EU AI Act Art.78: Confidentiality in MSA Investigations — Developer Guide (2026)
When a Market Surveillance Authority (MSA) investigates your AI system, your immediate concern is cooperation. Fail to cooperate and you face penalties under Art.99. But Art.78 changes the frame: confidentiality is not just an obligation you have toward the MSA — it is an obligation the MSA has toward you.
Article 78 of the EU AI Act establishes a bidirectional confidentiality framework. MSAs, notified bodies, and all persons applying the Regulation must maintain professional secrecy over information they obtain during investigations, audits, and conformity assessments. Crucially, Article 78(1)(a) explicitly lists source code and trade secrets as protected categories. This is the legal basis for limiting what MSAs can disclose, how notified bodies can use your technical documentation, and what happens when a US court issues a CLOUD Act subpoena for data the MSA now holds.
Most developers focus on Art.78 as a compliance obligation to cooperate. The more valuable reading is Art.78 as a protective mechanism — one that requires active setup to invoke correctly.
What Article 78 Actually Covers
Art.78(1) requires competent national authorities, notified bodies, and other persons applying the Regulation to respect confidentiality of information and data obtained during their tasks. The protection explicitly covers:
- (a) Intellectual property rights, confidential business information, trade secrets, and source code — except where disclosure is necessary for compliance or to allow notified bodies to fulfil their obligations
- (b) Effective implementation of the Regulation — information that could compromise ongoing inspections, investigations, or audits
- (c) Public and national security interests
- (d) The conduct of criminal or administrative proceedings
- (e) Classified information
The source code carve-out in (a) is notable. The EU AI Act's GPAI and high-risk AI provisions require significant technical transparency — technical documentation, training data summaries, capability evaluations — but Art.78 establishes that source code disclosed to MSAs during investigation is not public record and cannot be disclosed to third parties.
Art.78(2) adds an inter-authority constraint: information exchanged confidentially between national competent authorities and between those authorities and the Commission cannot be disclosed without prior consultation of the originating authority. Your technical documentation submitted to a German MSA cannot simply be forwarded to the French CNIL without consent mechanics.
Art.78(3) preserves a safety valve: the confidentiality obligations do not block Commission or Member State obligations to exchange information or issue warnings, nor do they prevent information disclosure required under criminal law. The protection is real but not absolute.
1. The Bidirectional Nature of Art.78 — MSA Must Protect Your Secrets
The most misunderstood aspect of Art.78 is its directionality. Developers read it as "you must cooperate with investigations." The correct reading is symmetric: the Regulation creates a trust channel where you can disclose technical details to MSAs under a legal guarantee that those details will not be leaked to competitors.
This matters concretely in three scenarios:
Notified body overlap. Your conformity assessment is conducted by TÜV Rheinland. Your direct competitor also uses TÜV Rheinland. Art.78 is the legal mechanism preventing your proprietary algorithm architecture, documented as part of the conformity assessment, from being accessible to the auditor conducting your competitor's assessment. Notified bodies are explicitly bound by Art.78 professional secrecy.
Market surveillance investigations. When a French MSA investigates your AI system following an incident report under Art.73, the technical documentation you provide — model card, training data summary, risk assessment methodology — cannot be forwarded to your sector regulator, published in a press release, or shared with a competitor who filed the complaint, except as required for enforcement.
FOIA equivalents. EU Member States have freedom of information laws. Art.78 professional secrecy is a recognized carve-out against FOI disclosure of information obtained during AI Act compliance activities. Without Art.78, your technical documentation submitted during an MSA investigation could be FOI-requested by a competitor.
2. Trade Secret Defense Architecture — Claiming Protection Proactively
Art.78 protection is not automatic. The Regulation requires confidentiality to be respected for information that is "confidential" — but it does not create a blanket trade secret designation for everything you submit. You must assert your confidentiality interests to have them protected.
Pre-audit document labeling. Every document prepared for possible MSA review should carry an explicit confidentiality header:
CONFIDENTIAL — TRADE SECRET UNDER ART.78 EU AI ACT (2024/1689)
This document contains proprietary technical information and trade secrets protected under Art.78(1)(a) of Regulation (EU) 2024/1689. Disclosure by competent authorities, notified bodies, or other persons applying the Regulation is restricted to the minimum necessary for compliance purposes. Any disclosure beyond enforcement necessity requires prior notification to [Company Name].
