2026-04-16·12 min read·

EU AI Act Art.82: Formal Non-Compliance Notification — Developer Guide (2026)

EU AI Act Article 82 is the formal notification mechanism that transforms a national enforcement action into a cross-border legal record. When a market surveillance authority (MSA) has investigated a high-risk AI system under Art.79, found it non-compliant with EU AI Act obligations, and taken corrective measures under Art.79(2), Art.82 requires the MSA to immediately notify the European Commission and every other Member State.

This notification is not administrative housekeeping. It creates the formal paper trail that enables the Commission to invoke Art.80(3) — the Union Safeguard procedure for non-compliant systems — and to harmonise enforcement across all 27 Member States. A single MSA corrective action in Germany, once Art.82 notification is filed, can trigger EU-wide market withdrawal without each Member State conducting its own investigation.

For developers and providers of high-risk AI systems, Art.82 defines the moment a national enforcement dispute becomes a Union-level compliance crisis. Understanding its structure — particularly how it differs from Art.81 (compliant systems presenting risk) and how it feeds into Art.80(3) — is essential for anyone operating high-risk AI in the EU single market.

Art.82 became applicable on 2 August 2026 as part of the Chapter IX enforcement and market surveillance framework.

Art.82 at a Glance

Provision	Content	Developer Impact
Art.82(1)	MSA that took Art.79(2) corrective measures for a non-compliant system must immediately notify Commission + all Member States	One MSA action creates 27-state notification cascade; Commission receives formal non-compliance record
Art.82(2)	Provider must fulfil registration obligations — update, correct, or de-register in EU AI Act database (Art.49)	If system is withdrawn or recalled, provider must de-register; failure to update = separate Art.99 exposure
Art.82(3)	Fine exposure for non-compliance with Art.82(2) registration obligations	Art.99 Tier 2 applies: €15M or 3% of global annual turnover, whichever is higher

The Chapter IX Enforcement Fork: Art.82 vs Art.81

The most consequential architectural distinction in Chapter IX is the fork between two different scenarios that both result in corrective action against a high-risk AI system:

Dimension	Art.82 — Non-Compliant System	Art.81 — Compliant System Presenting Risk
Compliance status	Non-compliant: violates Art.9–Art.21 or Art.72 obligations	Fully compliant: conformity assessment passed, all documentation in order
MSA trigger	Art.79(2) corrective measures taken after Art.79(1) evaluation finding non-compliance	Art.79 investigation finds system meets all obligations but nevertheless presents risk
Commission pathway	Art.82(1) notification → Art.80(3) direct Commission action (mandatory corrective measures)	Art.81(3) notification → Art.80(4) → Art.81(4) Commission invitation (voluntary measures first)
Commission instrument	Binding harmonised measures across all Member States	Invitation to take voluntary corrective measures
Prior Art.79 required	Yes — Art.82 follows Art.79(2) measures	Yes — Art.81 also follows Art.79 investigation
Provider's strategic posture	Emergency remediation — demonstrate compliance to halt Art.80(3) escalation	Cooperative — propose voluntary measures to avoid mandatory Art.80 action
Standardisation bodies role	Not standard for formal non-compliance	Commission may request standard review when harmonised standard is inadequate
Art.99 fine exposure	Tier 2 (€15M/3%) for underlying non-compliance + separate Tier 3 for misleading investigation	Limited — Art.99 applies only if provider fails to take corrective measures under Art.81(2)
Registration obligation	Art.82(2) explicit: provider must update/de-register in EU database	No explicit Art.81 registration update requirement
Art.80 activation	Art.80(3) — non-compliant system presenting risk	Art.80(4) — compliant system presenting risk → Art.81 invitation

The fork determines everything about how a provider should respond. Art.82 engagement means the MSA has already concluded the system is non-compliant — the provider has an existing Art.9, Art.11, Art.12, Art.14, Art.17, or Art.72 violation. Art.82 is not an inquiry; it is the formal record of that finding being transmitted to the Union level.

