EU AI Act Art.89: Right to Be Heard in Enforcement Proceedings — Developer Guide (2026)
Article 88 protects those who report AI Act violations. Article 89 protects those who are investigated for them.
Before any enforcement measure — a market withdrawal order, a restriction on use, an administrative fine under Art.99 — the EU AI Office or a national Market Surveillance Authority must give the affected entity an opportunity to be heard. This is not a courtesy. It is a procedural right embedded directly in the AI Act, reflecting the fundamental principle of audi alteram partem that runs through all EU administrative law.
For developers, Art.89 is both a shield and a preparation requirement. You cannot exercise a right you haven't prepared for. The time to build your enforcement-readiness posture is before an investigation opens, not after you receive a notification letter.
What Article 89 Actually Says
Article 89 establishes procedural rights for parties subject to enforcement action under the AI Act:
Article 89(1) — Written Observations:
Before any individual measure which would adversely affect a person is taken, that person shall be given the opportunity to submit their observations in writing within a period of at least 10 working days.
The 10-working-day floor is a minimum; the authority may grant more time depending on complexity. In practice, GPAI enforcement investigations at the AI Office — which can involve millions of pages of training documentation and evaluation results — often extend this period significantly.
Article 89(2) — Oral Hearing on Request:
The person concerned may, upon request, be given the opportunity to present its comments orally. Such oral hearing shall be recorded.
The oral hearing is not automatic. You must affirmatively request it. The recording requirement matters: what you say in the hearing becomes part of the enforcement record and can be used in subsequent proceedings, including appeals before the General Court.
Article 89(3) — Access to the File:
The party concerned shall have the right to access the file of the authority, subject to the legitimate interests of other parties in the protection of their business secrets and other confidential information.
"Access to the file" means you can review the evidence the authority intends to rely on. This is a critical procedural right: if the authority is relying on a third-party complaint, a qualified alert from the scientific panel, or technical test results it commissioned, you have the right to see that material (minus redactions for third-party confidential information) and respond to it specifically.
Article 89(4) — Urgency Exception:
In the case of urgency, the competent authority may take interim measures without first giving the person concerned an opportunity to be heard. The authority shall give that person the opportunity to be heard as soon as possible after taking such interim measures.
Interim measures under Art.93 (systemic risk) or emergency market surveillance measures can bypass the pre-hearing requirement. However, the right to be heard attaches immediately after the interim measure is taken — it is not extinguished, only delayed.
Article 89(5) — Fundamental Rights Preservation:
Art.89 does not derogate from Member State provisions on procedural rights that provide stronger protection. Where national administrative law gives more generous hearing rights, those rights apply in parallel with Art.89.
The Right to Be Heard: Who Is Protected and When
Enforcement Contexts That Trigger Art.89
| Enforcement Action | Authority | Art.89 Applies? |
|---|---|---|
| Market withdrawal order (Art.79) | NCA/MSA | Yes — before order is final |
| Restriction of use | NCA/MSA | Yes |
| Administrative fine (Art.99 Tier 1-3) | NCA or AI Office | Yes |
| GPAI model corrective measure | AI Office | Yes |
| Interim measure (Art.93 systemic risk) | AI Office | No pre-hearing; post-hearing required |
| Mandatory information request (Art.90) | AI Office/NCA | No (information gathering, not adverse measure) |
| On-site inspection (Art.91) | AI Office/NCA | No (inspection itself, adverse measure = separate) |
| CE marking suspension | Notified body/NCA | Yes — before suspension takes effect |
The Art.89 right attaches to individual measures that adversely affect a person — a defined term. Preliminary investigative steps (information requests, inspections) do not themselves trigger Art.89, but any formal measure that restricts your market access, imposes conditions on your AI system, or results in a fine does.
The Two Enforcement Tracks and How Art.89 Applies
Track 1: NCA Enforcement (High-Risk AI Systems)
National Market Surveillance Authorities enforce Art.72-88 obligations for high-risk AI systems. The NCA follows national administrative procedure law, supplemented by Art.89's minimum guarantees. In Germany (BNetzA), France (ANSSI), and the Netherlands (RDI), the hearing right is integrated into their standard enforcement procedure.
Track 2: AI Office Enforcement (GPAI Models)
The EU AI Office enforces obligations on GPAI model providers (Art.51-56). This is Union-level enforcement, not national. The AI Office's procedure is governed by the EU AI Act directly, with Art.89 as the core procedural framework. There is no national administrative procedure to supplement it.