This is not legally binding on its own — MSAs can access what they need for enforcement — but it creates a clear record that you asserted your confidentiality interests. Courts have consistently found that unasserted trade secrets receive weaker protection.
Separation of proprietary vs. compliance documentation. Your technical documentation under Art.11 and Annex IV can be structured in layers:
- Layer 1 (Non-confidential): System overview, capabilities, intended purpose, risk categories — for potential public disclosure
- Layer 2 (Confidential — Art.78 trade secret claim): Architecture details, training data sources, model weights, proprietary evaluation methodology — only provided upon MSA request under Art.78 protection
This separation creates a clean paper trail: Layer 1 was provided voluntarily and transparently; Layer 2 was provided in response to legitimate enforcement need, under explicit Art.78 confidentiality assertion.
3. Source Code as Art.78 Protected Asset
Article 78(1)(a) explicitly names "source code" as a protected category. This has three concrete implications for AI developers:
During notified body conformity assessments (Art.43): If your notified body requires source code review as part of the conformity assessment for a high-risk AI system, you can assert Art.78 protection to limit what the auditor records, retains, or discloses. Standard practice: on-site review with no copies retained by the notified body, or use of secure code review environments with contractual confidentiality reinforcements backed by Art.78 as the legal basis.
During MSA post-market surveillance investigations: When an MSA investigates a serious incident, they may request source code to understand the system's behavior. Art.78 means this source code, once provided, cannot be published, shared with complainants, or forwarded to other authorities without necessity. The MSA becomes a fiduciary of your source code.
During Art.60 EU AI database review: The EU AI database (Art.71-72) contains registration data for high-risk AI systems. Source code itself is not registered — the database contains system descriptions — but if an MSA uses the database as a starting point for investigation and subsequently requests source code, the database registration does not convert subsequent materials to public record.
Practical limit: Art.78(1)(a) contains the "except where necessary for compliance" carve-out. If an MSA demonstrates that source code review is necessary to assess an alleged violation, your Art.78 trade secret claim does not block access. It limits what happens to the code afterward.
4. CLOUD Act × Art.78 — The Jurisdictional Conflict
The intersection of Art.78 and the US CLOUD Act creates a genuine legal conflict that affects any EU AI system provider with US organizational connections.
The scenario: Your AI system undergoes an MSA investigation. The German Bundesnetzagentur receives your technical documentation — architecture designs, evaluation results, training data summaries — under Art.78 professional secrecy. Simultaneously, a US federal court issues a CLOUD Act order to your US parent company demanding "all technical documentation related to [system]." The documentation the MSA holds is the same documentation the US court wants.
Why Art.78 does not resolve this: Art.78 binds the MSA, not you. The MSA cannot give the documentation to the US court. But the US court's order runs directly to your US entity — it demands that your company produce the documents, not that the MSA produce them. If your company still holds copies (which it almost certainly does), the CLOUD Act order applies regardless of Art.78.
The EU-native advantage: If your documentation is stored exclusively on EU-jurisdiction infrastructure operated by an EU-only entity — no US parent, no US data processor in the chain — the CLOUD Act order has no US nexus through which it can compel disclosure. Art.78 protection for MSA-held copies is then matched by structural protection for your own copies. This is the legal architecture sota.io is built to support: EU-native documentation storage with no US compellability.
What to assert in cross-border investigations: If a US government CLOUD Act request arrives while an EU MSA investigation is active, immediately notify the MSA (as the Art.78-bound authority that holds related documentation) and invoke the Art.78 framework as part of your CLOUD Act response strategy. EU-US tensions around CLOUD Act and AI Act documentation are expected to appear in the Commission's Art.97 evaluation reports — but that is 2028. You need a posture now.
5. Art.78 × Art.88 — Whistleblowers and Internal Confidentiality
Article 88 of the EU AI Act establishes whistleblower protection for persons who report violations to competent authorities or to the AI Office. This creates a direct tension with Art.78 when internal employees disclose proprietary information as part of their whistleblower report.
The mechanics: An employee of your company reports to the French MSA that your GPAI model evaluation process was falsified. To support their report, they provide internal technical documentation, evaluation logs, and model performance data — all of which you would classify as confidential under Art.78.
