provider cooperation	Parallel US government access possible without EU notification
Benchmark results and evaluation logs	AI Office seeks copies; may be stored in US-jurisdiction buckets	CLOUD Act disclosure to US government creates regulatory asymmetry
Compute cluster for model training	Remote inspection of training environment exposes infrastructure to AI Office	US government could simultaneously demand access under CLOUD Act
EU-mirrored compliance documentation	AI Office can access from EU-jurisdiction source	No CLOUD Act risk — EU-sourced documents are outside US jurisdiction

Providers with hybrid infrastructure — model weights in EU data centres, training data in US cloud — should map which components are subject to Art.91 access and whether those components are also reachable by US government requests. The intersection of EU inspection rights and US CLOUD Act authority over the same data is a multi-party legal problem that requires US and EU counsel coordination.

EU-sovereign compute infrastructure eliminates the CLOUD Act conflict entirely for Art.91 purposes: if model weights, training data, and evaluation environments are hosted in EU-jurisdiction infrastructure outside US cloud provider contractual reach, Art.91 inspection access proceeds without jurisdictional complications.

Inspection Preparation Strategy

An Art.91 inspection has three phases for the provider: notice period (between Commission decision and inspection start), inspection execution (during which inspectors are on-site or remotely connected), and post-inspection (documentation of what was reviewed and follow-up actions).

Notice Period

The Commission decision will specify the inspection start date. The notice period — the gap between decision receipt and inspection start — is the preparation window. Use it to:

Engage EU regulatory counsel — immediately, before taking any other action
Assess CJEU challenge viability — if the decision appears procedurally defective, the challenge must be filed quickly
Map scope to available documentation — which documentation does the AI Office's stated purpose suggest they will seek?
Organise document repositories — inspectors move faster through well-organised documentation; disorganisation is not obstruction, but it extends inspection duration
Identify LPP-protected materials — prepare a privilege log for communications that are legally protected
Brief technical staff — engineers and data scientists who may be asked oral questions need to understand what they can and cannot say
Assess CLOUD Act exposure — for any requested materials in US-jurisdiction infrastructure, assess whether EU mirrors are available

Inspection Execution

During the inspection:

Assign an inspection coordinator — a senior member of the legal or compliance team who accompanies inspectors throughout
Do not volunteer information beyond the stated scope — answer questions precisely, do not expand beyond what is asked
Do not obstruct — any attempt to limit inspector access beyond legally defensible grounds (e.g., LPP assertion, proportionality objection) should be coordinated with counsel
Document everything — maintain a contemporaneous log of what inspectors accessed, what copies they took, which staff they questioned, and what was sealed
Challenge sealing actions immediately if disproportionate — sealing is limited by proportionality; if inspectors attempt to seal business-critical infrastructure beyond inspection necessity, raise a proportionality objection in writing

Post-Inspection

After inspectors depart:

Review the inspection record — what did they take, what did they question, what did they seal and unseal?
Assess what may follow — Art.89 right-to-be-heard proceedings typically follow if the AI Office moves toward corrective measures
Remediate any gaps identified — if the inspection revealed documentation gaps or systemic risk indicators, begin remediation before the AI Office's next step
Preserve all materials reviewed — do not modify any documentation that was reviewed or copied during the inspection

Python: Art91InspectionResponse Implementation

from dataclasses import dataclass, field
from datetime import date, datetime
from enum import Enum
from typing import Optional


class InspectionMode(Enum):
    ON_SITE = "on_site"
    REMOTE = "remote"
    HYBRID = "hybrid"


class InspectionPhase(Enum):
    NOTICE_PERIOD = "notice_period"
    ACTIVE_INSPECTION = "active_inspection"
    POST_INSPECTION = "post_inspection"
    CLOSED = "closed"


class CloudActRisk(Enum):
    NONE = "none"          # All infrastructure in EU jurisdiction
    LOW = "low"            # Some US-jurisdiction components; EU mirrors available
    HIGH = "high"          # Critical components in US jurisdiction; no EU mirror
    CRITICAL = "critical"  # All model infrastructure in US jurisdiction


@dataclass
class SealedItem:
    item_description: str
    sealed_date: date
    seal_lifted: bool = False
    seal_lifted_date: Optional[date] = None
    proportionality_objection_raised: bool = False


@dataclass
class Art91InspectionResponse:
    commission_decision_reference: str
    decision_received_date: date
    inspection_start_date: date
    inspection_mode: InspectionMode
    gpai_model_name: str
    provider_name: str
    inspection_phase: InspectionPhase = InspectionPhase.NOTICE_PERIOD
    cloud_act_risk: CloudActRisk = CloudActRisk.NONE
    eu_compliance_mirror_available: bool = False
    lpp_privilege_log_prepared: bool = False
    technical_staff_briefed: bool = False
    inspection_coordinator_assigned: bool = False
    documentation_organised: bool = False
    cjeu_challenge_assessed: bool = False
    sealed_items: list[SealedItem] = field(default_factory=list)
    documents_copied: list[str] = field(default_factory=list)
    oral_questions_log: list[str] = field(default_factory=list)

    def notice_days_remaining(self) -> int:
        today = date.today()
        if today >= self.inspection_start_date:
            return 0
        return (self.inspection_start_date - today).days

