2026-04-13·13 min read·sota.io team

EU AI Act Art.93: AI Office Interim Measures for GPAI Systemic Risk — Developer Guide (2026)

Art.90 requests documents. Art.91 inspects premises. Art.92 interviews staff. Art.93 stops the model.

Article 93 is the AI Office's emergency instrument — the power to issue binding orders against GPAI providers before an investigation concludes, before the provider has been heard, and potentially before the provider fully understands what triggered the order. Where every other enforcement tool in Chapter VII involves process — notice periods, response deadlines, inspection schedules — Art.93 operates on a different timescale. The AI Office determines that systemic risk is imminent. It issues the interim measure. The provider receives notification after the fact.

For GPAI providers, Art.93 represents the highest-velocity compliance risk in the EU AI Act. A well-run organisation can navigate an Art.90 document request in weeks and an Art.91 inspection in days. An Art.93 interim measure can arrive in hours — and the response window between receipt and operational impact may be even shorter.

What Article 93 Actually Says

Article 93 establishes the AI Office's authority to issue interim measures, the conditions that must be satisfied, the procedural framework governing them, and the rights available to providers subject to them.

Article 93(1) — Grounds for Interim Measures:

The AI Office may, at any time, where it has reasonable grounds to believe that a general-purpose AI model with systemic risk infringes this Regulation and where, due to the urgency of the situation or the serious risk involved, there is insufficient time to carry out an investigation under Articles 90, 91 and 92 or to take the other protective measures under this Chapter, issue, by decision, interim measures.

Four conditions must be satisfied simultaneously for Art.93(1) to be triggered:

Systemic risk designation: The GPAI model must have systemic risk designation under Art.51 — only models above the 10^25 FLOPs threshold or equivalently designated by the AI Office are within Art.93's scope.
Reasonable grounds of infringement: The AI Office must have a basis to believe the model infringes the Regulation — not proof, but a reasonable evidential foundation.
Urgency or serious risk: The situation must be urgent or involve serious risk such that normal investigation timelines under Art.90-92 are insufficient.
Imminent harm: The risk must be imminent enough that waiting for a standard investigation would allow harm to materialise.

The "at any time" language is deliberate: Art.93 can be used before, during, or after a formal investigation. It is not a post-investigation instrument — it is a concurrent emergency power that can be activated independently of where the Art.90-92 investigation cycle stands.

Article 93(2) — Notification Requirements:

Where the AI Office decides to adopt interim measures under paragraph 1, it shall notify the provider of those measures in writing. The notification shall include the subject matter of the interim measures and the reasons therefore, including the reasons why the AI Office considered there was insufficient time to act, the anticipated duration of the interim measures, and, where relevant, the supporting evidence and documents.

Art.93(2) creates the procedural record. The notification must include:

The subject matter (what specific behaviour or capability the measure addresses)
The reasons (what evidence supports the systemic risk finding)
Why the urgency exception applies (why Art.90-92 timelines were insufficient)
The anticipated duration
Supporting evidence where available

This notification is the document providers will use to challenge Art.93 orders before the General Court. The adequacy of the AI Office's stated reasons — whether they genuinely support the urgency finding — is the primary grounds for legal challenge.

Article 93(3) — Duration Limits and Review:

The interim measures shall apply for a period not exceeding 15 months after the adoption of the decision. The AI Office shall review the interim measures at the latest every six months after their adoption. Where the adoption or maintenance of the interim measures was justified on the basis of an imminent risk of serious harm to the health, safety, or fundamental rights of the persons affected by the use of the general-purpose AI model, the AI Office may extend the period of application by a further period of up to 6 months.

Duration parameters:

Maximum initial period: 15 months
Mandatory review cycle: Every 6 months after adoption
Extension possibility: Up to an additional 6 months when health, safety, or fundamental rights risks are specifically invoked
Effective maximum duration: 21 months (15 + 6-month extension)

The 6-month review cycle is not optional — the AI Office must affirmatively reassess whether the interim measure remains justified. If the underlying facts change (the provider implements a fix, new evidence emerges, the risk assessment changes), the mandatory review is the procedural vehicle for modifying or lifting the measure.

Article 93(4) — Formal Proceedings and Provider Rights:

Where the AI Office issues interim measures under this Article, it shall, at the earliest opportunity, open formal enforcement proceedings under this Chapter to either confirm, modify, or revoke the interim measures. The AI Office shall hear the provider as soon as possible after the adoption of the interim measures. The provider may apply to the General Court for annulment of the decision on the interim measures.