For GPAI providers, the practical consequence is that Art.89 proceedings at the AI Office level are novel territory: there is no established body of national case law to guide interpretation. You are dealing with a new enforcement body applying a new procedure.
Written Observations: What to Submit and How
The written observations phase is where most enforcement cases are won or lost. The authority has made a preliminary determination; your observations must either:
- Demonstrate the factual record is incomplete or incorrect — the evidence on which the authority relies does not support its preliminary conclusion.
- Establish a legal interpretation that excludes liability — the obligation the authority says you violated does not apply to your system or use case in the way alleged.
- Show mitigating factors — even if a violation occurred, factors reduce culpability and thus the appropriate measure (Art.99 fine reduction for cooperation, first violation, etc.).
- Provide remediation evidence — you have already corrected the identified problem, making a formal measure disproportionate.
The Proportionality Argument
Every enforcement measure must satisfy the proportionality principle. Your observations should explicitly address:
- Whether the proposed measure (fine level, market restriction scope) is appropriate to the gravity of the violation
- Whether less restrictive measures would achieve the same compliance objective
- The economic impact on your organisation and the market
The General Court (CJEU) has consistently enforced proportionality against EU enforcement bodies. Building a proportionality argument into your written observations gives you grounds for appeal if the authority ignores it.
Document Preservation for Enforcement Readiness
The quality of your written observations depends entirely on the quality of your documentation. AI Act enforcement cases turn on:
| Document Category | Relevance to Observations |
|---|---|
| Risk management system records (Art.9) | Evidence of systematic compliance approach |
| Technical documentation (Art.11) | System capabilities match what was represented |
| Conformity assessment records (Art.43) | Completed before market placement |
| Post-market monitoring logs (Art.72) | Active compliance monitoring in place |
| Incident reports (Art.73) | Reported incidents promptly (mitigating factor) |
| Human oversight protocols (Art.14) | Meaningful oversight implemented |
| Quality management records (Art.17) | Systematic QMS in place |
Oral Hearings: Requesting, Preparing, and Participating
When to Request an Oral Hearing
Request an oral hearing when:
- The factual record is contested and witness credibility matters
- Technical complexity requires interactive explanation (e.g., how your AI system makes decisions)
- You want to present expert testimony that cannot be adequately reduced to writing
- The preliminary decision reflects a fundamental misunderstanding of your technology
Do not request an oral hearing when your case is purely a legal argument. Written observations are more precise, more easily controlled, and less subject to real-time questioning.
Preparing for the Oral Hearing
The oral hearing is recorded and becomes part of the enforcement record. Treat it as testimony before a court. Key preparation elements:
- Designate a lead speaker — usually legal counsel, not the technical team member
- Prepare technical experts as witnesses — for technical questions, have designated experts answer; do not allow the lead speaker to improvise on technical matters
- Prepare a statement of core facts — a 2-minute summary of your factual position that you deliver at the start
- Anticipate the authority's questions — review the preliminary decision carefully; every assertion is a potential question
- Know what you will not answer — legal professional privilege, commercially sensitive information: know in advance what you will decline to address and the legal basis
The Recording and Its Consequences
Every oral hearing is recorded under Art.89(2). This means:
- Admissions made in the hearing can be used against you in the final decision
- Inconsistencies between written observations and oral statements will be noted
- If you later appeal to the General Court, the hearing transcript is part of the case record
Request a copy of the transcript before the authority issues its final decision. If you identify errors or misquotations, raise them immediately.
Access to the Enforcement File
What "Access to the File" Means in Practice
"The file" is the collection of documents the authority relied on to reach its preliminary decision. Under Art.89(3), you are entitled to access this material subject to redaction of:
- Business secrets of third parties
- Other confidential information (including informant identities under Art.78)
- Internal authority documents (working papers, legal opinions, communications)
In GPAI enforcement cases at the AI Office, the file may include:
- Technical evaluation results from the AI Office's own testing
- Scientific panel opinions or qualified alerts (Art.89 via Art.68)
- Market surveillance reports from NCAs who flagged the GPAI model
- Third-party complainant submissions (with identity possibly redacted)
- Benchmarking results against codes of practice
Challenging the File
If you believe the authority has withheld non-exempt material, you can:
- Request a more complete disclosure, identifying specific categories you believe exist
- Challenge the redactions as overbroad in your written observations
- On appeal, request the General Court to order disclosure of specific documents
The General Court has extensive experience managing confidentiality issues in EU enforcement proceedings from competition law; expect similar approaches in AI Act cases.