Art.82(1): The MSA Notification Obligation

Art.82(1) imposes a mandatory, immediate notification on the MSA that has taken Art.79(2) corrective measures for a non-compliant high-risk AI system. The notification goes to:

The European Commission — which receives the formal non-compliance finding and evaluates whether Art.80(3) Union Safeguard action is warranted
All other Member States — 26 national authorities simultaneously informed via RAPEX/ICSMS, the Union rapid alert system for dangerous products

What Art.82(1) Notification Contains

The Art.82(1) notification from the MSA must include:

Identification of the non-compliant system: registration number from the EU AI Act database (Art.49), provider identity, model name/version, deployment scope
Nature of the non-compliance: which EU AI Act obligations were violated (Art.9 risk management, Art.11 technical documentation, Art.12 logging, Art.14 human oversight, Art.17 quality management, Art.72 post-market monitoring, Art.48–49 CE marking and registration)
Art.79(2) measures taken: corrective action required, use restriction, market withdrawal, or recall — with timeline and scope
Evidence basis: investigation findings, documentation review results, serious incident reports under Art.73 that triggered the investigation
Provider's response (if received): any representations made by the provider under Art.79(2)'s hearing right before the corrective measure was issued

The RAPEX/ICSMS Pipeline

Art.82(1) notifications flow through RAPEX (Rapid Alert System) and ICSMS (Information and Communication System on Market Surveillance) — the EU infrastructure for cross-border product safety alerts:

Originating MSA files Art.82(1) notification via ICSMS within hours of taking Art.79(2) measures
Commission receives and assigns tracking ID; initiates Art.80 evaluation timetable
26 Member States receive RAPEX alert; each national MSA evaluates whether the non-compliant system is present in its market
Commission determines within the Art.80(3) evaluation window whether to harmonise the corrective measures Union-wide

For providers with pan-European deployments, the practical consequence is rapid: once Art.82(1) notification is filed, every national MSA in the EU knows the system is non-compliant. Even if a Member State has not investigated independently, the RAPEX notification creates a presumption that the system should be treated as non-compliant in that jurisdiction pending the Commission's Art.80(3) decision.

Art.82(2): Provider Registration Obligations

Art.82(2) imposes explicit registration duties on the provider when Art.82 proceedings are active. These obligations connect to the EU AI Act database registration requirements under Art.49 (database established under Art.71):

Registration Update Requirements

When a provider's high-risk AI system becomes subject to Art.82(1) proceedings:

Corrective Action Ordered (Art.79(2)(a)): Provider must update the EU database entry to reflect any modification, version change, or corrective measure applied to the system. The updated conformity assessment documentation — if remediation is achieved — must be uploaded.

Use Restriction Ordered (Art.79(2)(b)): Provider must update the database entry to reflect the restriction: geographic scope, use-case limitation, sector exclusion, or deployment condition imposed by the MSA.

Market Withdrawal Ordered (Art.79(2)(c)): Provider must update the database to reflect market withdrawal and notify all deployers via the Art.14 chain.

Recall Ordered (Art.79(2)(d)): Provider must de-register the recalled system from the EU database. Continued registration of a recalled system constitutes a separate Art.99 violation.

Art.19 Registration Status Indicator

The EU AI Act database includes a registration status field that providers must maintain accurately. Under Art.82(2), the provider's obligation is to reflect the actual market status:

System Status	Required Database Action	Timeline
Under Art.79 investigation (no measures yet)	No update required; Art.79 is investigative	—
Art.79(2)(a) corrective action in progress	Update with corrective action description + target date	Within Art.79(2) compliance deadline
Art.79(2)(b) use restriction active	Update restricted scope; mark system status as "restricted"	Immediately upon measure taking effect
Art.79(2)(c) market withdrawal	Update market availability; notify all registered deployers	Within withdrawal deadline
Art.79(2)(d) recall	De-register or mark as "recalled"; document recall scope	Within recall deadline

Art.82(3): Fine Exposure for Registration Non-Compliance

Art.82(3) explicitly creates fine exposure for failure to comply with Art.82(2) registration obligations. This fine tier operates independently of the underlying non-compliance that triggered Art.79 — a provider faces both the Art.99 Tier 2 fine for the original non-compliance and a separate fine exposure for Art.82(2) failure.