How the interaction resolves:
- The employee's disclosure to the MSA is protected under Art.88 — they cannot be retaliated against, and the disclosure is lawful.
- The MSA now holds your confidential documentation. Art.78 applies to the MSA: they must maintain professional secrecy over the information they received.
- The MSA cannot publish your technical evaluation logs simply because they received them via a whistleblower report. The Art.78 obligation is triggered by how the information is held by the authority, not by how it arrived.
Developer implication: Art.88 whistleblower protections mean you cannot legally prevent internal disclosure to MSAs. The correct response is to ensure that even if a whistleblower provides internal documentation to an MSA, Art.78 limits what the MSA does with that documentation. This argues for maintaining clear confidentiality labels on all internal technical documentation — not to block disclosure (Art.88 prevents that), but to ensure Art.78 protection applies maximally once the MSA receives it.
Proactive audit culture: Companies with regular internal AI system audits (Art.9 risk management requirements) that are documented and transparent are less likely to generate whistleblower events, and if they do occur, the documentation structure supports Art.78 claims more effectively.
6. Notified Body Risk — Same Auditor, Different Client
High-risk AI conformity assessments under Art.43 require notified bodies under Annex VII. The EU has a limited number of accredited notified bodies for AI systems. The statistical likelihood that your notified body also audits a direct competitor is non-trivial.
Art.78 is your primary legal protection against cross-client information leakage at notified bodies. Beyond Art.78, commercial best practices include:
Contractual reinforcement. Your conformity assessment contract with the notified body should explicitly reference Art.78 and specify:
- What documentation is provided, in what format
- That no copies of proprietary materials are retained by the auditor beyond the certification process
- That personnel conducting your assessment are firewalled from assessments of competitors in your sector
- The mechanism for asserting confidentiality over specific documents
Auditor rotation risk. An auditor who conducted your conformity assessment and then moves to a competitor's assessment carries learned knowledge — not documents, but understanding. Art.78 protects documents. It does not prevent an auditor from having a trained intuition. Personnel firewall clauses in your notified body contract address this indirectly.
EU AI Office coordination. The AI Office (Art.57-68) maintains oversight of notified bodies. If you have evidence of improper cross-client disclosure, the AI Office complaint mechanism is the relevant escalation path — not only because of Art.78 violation, but because it may constitute a notified body integrity failure with Annex VII implications.
7. The "Necessary for Compliance" Exception — Where Art.78 Stops
Art.78(1)(a) protection applies "except where the disclosure of such information is necessary for compliance with this Regulation and for the purpose of allowing notified bodies to fulfil their obligations." This exception swallows much of what you might hope the protection covers.
What MSAs can access despite Art.78 claims:
- Full technical documentation under Art.11 and Annex IV when reviewing a high-risk system
- Training dataset documentation for GPAI models above 10²⁵ FLOP threshold
- Risk management documentation under Art.9
- Post-market monitoring records under Art.72
- Any information needed to assess a specific Art.73 serious incident report
What Art.78 does protect:
- The further disclosure of that information beyond enforcement necessity
- Information shared with third parties (competitors, media, other companies) not involved in enforcement
- Cross-MSA sharing without the originating authority's consent (Art.78(2))
- FOI disclosure requests for investigation-obtained information
- Use of confidential information obtained during one investigation in a separate proceeding unrelated to AI Act enforcement
The practical upshot: Art.78 is not a shield against MSA access. It is a constraint on what MSAs and notified bodies do with information after they obtain it. The enforcement channel is open; the disclosure channel is restricted.