Three concurrent obligations trigger immediately after an Art.93 order:

Formal proceedings: The AI Office must open formal enforcement proceedings — it cannot keep a provider under interim measures indefinitely without pursuing the underlying investigation.
Art.89 right to be heard: The hearing is not suspended — it is delayed. "As soon as possible" means the AI Office must schedule the Art.89 process immediately after the interim measure is issued.
General Court appeal: The provider has the right to apply to the General Court of the EU for annulment. This is judicial review of an administrative decision — the Court assesses whether the four Art.93(1) conditions were genuinely satisfied.

The Art.93 Trigger Matrix

Understanding which combinations of facts make Art.93 activation more or less likely helps providers assess their exposure profile.

Factor	Low Risk	High Risk
Systemic risk designation	Not designated (below threshold)	Art.51 designated — systemic risk confirmed
Prior enforcement contact	No prior Art.90-92 activity	Active Art.90-92 investigation ongoing
Compliance documentation	Annex XI/XII complete, current	Documentation gaps, outdated evaluations
Incident history	No reported incidents	Serious incidents reported under Art.73
Cooperation posture	Proactive AI Office engagement	Non-responsive to information requests
Capability profile	No CBRN/cyberattack/persuasion capabilities	Elevated capabilities in risk categories
Code of practice status	Signatory, compliant	Non-signatory or non-compliant
Infrastructure jurisdiction	EU-sovereign, AI Office-accessible	US cloud, jurisdictional conflict

The risk profile that most concerns Art.93: a systemically-designated GPAI model with active Art.90 document requests, incomplete capability evaluations, a recent serious incident report, and documented non-cooperation in the investigation. This is the profile that makes the AI Office conclude that waiting for Art.90-92 resolution poses unacceptable risk.

Art.93 vs Art.94: The Emergency/Voluntary Distinction

Articles 93 and 94 are often discussed together as the final two provisions in the Chapter VII enforcement sequence. The operational distinction is fundamental:

Dimension	Art.93 Interim Measures	Art.94 Commitments
Who initiates?	AI Office — unilateral	Provider — voluntary offer
Trigger	Imminent systemic risk	Ongoing investigation
Hearing required first?	No — urgency exception	Yes — part of proceedings
Provider consent needed?	No	Yes
Duration	Temporary (max 21 months)	Binding until fulfilled
Appeal right?	Yes — General Court	Limited — commitment terms
Typical use case	Active harm prevention	Investigation resolution
Compliance posture signal	Adversarial	Cooperative

The strategic implication: Art.94 commitments are the cooperative alternative to Art.93 interim measures. A provider that engages proactively — offering Art.94 commitments during an Art.90 investigation — substantially reduces the probability that the AI Office will conclude Art.93 urgency conditions are met. Art.93 is the tool for providers that have not engaged. Art.94 is the tool for providers that have.

What Art.93 Orders Can Require

The text of Art.93(1) does not enumerate permitted interim measure content, but the enforcement framework and proportionality requirement constrain what the AI Office can order. Interim measures observed in analogous EU competition law enforcement (which Art.93 structurally resembles) include:

Capability restrictions:

Suspension of specific model capabilities (CBRN query response, persuasion applications, autonomous cyberattack planning)
Rate limiting or geographic restriction of model deployment
Mandatory output filtering for categories assessed as systemic risk vectors

Documentation requirements:

Immediate production of specific technical documentation (Annex XI/XII categories)
Completion of outstanding capability evaluations within accelerated timelines
Incident reporting under Art.73 for categories not previously covered

Operational requirements:

Suspension of new deployments to downstream deployers
Mandatory notification of existing downstream deployers of the investigation
Appointment of compliance monitor with AI Office reporting obligations

Infrastructure requirements:

Data segregation — moving specific training data categories to EU-sovereign storage
Access controls — restricting non-EU persons from accessing model weights or training systems

The proportionality requirement in Art.93(1) ("serious risk involved") constrains measure scope — the AI Office cannot order full model shutdown for a risk that could be addressed by capability-specific restriction. But proportionality is assessed at the time of the order, when the AI Office has the least information. The provider's ability to demonstrate afterwards that proportionality was violated is a General Court challenge ground.