Art.82(3) × Art.99 Fine Structure

Violation	Fine Tier	Maximum Amount
Original non-compliance (Art.9/11/12/14/17/72 violation) that triggered Art.79	Art.99 Tier 2	€15M or 3% global annual turnover
Art.82(2) failure: not updating registration after Art.79(2) corrective action	Art.99 Tier 2	€15M or 3% global annual turnover
Art.82(2) failure: not de-registering after recall or market withdrawal	Art.99 Tier 2	€15M or 3% global annual turnover
Misleading information to MSA during Art.79 investigation	Art.99 Tier 3	€7.5M or 1% global annual turnover

SME Carve-Out Under Art.99(6)

Art.99(6) provides that for SMEs and startups, fines shall be the lower of the applicable percentage threshold or the flat amount cap. For Art.82(3) violations, MSAs must apply proportionality — a startup with €2M annual turnover faces a maximum of €7.5M (flat cap) vs. 3% = €60K. The flat cap does not apply for large enterprises, where 3% of global turnover frequently exceeds the flat cap.

Art.82 × Art.79(5): Sequencing

Art.82 is positioned in the Art.79 enforcement sequence. Understanding where Art.82 fits in the full Art.79 pipeline is essential for developers building compliance response procedures:

Step	Article	Action	Party
1	Art.74	MSA conducts investigation; invokes Art.74(2) access rights (documentation, algorithm, source code)	MSA
2	Art.79(1)	MSA evaluates reasonable grounds that system presents risk	MSA
3	Art.79(2)	MSA issues corrective measure after hearing right (if system is NON-COMPLIANT)	MSA
4	Art.79(3)	MSA notifies national competent authority of measure taken	MSA
5	Art.79(5)	MSA notifies Commission and other Member States of measures taken	MSA
6	Art.82(1)	Formal non-compliance notification filed with Commission + all Member States (RAPEX/ICSMS)	MSA
7	Art.82(2)	Provider updates/de-registers in EU AI Act database	Provider
8	Art.80(3)	Commission evaluates Art.82 notification; issues binding Union-wide measure if justified	Commission

The relationship between Art.79(5) and Art.82(1) is one of specificity: Art.79(5) requires the MSA to notify Commission and other Member States of all measures taken under Art.79(2) (including for compliant-but-risky systems before Art.81 referral). Art.82(1) is the formal non-compliance variant of that notification — it specifies the notification obligation when the system is non-compliant, structured for Commission Art.80(3) evaluation.

Why the Art.79(5) / Art.82(1) Distinction Matters

Art.79(5) notification can precede either an Art.81 referral (compliant system) or an Art.82(1) filing (non-compliant system). The receiving Commission must determine which path applies:

Art.79(5) + Art.82(1) filed → non-compliant system → Art.80(3) Commission direct action pathway
Art.79(5) + Art.81(3) filed → compliant system presenting risk → Art.80(4) → Art.81(4) invitation pathway

For providers, the Art.82(1) notification is the signal that the Commission is evaluating them under the mandatory enforcement track, not the cooperative invitation track. Receiving Art.82(1) confirmation (which the Commission communicates back to the MSA and often to the provider) triggers the provider's most urgent response window.

Art.82 as the Art.80(3) Prerequisite

Art.82(1) formal notification is the procedural prerequisite for Commission activation of Art.80(3) — the Union Safeguard procedure for non-compliant systems that present risk at the Union level.

The Art.80(3) Trigger Chain

Art.79(1): MSA finds non-compliant system presents risk
         ↓
Art.79(2): MSA takes corrective measure (corrective action / restriction / withdrawal / recall)
         ↓
Art.82(1): MSA files formal non-compliance notification (Commission + all Member States)
         ↓
Art.80(3): Commission evaluates national measure
         ├── Art.80(2) Path A: Commission finds measure JUSTIFIED → EU-wide harmonisation
         └── Art.80(2) Path B: Commission finds measure UNJUSTIFIED → MSA must withdraw measure

The Art.80(3) Commission evaluation timeline begins from receipt of the Art.82(1) notification. Providers should treat the Art.82(1) filing date as Day 0 of their Commission response window.