The Urgency Exception: Interim Measures Without Prior Hearing
Art.89(4) allows the AI Office or NCA to take interim measures without a prior hearing when urgency justifies it. This exception applies most prominently in cases involving:
- GPAI models posing potential systemic risk (Art.93)
- High-risk AI systems presenting an immediate safety risk (Art.79 emergency procedure)
- Ongoing harm that would continue for the duration of a normal hearing process
What "As Soon as Possible" Means
Art.89(4) requires the authority to give the affected party a hearing "as soon as possible" after taking an interim measure. In the AI Act's enforcement context, this likely means:
| Situation | Expected Post-Interim Hearing Timeline |
|---|---|
| Market withdrawal for safety risk | 5-10 working days |
| GPAI systemic risk interim measure | 10-15 working days |
| CE marking suspension | 10 working days (per Regulation 2019/1020 analogy) |
The post-interim hearing carries the same rights as the standard Art.89 hearing: written observations, oral hearing on request, file access. The only difference is sequence (measure first, hearing second rather than hearing first, measure second).
CLOUD Act Risk During EU AI Act Enforcement
For developers and GPAI providers using US cloud infrastructure (AWS, Azure, GCP), EU AI Act enforcement creates a specific CLOUD Act exposure that is qualitatively different from routine data protection investigations.
The Three-Layer Exposure
| Data Category | EU AI Act Enforcement Need | CLOUD Act Conflict Risk |
|---|---|---|
| Training dataset documentation | AI Office may request samples to assess compliance with Art.10 | HIGH: Data on US cloud provider subject to US CLOUD Act requests |
| Model weights and architecture files | Technical documentation under Art.11 may need to be shown | HIGH: Weights stored on US infrastructure potentially accessible to US government |
| Log files and monitoring data | Post-market monitoring records (Art.72) | MEDIUM: Operational logs may contain EU user data |
| Conformity assessment records | Standard compliance documentation | LOW: Usually not commercially sensitive |
The Enforcement File and CLOUD Act
When the AI Office compiles your enforcement file, it includes documents it obtained from you voluntarily or compulsorily. If those documents were stored on US cloud infrastructure, there is a non-zero risk that:
- A US government agency could compel the US cloud provider to produce the same documents under CLOUD Act
- The US government could access enforcement strategy documents, legal arguments, and internal communications about the case
- Commercially sensitive model details shared with EU authorities under confidentiality could be obtained by US authorities via a separate legal route
The sovereign infrastructure response: Using EU-sovereign cloud infrastructure for AI documentation (including during enforcement proceedings) eliminates this exposure. Documents stored exclusively in EU-based infrastructure with no US-based parent company are not reachable via CLOUD Act.
Practical Protocol
When you receive an Art.89 notification that enforcement proceedings have opened:
- Immediately move case-related communications to EU-sovereign infrastructure
- Do not use US-based communication tools (Teams, Slack) for enforcement strategy discussions
- Ensure legal counsel communications are on infrastructure outside CLOUD Act reach
- Review your document production plan — before submitting to the AI Office, assess which documents should be transferred from US to EU infrastructure first
Python: Enforcement Readiness Toolkit
from dataclasses import dataclass, field
from datetime import date, timedelta
from enum import Enum
from typing import Optional
import json
class EnforcementTrack(Enum):
NCA_HIGH_RISK = "nca_high_risk_ai"
AI_OFFICE_GPAI = "ai_office_gpai_model"
JOINT = "joint_nca_ai_office"
class HearingStatus(Enum):
NOT_TRIGGERED = "not_triggered"
NOTIFICATION_RECEIVED = "notification_received"
OBSERVATIONS_PENDING = "observations_pending"
OBSERVATIONS_SUBMITTED = "observations_submitted"
ORAL_HEARING_REQUESTED = "oral_hearing_requested"
ORAL_HEARING_SCHEDULED = "oral_hearing_scheduled"
ORAL_HEARING_COMPLETED = "oral_hearing_completed"
FILE_ACCESS_REQUESTED = "file_access_requested"
FILE_ACCESS_GRANTED = "file_access_granted"
AWAITING_FINAL_DECISION = "awaiting_final_decision"
@dataclass
class Art89Notification:
"""Represents an Art.89 notification from enforcement authority."""