Python Tooling
from dataclasses import dataclass, field
from datetime import date
from enum import Enum
from typing import Optional
import json
class ConfidentialityLevel(Enum):
PUBLIC = "public"
INTERNAL = "internal"
CONFIDENTIAL_TRADE_SECRET = "confidential_trade_secret"
SOURCE_CODE = "source_code_art78"
MSA_PROTECTED = "msa_investigation_protected"
class DocumentCategory(Enum):
TECHNICAL_DOCUMENTATION = "technical_documentation" # Art.11 Annex IV
RISK_ASSESSMENT = "risk_assessment" # Art.9
TRAINING_DATA_SUMMARY = "training_data_summary" # Art.13 / GPAI
MODEL_ARCHITECTURE = "model_architecture" # proprietary
SOURCE_CODE = "source_code" # Art.78(1)(a) explicit
EVALUATION_RESULTS = "evaluation_results" # proprietary
INCIDENT_LOGS = "incident_logs" # Art.73
@dataclass
class ConfidentialityClaimRecord:
document_id: str
document_name: str
category: DocumentCategory
confidentiality_level: ConfidentialityLevel
art78_claim: bool
trade_secret_basis: str # Why this qualifies as trade secret
disclosure_restriction: str # What MSA/NB must NOT do with it
created_date: date
last_reviewed: date
provided_to_msa: bool = False
msa_authority: Optional[str] = None
disclosure_date: Optional[date] = None
def generate_art78_header(self) -> str:
if not self.art78_claim:
return ""
return (
f"CONFIDENTIAL — TRADE SECRET — ART.78(1)(a) EU AI ACT (2024/1689)\n"
f"Document: {self.document_name} | Category: {self.category.value}\n"
f"Trade Secret Basis: {self.trade_secret_basis}\n"
f"Restriction: {self.disclosure_restriction}\n"
f"Asserted by: [Company] on {self.created_date.isoformat()}\n"
f"This document may only be accessed by competent authorities for enforcement "
f"purposes under the minimum necessary standard (Art.78(1)(a) exception). "
f"Further disclosure to third parties, publication, or cross-proceeding use is prohibited."
)
def cloud_act_risk_assessment(self, has_us_parent: bool, us_data_copies: bool) -> dict:
risk = "LOW"
mitigations = []
if has_us_parent and us_data_copies:
risk = "HIGH"
mitigations.append("CLOUD Act order can reach US parent entity directly")
mitigations.append("Art.78 MSA copy protection does not shield company-held copies")
mitigations.append("Action: Move authoritative copies to EU-only infrastructure")
elif has_us_parent and not us_data_copies:
risk = "MEDIUM"
mitigations.append("US parent may have constructive access — verify data flows")
elif not has_us_parent and not us_data_copies:
risk = "LOW"
mitigations.append("No US nexus for CLOUD Act compellability")
mitigations.append("Art.78 MSA protection + EU-native storage = full protection")
return {
"document": self.document_name,
"cloud_act_risk": risk,
"art78_coverage": "MSA-held copies protected",
"gap": "Company-held copies NOT covered by Art.78" if risk != "LOW" else "No gap",
"mitigations": mitigations,
}
@dataclass
class Art78ComplianceAssessment:
company_name: str
has_high_risk_ai: bool
has_gpai_above_threshold: bool
notified_body_name: Optional[str]
has_us_parent: bool
us_infrastructure_used: bool
documents: list[ConfidentialityClaimRecord] = field(default_factory=list)
def add_document(self, record: ConfidentialityClaimRecord):
self.documents.append(record)
def generate_confidentiality_inventory(self) -> dict:
trade_secrets = [d for d in self.documents if d.art78_claim]
source_code = [d for d in self.documents if d.category == DocumentCategory.SOURCE_CODE]
msa_provided = [d for d in self.documents if d.provided_to_msa]
cloud_act_risks = []
for doc in trade_secrets:
assessment = doc.cloud_act_risk_assessment(self.has_us_parent, self.us_infrastructure_used)
if assessment["cloud_act_risk"] in ("HIGH", "MEDIUM"):
cloud_act_risks.append(assessment)
return {
"company": self.company_name,
"total_documents": len(self.documents),
"trade_secret_claims": len(trade_secrets),
"source_code_documents": len(source_code),
"documents_provided_to_msa": len(msa_provided),
"cloud_act_risk_documents": cloud_act_risks,
"notified_body_risk": (
"Present — implement personnel firewall clause"
if self.notified_body_name else "N/A"
),
"recommended_actions": self._recommended_actions(),
}
def _recommended_actions(self) -> list[str]:
actions = []
if not any(d.art78_claim for d in self.documents):
actions.append("CRITICAL: No Art.78 trade secret claims asserted — add confidentiality headers to all proprietary documents")
if self.has_us_parent and self.us_infrastructure_used:
actions.append("HIGH: US parent + US infrastructure = CLOUD Act exposure. Move authoritative copies to EU-only storage.")