Art.80(3) vs Art.80(4): The Non-Compliant vs Compliant Fork at Commission Level

Commission Action	System Status	Trigger	Provider Rights
Art.80(2): evaluate and harmonise/reject MSA measure	Any (via Art.79(5) notification)	MSA notifies Commission of national measure	Hearing right before Commission harmonised measure
Art.80(3): Commission direct corrective action	NON-COMPLIANT + presents risk	Art.82(1) formal notification	Emergency response; shorter consultation window
Art.80(4) → Art.81: Commission invitation procedure	COMPLIANT + presents risk	Art.81(3) notification	Invitation to voluntary measures; longer cooperative window

For developers, the critical practical difference: Art.80(3) direct Commission action is faster and less consultative than the Art.81 invitation path. If the Commission finds the Art.82(1) notification justified, it can issue binding measures — use restriction, market withdrawal, or recall — applicable in all 27 Member States without each conducting independent proceedings.

Developer Response Protocol for Art.82 Proceedings

When a provider learns that Art.82(1) notification has been filed (via MSA communication, Commission acknowledgment, or RAPEX/ICSMS public notification), the following response sequence applies:

Phase 1: Immediate (0–48 hours)

Legal counsel escalation: Art.82 proceedings are Union-level; national AI Act counsel + EU competition/regulatory counsel required
Compliance team activation: Identify all affected AI system versions, deployment regions, operator contracts
Database status check: Verify current EU AI Act database registration reflects accurate market status
Art.79(2) measure audit: Identify exactly which corrective measures were taken and what Art.82(2) obligations apply
Commission notification tracking: Confirm whether Commission has acknowledged Art.82(1); identify case tracking ID

Phase 2: Regulatory Response (48 hours–10 working days)

Art.82(2) registration update: File required updates with EU AI Act database — corrective action status, use restriction scope, or de-registration
Art.79(2) remediation plan: If corrective action ordered, prepare documented remediation with Art.9 risk management update
Commission representation: Prepare technical response brief — evidence of remediation, Art.9 updated risk assessment, Art.12 logging demonstrating monitoring
MSA cooperation: Maintain open channel with originating MSA; compliance with Art.79(2) measures reduces Art.80(3) escalation risk
Operator notification chain: Notify all deployers of system status per Art.14 cooperation obligations

Phase 3: Art.80(3) Engagement (10–30 working days)

Commission hearing preparation: If Commission evaluates Art.80(3), provider has hearing right before binding measure
Cross-MSA coordination: 26 other Member States informed via RAPEX — proactive outreach to primary market MSAs reduces cascading investigations
Remediation evidence: Demonstrate Art.9 risk management update, Art.12 audit trail, Art.43 conformity re-assessment if required
Art.80(3) measure response: If Commission issues binding harmonised measures, immediate compliance across all EU deployments

CLOUD Act × Art.82: Jurisdiction Risk

Art.82(1) formal notification triggers Commission investigation of evidence demanded during Art.79 — documentation, source code, training data, logging records. When this infrastructure sits on US cloud providers (AWS, Azure, GCP), CLOUD Act compellability risk compounds EU MSA + Commission evidence demands:

Evidence Category	EU Legal Order	US CLOUD Act Risk	Dual-Compellability Level
Annex IV technical documentation	Art.82(1) → Art.80(3) Commission demand	US court order to US-based document management system	HIGH — documentation often in US SaaS
Art.12 audit logs	MSA + Commission during Art.79/Art.80	US court order to US-hosted log storage	HIGH — critical evidence category
Art.9 risk management records	Commission evaluation of non-compliance basis	US court order to US-hosted GRC platforms	MEDIUM — often EU-hosted
Training data	Commission Art.80(3) evaluation; Art.74(2)(b)	US court order to US-hosted data lake	CRITICAL — model weights + training data on US infrastructure
QMS records (Art.17)	Art.82(1) notification package	US court order to US-hosted project management	HIGH — Jira, Confluence, Notion on US servers
Art.72 PMM data	Commission non-compliance evaluation	US court order to US-hosted monitoring platforms	MEDIUM-HIGH — depends on observability stack

EU-Native Infrastructure as Art.82 Risk Mitigation

Providers deploying high-risk AI on EU-native infrastructure (operating exclusively under EU law, with no US corporate parent subject to CLOUD Act) face a single legal order: EU MSA + Commission demands are the only compellability risk. There is no parallel US court order mechanism because the infrastructure provider has no US nexus.