authority: str
track: EnforcementTrack
notification_date: date
observation_deadline: date
preliminary_findings: str
alleged_violations: list[str]
proposed_measures: list[str]
is_interim_measure: bool = False
def days_remaining(self) -> int:
return (self.observation_deadline - date.today()).days
def is_urgent(self) -> bool:
return self.days_remaining() < 5
def minimum_deadline_met(self) -> bool:
"""Art.89(1): minimum 10 working days from notification."""
notification_to_deadline = (self.observation_deadline - self.notification_date).days
# Approximate: working days = calendar days * 5/7
working_days_approx = notification_to_deadline * 5 / 7
return working_days_approx >= 10
@dataclass
class Art89HearingManager:
"""Manages the Art.89 right-to-be-heard process."""
notification: Art89Notification
status: HearingStatus = HearingStatus.NOTIFICATION_RECEIVED
oral_hearing_requested: bool = False
file_access_requested: bool = False
observations_submitted_date: Optional[date] = None
document_log: list[dict] = field(default_factory=list)
def assess_oral_hearing_need(
self,
factual_dispute: bool,
technical_complexity: bool,
expert_testimony_needed: bool,
legal_argument_only: bool,
) -> dict:
"""Assess whether to request oral hearing under Art.89(2)."""
score = sum([factual_dispute * 3, technical_complexity * 2, expert_testimony_needed * 2])
score -= legal_argument_only * 3
recommend_hearing = score > 2
return {
"recommend_oral_hearing": recommend_hearing,
"score": score,
"rationale": {
"factual_dispute": factual_dispute,
"technical_complexity": technical_complexity,
"expert_testimony_needed": expert_testimony_needed,
"legal_argument_only": legal_argument_only,
},
"action": (
"Request oral hearing under Art.89(2) within notification response"
if recommend_hearing
else "Written observations only — more precise and controlled"
),
}
def check_cloud_act_exposure(self, document_storage_location: str) -> dict:
"""Assess CLOUD Act risk for enforcement documents."""
us_providers = ["aws", "azure", "gcp", "google cloud", "amazon", "microsoft azure"]
is_us_cloud = any(p in document_storage_location.lower() for p in us_providers)
return {
"cloud_act_exposure": is_us_cloud,
"risk_level": "HIGH" if is_us_cloud else "LOW",
"recommendation": (
"IMMEDIATE: Transfer enforcement-related documents to EU-sovereign infrastructure "
"before submitting to AI Office. Documents on US cloud infrastructure are potentially "
"accessible under the US CLOUD Act via separate channel."
if is_us_cloud
else "Documents on EU-sovereign infrastructure — CLOUD Act exposure minimal."
),
"action_items": [
"Move legal strategy communications off US-based platforms",
"Transfer model documentation to EU-sovereign storage",
"Ensure counsel-client communications on non-US infrastructure",
"Review CLOUD Act risk for each document category before producing to AI Office",
] if is_us_cloud else [],
}
def build_observations_framework(self) -> dict:
"""Generate framework for written observations under Art.89(1)."""
return {
"structure": [
{
"section": "1. Factual Corrections",
"purpose": "Challenge any factual errors in preliminary findings",
"key_questions": [
"What facts did the authority get wrong?",
"What documents correct those facts?",
"Is the error material to the violation finding?",
],
},
{
"section": "2. Legal Analysis",
"purpose": "Show the alleged violation does not apply to your system/use case",
"key_questions": [
"Does the cited obligation actually apply to your system?",
"Has the authority correctly characterized your system category?",
"Does the alleged conduct fall within the obligation's scope?",
],
},
{
"section": "3. Proportionality Argument",
"purpose": "Challenge measure severity even if violation is established",
"key_questions": [
"Is the proposed measure proportionate to violation gravity?",
"Are less restrictive alternatives available?",
"What is the economic impact of the proposed measure?",
],
},
{
"section": "4. Mitigating Factors",
"purpose": "Reduce culpability and fine level (Art.99 factors)",
"key_questions": [
"First violation? Prompt cooperation?",
"Self-identification and voluntary reporting?",
"Immediate remediation after discovery?",
"Systemic compliance programme in place?",
],
},
{
"section": "5. Remediation Evidence",
"purpose": "Show problem already corrected — measure now disproportionate",
"key_questions": [
"Has the violation been corrected?",
"What evidence proves the correction?",
"Is ongoing monitoring in place to prevent recurrence?",
],
},
],
"submission_deadline": self.notification.observation_deadline.isoformat(),
"days_remaining": self.notification.days_remaining(),
"urgency_flag": self.notification.is_urgent(),
}
@dataclass
class EnforcementDocumentPreserver:
"""Manages preservation and readiness of enforcement-relevant documents."""