if self.notified_body_name and not any("firewall" in d.disclosure_restriction.lower() for d in self.documents):
actions.append("MEDIUM: Add personnel firewall clause to notified body contract")
if self.has_high_risk_ai and not any(d.category == DocumentCategory.TECHNICAL_DOCUMENTATION for d in self.documents):
actions.append("MEDIUM: No technical documentation registered — Art.11 compliance gap may force broader MSA disclosure")
return actions
# Usage example
assessment = Art78ComplianceAssessment(
company_name="AcmeCo AI GmbH",
has_high_risk_ai=True,
has_gpai_above_threshold=False,
notified_body_name="TÜV Rheinland",
has_us_parent=True,
us_infrastructure_used=True,
)
model_code = ConfidentialityClaimRecord(
document_id="src-001",
document_name="Neural Network Architecture — inference_engine.py",
category=DocumentCategory.SOURCE_CODE,
confidentiality_level=ConfidentialityLevel.SOURCE_CODE,
art78_claim=True,
trade_secret_basis="Proprietary transformer variant with 15 patents pending. Public disclosure would eliminate competitive advantage and render pending patents unenforceable.",
disclosure_restriction="MSA on-site review only. No copies retained. No cross-proceeding disclosure. No disclosure to complainants or third parties.",
created_date=date(2026, 1, 15),
last_reviewed=date(2026, 4, 1),
)
assessment.add_document(model_code)
inventory = assessment.generate_confidentiality_inventory()
print(json.dumps(inventory, indent=2, default=str))
30-Item Art.78 Confidentiality Preparedness Checklist
Pre-Audit Document Preparation
- All proprietary technical documents carry explicit Art.78(1)(a) confidentiality headers
- Technical documentation (Art.11/Annex IV) is structured in public and confidential layers
- Source code repository access protocols define what can be shared with MSAs and how
- Trade secret inventory is maintained with justification for each claim
- Document classification policy distinguishes compliance-required from proprietary information
Source Code and Algorithm Protection
- Source code that may be requested during MSA investigations carries Art.78 header
- On-site review protocol defined: auditor access without copy retention
- Proprietary ML model architectures documented with trade secret basis
- Patent-pending status documented for any disclosed architecture elements
- Notified body contracts include explicit source code access and retention restrictions
Notified Body Interaction
- Conformity assessment contract references Art.78 and specifies confidentiality obligations
- Personnel firewall clause prevents auditors from working on competitor assessments
- Secure code review environment used instead of document handover
- Post-assessment data destruction protocol confirmed with notified body
- Art.78 professional secrecy obligation explicitly referenced in contract preamble
CLOUD Act Conflict Preparation
- Organizational structure assessed for US parent or US affiliate connections
- Data flows mapped: which authoritative copies are accessible to US entities?
- EU-native storage identified for all MSA-disclosable technical documentation
- CLOUD Act response protocol includes immediate MSA notification
- Cross-border information sharing policy covers US/EU jurisdictional conflict scenarios
Whistleblower and Art.88 Interaction
- Internal AI audit program documented — creates record against whistleblower allegations
- All internal evaluation and testing documentation carries confidentiality labels
- Employees aware that Art.88 protects MSA disclosure but Art.78 limits MSA's further use
- Incident documentation (Art.73) is structured to limit proprietary disclosure
- Internal complaint channel (Art.88(7) requirement) documented and accessible
Post-Investigation and Ongoing Compliance
- Protocol for tracking what was disclosed to MSAs under Art.78 assertion
- Records of Art.78 confidentiality assertions and MSA acknowledgments
- Cross-MSA disclosure consent tracking (Art.78(2) requirement)
- Annual review of trade secret claims as system evolves
- Legal counsel engaged for CLOUD Act scenarios involving Art.78-protected MSA holdings
See Also
- EU AI Act Art.43: Conformity Assessment for High-Risk AI — Developer Guide — notified body access to your technical documentation
- EU AI Act Art.88: Whistleblower Protection for AI Act Reporting — Developer Guide — employee disclosure to MSAs and Art.78 interaction
- EU AI Act Art.99: Administrative Fines and Penalties — Developer Guide — what non-cooperation with MSA investigations costs
- EU AI Act Art.73: Incident Reporting Obligations — Developer Guide — when MSA investigations are triggered
- EU AI Act Art.97: Commission Evaluation — What Gets Reviewed and When — how CLOUD Act × Art.78 may appear in the 2028 evaluation