For providers already subject to Art.82 proceedings, the infrastructure jurisdiction is fixed — you cannot re-architect mid-investigation. But for high-risk AI developers planning future deployments, Art.82's evidence demand scope makes EU-native infrastructure a material compliance risk factor, not just a data residency preference.

Art.82 and the EU AI Act Database (Art.49 / Art.71)

The EU AI Act database established under Art.71 (previously called Art.60 in draft versions) serves as the authoritative public record of all high-risk AI systems placed on the EU market. Art.82(2) connects this database to enforcement proceedings:

Database Entry Lifecycle Under Art.82

Pre-Art.79: Provider registers system per Art.49(2). Entry includes: system name/version, risk category (Annex III sector), provider identity, authorised representative, conformity assessment reference, notified body (if applicable), EU declaration of conformity reference.

Art.79 investigation opened: No mandatory database update. Art.79 is investigative and does not require provider disclosure before corrective measures.

Art.79(2) corrective measure issued: Art.82(2) obligation activates. Provider must update database entry to reflect the measure.

Art.82(1) notification filed: MSA simultaneously updates ICSMS and the EU database is cross-referenced. Commission can see the formal non-compliance record linked to the provider's Art.49 registration.

Art.80(3) Commission action: Commission-issued Union-wide measures are reflected in the database entry — visible to all Member State MSAs, notified bodies, and (for public-facing entries) the public.

Post-Art.80(3) resolution: If non-compliance is remediated, provider files updated conformity assessment and re-registers. If system is withdrawn permanently, provider de-registers.

Python Implementation

from dataclasses import dataclass, field
from enum import Enum, auto
from datetime import date, timedelta
from typing import Optional

class Art79MeasureType(Enum):
    CORRECTIVE_ACTION = "corrective_action"          # Art.79(2)(a)
    USE_RESTRICTION = "use_restriction"              # Art.79(2)(b)
    MARKET_WITHDRAWAL = "market_withdrawal"          # Art.79(2)(c)
    RECALL = "recall"                                # Art.79(2)(d)

class Art82NotificationStatus(Enum):
    NOT_TRIGGERED = "not_triggered"         # Art.79 investigation ongoing; no corrective measure yet
    MEASURE_TAKEN = "measure_taken"         # Art.79(2) measure issued; Art.82(1) pending
    NOTIFIED = "notified"                   # Art.82(1) filed with Commission + Member States
    COMMISSION_EVALUATING = "commission_evaluating"  # Art.80(3) evaluation underway
    HARMONISED = "harmonised"              # Commission issued Union-wide measure (Art.80(2))
    REJECTED = "rejected"                  # Commission found MSA measure unjustified; withdrawn

class DatabaseUpdateType(Enum):
    CORRECTIVE_ACTION_IN_PROGRESS = "corrective_action_in_progress"
    USE_RESTRICTED = "use_restricted"
    MARKET_WITHDRAWN = "market_withdrawn"
    RECALLED_DEREGISTERED = "recalled_deregistered"
    REMEDIATED_REREGISTERED = "remediated_reregistered"

@dataclass
class FormalNonComplianceNotification:
    """
    Models the Art.82 formal non-compliance notification lifecycle.
    
    Art.82(1): MSA notification obligation to Commission + Member States.
    Art.82(2): Provider registration update obligation.
    Art.82(3): Fine exposure for Art.82(2) non-compliance.
    """
    system_euaidb_id: str                          # EU AI Act database Art.49 registration ID
    system_name: str                               # Registered system name
    provider_name: str                             # Provider legal entity
    msa_country_code: str                          # Originating MSA Member State ISO-3166
    art79_measure_type: Art79MeasureType           # Corrective measure taken under Art.79(2)
    art79_measure_date: date                       # Date Art.79(2) measure was issued
    notification_status: Art82NotificationStatus = Art82NotificationStatus.MEASURE_TAKEN
    
    # Timeline tracking
    art82_notification_filed: Optional[date] = None
    commission_evaluation_started: Optional[date] = None
    art80_3_decision_expected: Optional[date] = None
    