system_name: str
system_category: str # "high-risk", "gpai", "general-purpose"
ENFORCEMENT_DOCUMENT_CATEGORIES = [
("risk_management", "Art.9 Risk Management System records", "CRITICAL"),
("technical_documentation", "Art.11 Technical documentation", "CRITICAL"),
("conformity_assessment", "Art.43 Conformity assessment records", "CRITICAL"),
("post_market_monitoring", "Art.72 Post-market monitoring logs", "HIGH"),
("incident_reports", "Art.73 Serious incident reports", "HIGH"),
("human_oversight", "Art.14 Human oversight implementation records", "HIGH"),
("qms_records", "Art.17 Quality management system records", "MEDIUM"),
("transparency_info", "Art.13 User-facing transparency documentation", "MEDIUM"),
("data_governance", "Art.10 Data governance and training data records", "HIGH"),
("accuracy_metrics", "Art.15 Accuracy/robustness/cybersecurity records", "MEDIUM"),
]
def audit_document_readiness(self) -> dict:
"""Audit which enforcement documents are available and where stored."""
results = {}
for category, description, priority in self.ENFORCEMENT_DOCUMENT_CATEGORIES:
results[category] = {
"description": description,
"priority": priority,
"status": "CHECK_REQUIRED",
"action": f"Verify {description} exists, is current, and is on EU-sovereign infrastructure",
}
return {
"system": self.system_name,
"audit_date": date.today().isoformat(),
"documents": results,
"recommendation": (
"Conduct quarterly enforcement readiness audit. "
"All CRITICAL documents must be accessible within 10 working days of Art.89 notification."
),
}
def check_minimum_hearing_deadline(notification_date: date, deadline: date) -> dict:
"""Verify Art.89(1) minimum 10 working-day requirement is met."""
calendar_days = (deadline - notification_date).days
# Conservative: assume 7/10 calendar days are working days (accounting for weekends + avg holidays)
estimated_working_days = calendar_days * 5 / 7
compliant = estimated_working_days >= 10
return {
"notification_date": notification_date.isoformat(),
"observation_deadline": deadline.isoformat(),
"calendar_days": calendar_days,
"estimated_working_days": round(estimated_working_days, 1),
"art89_compliant": compliant,
"action": (
"Deadline meets Art.89(1) minimum 10 working-day requirement."
if compliant
else "CHALLENGE: Deadline may not meet Art.89(1) minimum 10 working-day requirement. "
"Request extension citing Art.89(1) explicitly."
),
}
# Example usage
if __name__ == "__main__":
# Scenario: AI Office opens proceedings against GPAI model provider
notification = Art89Notification(
authority="EU AI Office",
track=EnforcementTrack.AI_OFFICE_GPAI,
notification_date=date(2026, 9, 1),
observation_deadline=date(2026, 9, 17), # ~12 working days
preliminary_findings=(
"Provider's GPAI model appears to lack adequate technical documentation "
"required under Art.53(1)(b). Evaluation report available in enforcement file."
),
alleged_violations=["Art.53(1)(b) — technical documentation", "Art.55(1)(a) — systemic risk assessment"],
proposed_measures=["Mandatory technical documentation update", "Art.99(3) fine up to €15M"],
is_interim_measure=False,
)
manager = Art89HearingManager(notification=notification)
# Check minimum deadline compliance
deadline_check = check_minimum_hearing_deadline(
notification.notification_date, notification.observation_deadline
)
print("Deadline compliance:", json.dumps(deadline_check, indent=2))
# Assess whether oral hearing is needed
hearing_assessment = manager.assess_oral_hearing_need(
factual_dispute=True, # Dispute whether documentation is actually missing
technical_complexity=True, # Complex model architecture questions
expert_testimony_needed=True, # Expert witness on documentation standard
legal_argument_only=False,
)
print("\nOral hearing assessment:", json.dumps(hearing_assessment, indent=2))
# Check CLOUD Act exposure
cloud_check = manager.check_cloud_act_exposure("AWS eu-west-1 bucket")
print("\nCLOUD Act exposure:", json.dumps(cloud_check, indent=2))
# Build observations framework
obs_framework = manager.build_observations_framework()
print("\nObservations framework:", json.dumps(obs_framework, indent=2))
# Audit document readiness
preserver = EnforcementDocumentPreserver(
system_name="MyFoundationModel-v3",
system_category="gpai",
)
readiness = preserver.audit_document_readiness()
print("\nDocument readiness:", json.dumps(readiness, indent=2))
30-Item Enforcement Readiness Checklist (Art.89)
Notification Response (Art.89 Triggers)
- Internal escalation protocol exists: who gets notified when Art.89 letter arrives
- Legal counsel designated for AI Act enforcement proceedings (EU-admitted counsel)
- Response team pre-identified (legal lead, technical expert, compliance officer)
- Notification date and Art.89(1) deadline recorded immediately upon receipt
- Art.89(1) minimum 10 working-day deadline verified; if insufficient, extension request drafted
Written Observations (Art.89(1))
- All factual assertions in preliminary findings reviewed against internal records
- Factual errors identified and evidence to correct them gathered
- Legal analysis: does the cited obligation actually apply to your system/use case?