    def preparation_readiness_score(self) -> dict:
        checks = {
            "EU regulatory counsel engaged": self.lpp_privilege_log_prepared,
            "CJEU challenge viability assessed": self.cjeu_challenge_assessed,
            "Documentation organised for inspection": self.documentation_organised,
            "LPP privilege log prepared": self.lpp_privilege_log_prepared,
            "Technical staff briefed": self.technical_staff_briefed,
            "Inspection coordinator assigned": self.inspection_coordinator_assigned,
            "EU compliance mirror status confirmed": (
                self.cloud_act_risk == CloudActRisk.NONE
                or self.eu_compliance_mirror_available
            ),
        }
        score = sum(15 for v in checks.values() if v)
        return {
            "score": score,
            "checks": checks,
            "notice_days_remaining": self.notice_days_remaining(),
            "preparation_status": "READY" if score >= 90 else "AT_RISK" if score >= 60 else "INADEQUATE",
        }

    def cloud_act_risk_assessment(self) -> str:
        if self.cloud_act_risk == CloudActRisk.NONE:
            return "LOW — All infrastructure in EU jurisdiction. No CLOUD Act conflict."
        if self.cloud_act_risk == CloudActRisk.LOW and self.eu_compliance_mirror_available:
            return "MANAGED — EU mirror available. Supply inspection materials from EU-jurisdiction source."
        if self.cloud_act_risk == CloudActRisk.HIGH:
            return "HIGH — Critical model components in US jurisdiction. Engage US and EU counsel before inspection starts."
        return "CRITICAL — All infrastructure in US jurisdiction. Simultaneous CLOUD Act and Art.91 access creates multi-party conflict. Immediate counsel engagement required."

    def add_sealed_item(self, description: str) -> SealedItem:
        item = SealedItem(item_description=description, sealed_date=date.today())
        self.sealed_items.append(item)
        return item

    def inspection_summary(self) -> dict:
        return {
            "commission_decision": self.commission_decision_reference,
            "provider": self.provider_name,
            "model": self.gpai_model_name,
            "mode": self.inspection_mode.value,
            "phase": self.inspection_phase.value,
            "sealed_items_count": len(self.sealed_items),
            "documents_copied_count": len(self.documents_copied),
            "oral_questions_count": len(self.oral_questions_log),
            "cloud_act_assessment": self.cloud_act_risk_assessment(),
        }

    def preparation_priority(self) -> str:
        days = self.notice_days_remaining()
        if days == 0:
            return "ACTIVE — Inspection in progress. Follow execution protocol."
        elif days <= 3:
            return "CRITICAL — Finalise all preparation immediately."
        elif days <= 7:
            return "HIGH — Complete documentation organisation and staff briefing."
        elif days <= 14:
            return "MEDIUM — Preparation underway; CJEU challenge window closing."
        else:
            return "NORMAL — Systematic preparation phase."

15-Item Art.91 Inspection Preparation Checklist

#	Check	Why
1	Confirm decision legal basis is Art.91 (not Art.74 or national NCA power)	Determines applicable response framework and CJEU challenge options
2	Record exact inspection start date; calculate notice days remaining	Preparation timeline is fixed by Commission decision
3	Engage EU regulatory counsel within 24h of decision receipt	Legal strategy — LPP, CJEU challenge, proportionality — must be set immediately
4	Assess CJEU challenge viability before inspection starts	Art.263 TFEU challenge must be filed promptly; does not automatically suspend inspection
5	Map stated inspection purpose to documentation repositories	Anticipate what inspectors will seek based on Commission decision scope
6	Organise documentation — technical docs, training records, evaluation reports	Organised documentation shortens inspection duration
7	Prepare LPP privilege log for all legally-protected communications	Privileged materials should be listed, not produced; privilege log is submitted to inspectors
8	Assign inspection coordinator (senior compliance/legal team member)	Single point of contact accompanies inspectors throughout
9	Brief technical staff on scope — what they can and cannot answer	Engineers may be asked oral questions; unprepared answers create legal risk
10	Assess CLOUD Act exposure for all infrastructure components	US-jurisdiction storage creates parallel access risk
11	Verify EU compliance mirror availability for high-risk components	Allows inspection access from EU source without CLOUD Act conflict
12	Prepare contemporaneous inspection log (access, copies, seals, questions)	Essential for any Art.89 or CJEU proceedings that follow
13	Do not modify documentation between Art.90 response and Art.91 inspection	Discrepancies between Art.90 response and Art.91 inspection findings are treated as obstruction
14	If sealing occurs, assess proportionality immediately — challenge in writing if disproportionate	Sealing of operational systems is limited by proportionality constraint in Art.91(2)
15	After inspection, review what was copied and begin remediation of any identified gaps	Early remediation demonstrates good faith before AI Office moves to Art.89 proceedings

Art.91 Series Context

Art.91 is part of the AI Office's GPAI investigation toolkit under Chapter V:

Article	Function	Stage
Art.51	GPAI classification and systemic risk designation	Pre-investigation
Art.53	Technical documentation and reporting obligations	Ongoing compliance
Art.55	AI Office evaluation and Scientific Panel powers	Monitoring
Art.90	Information requests (documentary)	Investigation — Stage 1
Art.91	Inspections (access-based)	Investigation — Stage 2
Art.93	Interim measures (urgency)	Emergency enforcement
Art.89	Right to be heard before enforcement measures	Pre-decision procedural right
Art.99	Penalties	Final enforcement

Art.91 represents the point at which a GPAI investigation transitions from documentary to physical verification. For providers who have managed their Art.90 response well and have documented compliance with GPAI obligations under Arts.51-55, an Art.91 inspection is a manageable, if disruptive, process. For providers with undocumented model development practices, training data of uncertain provenance, or benchmark results that diverge from the Art.53 technical documentation, an Art.91 inspection can rapidly escalate to Art.93 interim measures or Art.89 corrective proceedings.