    # Non-compliance basis
    violated_obligations: list = field(default_factory=list)  # ['Art.9', 'Art.12', 'Art.72']
    
    def art82_1_notification_deadline(self) -> date:
        """
        Art.82(1) requires 'immediate' notification after Art.79(2) measure.
        Best practice: within 24–48 hours of measure issuance.
        """
        return self.art79_measure_date + timedelta(days=1)
    
    def art82_2_database_update_deadline(self) -> date:
        """
        Art.82(2) database update required within the Art.79(2) compliance deadline.
        Art.79(2) corrective measures typically specify 10–30 working day compliance windows.
        """
        working_days = {
            Art79MeasureType.CORRECTIVE_ACTION: 30,   # 6 calendar weeks
            Art79MeasureType.USE_RESTRICTION: 10,     # 2 calendar weeks
            Art79MeasureType.MARKET_WITHDRAWAL: 10,   # Immediate but practical minimum
            Art79MeasureType.RECALL: 5,               # Urgent
        }
        days = working_days.get(self.art79_measure_type, 20)
        return self.art79_measure_date + timedelta(days=days)
    
    def art80_3_commission_window(self) -> Optional[date]:
        """
        Art.80(3) Commission evaluation begins from Art.82(1) notification date.
        Commission typically evaluates within 30 working days.
        """
        if self.art82_notification_filed:
            return self.art82_notification_filed + timedelta(days=45)  # 30 working days
        return None
    
    def required_database_update(self) -> DatabaseUpdateType:
        """Maps Art.79(2) measure type to required Art.82(2) database action."""
        mapping = {
            Art79MeasureType.CORRECTIVE_ACTION: DatabaseUpdateType.CORRECTIVE_ACTION_IN_PROGRESS,
            Art79MeasureType.USE_RESTRICTION: DatabaseUpdateType.USE_RESTRICTED,
            Art79MeasureType.MARKET_WITHDRAWAL: DatabaseUpdateType.MARKET_WITHDRAWN,
            Art79MeasureType.RECALL: DatabaseUpdateType.RECALLED_DEREGISTERED,
        }
        return mapping[self.art79_measure_type]
    
    def fine_exposure(self) -> dict:
        """
        Art.82(3) fine exposure for Art.82(2) non-compliance.
        Independent of Art.99 Tier 2 for underlying non-compliance.
        """
        return {
            "tier": "Art.99 Tier 2",
            "flat_cap": "€15,000,000",
            "percentage": "3% of global annual turnover",
            "applicable": "whichever is higher",
            "note": "Separate from underlying non-compliance fine (Art.99 Tier 2 also applies to original violation)",
            "sme_carve_out": "Art.99(6): lower of flat cap or percentage for SMEs/startups",
        }


@dataclass
class Art82ComplianceChecker:
    """
    Verifies provider compliance with Art.82(1), (2), and (3) obligations
    at each phase of Art.82 proceedings.
    """
    notification: FormalNonComplianceNotification
    assessment_date: date = field(default_factory=date.today)
    
    def check_art82_1_compliance(self) -> dict:
        """Verifies Art.82(1): notification filed on time."""
        deadline = self.notification.art82_1_notification_deadline()
        filed = self.notification.art82_notification_filed
        
        if not filed:
            return {
                "compliant": False,
                "obligation": "Art.82(1) MSA notification",
                "status": "NOT FILED",
                "deadline": deadline.isoformat(),
                "risk": "MSA non-compliance; Commission cannot open Art.80(3) without formal notification",
                "action": "MSA must file Art.82(1) notification via ICSMS immediately",
            }
        
        return {
            "compliant": filed <= deadline,
            "obligation": "Art.82(1) MSA notification",
            "status": "FILED",
            "filed_date": filed.isoformat(),
            "deadline": deadline.isoformat(),
            "on_time": filed <= deadline,
        }
    
    def check_art82_2_compliance(self, database_updated: bool) -> dict:
        """Verifies Art.82(2): provider registration update completed."""
        deadline = self.notification.art82_2_database_update_deadline()
        required_action = self.notification.required_database_update()
        