- Proportionality argument drafted: proposed measure vs. violation gravity
- Mitigating factors identified: first violation, prompt cooperation, self-reporting, remediation
- Remediation evidence assembled: what has already been corrected?
- Written observations reviewed by EU-admitted legal counsel before submission
- Observations submitted before deadline (not on deadline day)
Oral Hearing (Art.89(2))
- Oral hearing decision made based on case type (factual dispute vs. pure legal argument)
- Oral hearing request submitted in writing within observation response if desired
- Designated lead speaker is legal counsel, not technical team member
- Technical expert witnesses prepared for their specific questions
- Core facts statement (2 minutes) prepared and rehearsed
- Topics you will decline to answer and legal basis prepared in advance
- Transcript requested from authority after hearing; errors identified and flagged
File Access (Art.89(3))
- File access formally requested in writing citing Art.89(3)
- Received file reviewed for redactions that appear to exceed legitimate confidentiality
- Overbroad redactions challenged in written observations
- Any third-party expert report in the file identified and responded to specifically
- Scientific panel qualified alerts (if present) reviewed and technical responses prepared
Infrastructure and CLOUD Act (Enforcement Jurisdiction)
- Enforcement-related documents transferred to EU-sovereign infrastructure before producing to authority
- Legal strategy communications moved off US-based platforms (Teams/Slack/Gmail)
- CLOUD Act exposure assessment completed for each document category in production set
- Counsel-client privilege communications on non-US infrastructure verified
- EU-sovereign storage for ongoing enforcement proceedings documents confirmed
Interim Measures: Hearing After the Fact
If you receive an interim measure under Art.89(4) (measure taken before hearing), the urgency exception does not extinguish your rights — it suspends their sequence:
- Immediately request your post-interim hearing — "as soon as possible" is not self-executing; you must make the request
- Challenge the urgency finding — if the authority lacked genuine urgency grounds, challenge this as a violation of Art.89(1) in your post-interim observations
- Request suspension of the interim measure while the hearing process runs (the General Court can grant interim relief on appeal if the hearing right has been violated)
Art.89 in the Enforcement Landscape
Art.89 does not stand alone. Understanding its place in the enforcement architecture matters for planning your response:
| Article | Role |
|---|---|
| Art.87 | Complaints mechanism — how investigations start |
| Art.88 | Whistleblower protection — protects those who report |
| Art.89 | Right to be heard — protects those being investigated |
| Art.90 | AI Office power to request information from GPAI providers |
| Art.91 | AI Office inspection powers |
| Art.93 | Interim measures for systemic risk |
| Art.99 | Administrative fines — the measures Art.89 precedes |
Art.89 is the procedural bridge between investigation (Art.87-88, Art.90-91) and enforcement outcome (Art.99). Every fine, every market restriction, every recall order under the EU AI Act must pass through the Art.89 gateway before it becomes final.
See Also
- EU AI Act Art.88: Whistleblower Protection for AI Act Violations
- EU AI Act Art.87: Complaints to Market Surveillance Authorities
- EU AI Act Art.99: Penalties and the Complete Fine Tier Guide
- EU AI Act Art.79: Procedure for AI Systems Presenting Risk at National Level
- EU AI Act Art.78: Confidentiality in MSA Investigations
- EU AI Act Art.73: Serious Incident Reporting for High-Risk AI Systems
- EU AI Act Art.11: Technical Documentation Requirements
- EU AI Act Art.90: AI Office Information Requests for GPAI Providers
- EU AI Act Art.91: AI Office Inspection Powers — On-Site and Remote
This guide covers EU AI Act Article 89 as published in Regulation (EU) 2024/1689. Full enforcement for high-risk AI systems applies from August 2, 2026. GPAI model obligations (Art.51-56) apply from August 2, 2025.