        if not database_updated:
            return {
                "compliant": False,
                "obligation": "Art.82(2) provider registration update",
                "required_action": required_action.value,
                "deadline": deadline.isoformat(),
                "days_remaining": (deadline - self.assessment_date).days,
                "fine_risk": self.notification.fine_exposure(),
                "action": f"Update EU AI Act database entry: {required_action.value}",
            }
        
        return {
            "compliant": True,
            "obligation": "Art.82(2) provider registration update",
            "required_action": required_action.value,
            "status": "DATABASE UPDATED",
            "deadline": deadline.isoformat(),
        }
    
    def evaluate_art80_3_readiness(self) -> dict:
        """
        Assesses provider readiness for Art.80(3) Commission evaluation.
        Art.82(1) notification opens Art.80(3) window — provider should prepare immediately.
        """
        readiness = {
            "art82_notification_filed": self.notification.art82_notification_filed is not None,
            "database_update_pending": self.notification.required_database_update().value,
            "commission_window": self.notification.art80_3_commission_window(),
            "recommended_actions": [],
        }
        
        if self.notification.art82_notification_filed:
            commission_deadline = self.notification.art80_3_commission_window()
            days_to_commission = (commission_deadline - self.assessment_date).days if commission_deadline else None
            
            readiness["days_to_commission_decision"] = days_to_commission
            readiness["recommended_actions"].extend([
                "Prepare technical remediation brief for Commission (Art.9 updated risk assessment)",
                "File Art.82(2) database update before Commission evaluation begins",
                "Retain EU regulatory counsel for Art.80(3) hearing representation",
                "Notify all deployers of system status (Art.14 cooperation chain)",
                "Prepare cross-MSA outreach plan — 26 Member States received RAPEX notification",
            ])
        
        readiness["cloud_act_risk"] = (
            "HIGH" if any(ob in ['Art.12', 'Art.72'] for ob in self.notification.violated_obligations)
            else "MEDIUM"
        )
        
        return readiness


# Usage example
if __name__ == "__main__":
    # A German MSA has taken Art.79(2) corrective action (use restriction) for a
    # high-risk AI system used in employment decisions — non-compliant with Art.9
    
    notification = FormalNonComplianceNotification(
        system_euaidb_id="EUAI-2025-DE-001892",
        system_name="HireScore 3.0",
        provider_name="Acme AI Systems GmbH",
        msa_country_code="DE",
        art79_measure_type=Art79MeasureType.USE_RESTRICTION,
        art79_measure_date=date(2026, 10, 15),
        violated_obligations=["Art.9", "Art.12"],
        art82_notification_filed=date(2026, 10, 16),
        notification_status=Art82NotificationStatus.NOTIFIED,
    )
    
    checker = Art82ComplianceChecker(notification=notification)
    
    art82_1 = checker.check_art82_1_compliance()
    print(f"Art.82(1) Status: {art82_1['status']}, On Time: {art82_1.get('on_time', 'N/A')}")
    
    art82_2 = checker.check_art82_2_compliance(database_updated=False)
    print(f"Art.82(2) Status: {art82_2['compliant']}, Action: {art82_2['required_action']}")
    print(f"Fine Risk: {art82_2['fine_risk']['flat_cap']} or {art82_2['fine_risk']['percentage']}")
    
    readiness = checker.evaluate_art80_3_readiness()
    print(f"Days to Commission Decision: {readiness.get('days_to_commission_decision', 'N/A')}")
    print(f"CLOUD Act Risk: {readiness['cloud_act_risk']}")

40-Item Art.82 Compliance Checklist

Section 1: Pre-Art.82 Preparedness (8 Items)

1. EU AI Act database registration (Art.49) is complete and accurate for all high-risk AI system versions
2. Art.9 risk management system is documented and reviewable within 10 working days of MSA demand
3. Art.12 logging is operational and export-ready for MSA + Commission review
4. Art.17 quality management documentation is current and accessible
5. Art.72 post-market monitoring plan is active and generating data
6. Art.79 investigation response procedure is documented (legal escalation, technical response team, compliance lead)
7. EU AI Act database access credentials are held by compliance team (not only engineering team)
8. CLOUD Act jurisdiction assessment is complete for all evidence categories (documentation, logs, training data)

Section 2: Art.82(1) Notification Response (8 Items)

9. Art.82(1) notification receipt confirmed (Commission acknowledgment, RAPEX/ICSMS tracking ID obtained)
10. Day 0 established: Art.82(1) filing date recorded as baseline for Art.80(3) timeline
11. Legal counsel escalated: national AI Act counsel + EU regulatory counsel retained
12. Non-compliance finding reviewed: specific Art.9/11/12/14/17/72 violations identified from MSA findings
13. Art.79(2) measure type identified: corrective action / use restriction / withdrawal / recall
14. All affected system versions identified: scope of Art.79(2) measure across versions and deployments
15. Commission response brief initiated: technical remediation plan, Art.9 updated risk assessment
16. Cross-MSA RAPEX monitoring: 26 Member States notified — identify primary markets for proactive outreach

Section 3: Art.82(2) Database Update (8 Items)

17. Required database update type determined: corrective action / use restriction / withdrawal / de-registration
18. Art.82(2) database update deadline calculated (based on Art.79(2) compliance window)
19. EU AI Act database entry updated to reflect Art.79(2) measure (status, scope, timeline)
20. All registered deployers notified of system status change (Art.14 cooperation obligation)
21. If recall ordered: de-registration initiated for recalled system versions
22. If corrective action completed: updated conformity documentation prepared for re-registration
23. Database update confirmation documented (date, entry version, responsible compliance officer)
24. Art.82(2) compliance verified before Art.80(3) Commission evaluation begins

Section 4: Art.80(3) Commission Engagement (8 Items)

25. Art.80(3) Commission evaluation window mapped (30 working days from Art.82(1) notification date)
26. Hearing right confirmed: provider entitled to present technical evidence before Commission harmonised measure
27. Technical remediation brief submitted to Commission within evaluation window
28. Art.9 risk management update demonstrates root cause identification and corrective controls
29. Art.12 audit log export prepared: demonstrates PMM detection capability and incident history
30. Commission response addresses Art.80(3) distinction: is this non-compliant (Art.80(3)) or compliant-but-risky (Art.81)?
31. If Commission issues harmonised measure (Art.80(2)): EU-wide compliance plan prepared for all 27 Member States
32. If Commission rejects MSA measure (Art.80(2) unjustified): MSA withdrawal confirmed; market access restored

Section 5: Art.82(3) Fine Risk Mitigation (8 Items)

33. Art.82(2) database update filed on time: reduces Art.82(3) fine exposure to zero
34. Art.99 Tier 2 exposure assessed for underlying non-compliance (original Art.9/12/17/72 violation)
35. SME/startup status evaluated: Art.99(6) carve-out applicability reviewed with counsel
36. Cooperation credit: voluntary cooperation with MSA/Commission during Art.79/Art.80 proceedings documented
37. Self-reported violations (if applicable): disclosed before MSA investigation — reduces fine tier
38. Fine stacking assessed: Art.82(3) fine + Art.99 Tier 2 for underlying violation are separate exposures
39. Global annual turnover figure established: 3% percentage threshold calculated for insurance/reserve purposes
40. Art.82 proceedings documented end-to-end: complete record of compliance actions reduces fine quantum

Key Distinctions: Art.82 in the Chapter IX Architecture

Art.82's role becomes clearest when mapped against the full Chapter IX enforcement architecture for a non-compliant high-risk AI system:

Stage	Article	Trigger	Commission Role
Investigation	Art.74	MSA access rights: documentation, algorithm, physical inspection	None
National procedure	Art.79(1)	MSA finds reasonable grounds for risk	None
Corrective measure	Art.79(2)	MSA issues binding corrective action for non-compliant system	None
National notification	Art.79(3)	MSA informs national competent authority	None
Cross-border notification	Art.79(5)	MSA notifies Commission + Member States	Receives notification
Formal non-compliance	Art.82(1)	MSA files formal notification: non-compliant system	Opens Art.80(3) evaluation
Registration update	Art.82(2)	Provider updates EU database	Sees updated status
Union Safeguard	Art.80(3)	Commission evaluates and harmonises	Issues binding EU-wide measures

This architecture means that Art.82 is the formal threshold crossing from national enforcement to Union-level enforcement for non-compliant systems. Art.79 is national; Art.82(1) notification is the act that makes the enforcement Union-wide in legal effect.