The Art.89 Right to Be Heard: Suspended, Not Eliminated

The most significant procedural feature of Art.93 is its relationship to the Art.89 right to be heard. In standard enforcement, Art.89 requires the AI Office to give the provider an opportunity to respond before any adverse measure is taken. Art.93 is explicitly designed to bypass this requirement when urgency conditions are met.

But the bypass is temporary:

Pre-measure hearing: Not required under Art.93 — urgency exception applies
Post-measure hearing: Required "as soon as possible" under Art.93(4)
Formal proceedings hearing: Required in full as the investigation proceeds
General Court challenge: Available immediately after interim measure notification

The sequence is inverted compared to standard enforcement: the AI Office acts, then hears the provider, then adjusts. This inversion is legally significant — it means providers must mount their legal challenge reactively (challenging a decision already made) rather than proactively (presenting their case before the decision). The challenge posture requires faster legal mobilisation than standard enforcement.

Challenging Art.93 Orders: Legal Grounds

Art.93(4) explicitly preserves the right to apply to the General Court for annulment. The grounds available correspond to the four conditions in Art.93(1):

Ground 1 — Systemic risk designation not established: If the model does not actually meet the Art.51 threshold or has not been formally designated, Art.93 does not apply. This is a threshold legal challenge.

Ground 2 — Reasonable grounds not satisfied: If the evidence underlying the AI Office's infringement belief does not meet the "reasonable grounds" standard — if it is speculative, based on mischaracterised facts, or simply insufficient — the order can be challenged on this basis.

Ground 3 — Urgency condition not met: This is the most common challenge ground in analogous EU enforcement: the AI Office had sufficient time to use Art.90-92 investigation tools and chose not to. If a standard investigation would have identified and addressed the risk within a reasonable timeframe, the urgency exception is not available.

Ground 4 — Disproportionate measure: Even if Art.93(1) conditions are technically satisfied, the specific measure ordered must be proportionate to the risk. A full capability suspension when a restricted output filter would have addressed the same risk is challengeable on proportionality grounds.

Python Implementation: Art.93 Risk Assessment and Response Management

from dataclasses import dataclass, field
from datetime import datetime, timedelta
from enum import Enum
from typing import Optional

class SystemicRiskStatus(Enum):
    NOT_DESIGNATED = "not_designated"         # Below Art.51 threshold — Art.93 does not apply
    DESIGNATED = "designated"                  # Art.51 systemic risk confirmed
    UNDER_REVIEW = "under_review"             # AI Office reviewing designation

class InterimMeasureStatus(Enum):
    NOT_ACTIVE = "not_active"
    RECEIVED = "received"
    APPEALED = "appealed"
    UNDER_REVIEW = "under_review"   # 6-month mandatory review
    CONFIRMED = "confirmed"
    MODIFIED = "modified"
    REVOKED = "revoked"

@dataclass
class Art93InterimMeasure:
    """Received interim measure order under Art.93(1)."""
    adoption_date: datetime
    subject_matter: str
    stated_reasons: str
    urgency_justification: str  # AI Office's stated reason why Art.90-92 was insufficient
    anticipated_duration_months: int
    supporting_evidence_provided: bool
    status: InterimMeasureStatus = InterimMeasureStatus.RECEIVED
    first_review_date: Optional[datetime] = None
    appeal_filed: bool = False
    appeal_deadline: Optional[datetime] = None
    
    def __post_init__(self):
        # Art.93(3): mandatory review every 6 months
        self.first_review_date = self.adoption_date + timedelta(days=180)
        # General Court applications: typically 2 months from notification
        self.appeal_deadline = self.adoption_date + timedelta(days=60)
    
    def expiry_date(self) -> datetime:
        """Art.93(3): maximum 15 months initial duration."""
        return self.adoption_date + timedelta(days=30 * min(self.anticipated_duration_months, 15))
    
    def maximum_with_extension(self) -> datetime:
        """Art.93(3): up to 6 months extension possible = 21 months total."""
        return self.adoption_date + timedelta(days=30 * 21)
    
    def days_until_first_review(self) -> int:
        delta = self.first_review_date - datetime.now()
        return max(0, delta.days)
    
    def appeal_window_open(self) -> bool:
        """Check if General Court appeal window is still open."""
        return not self.appeal_filed and datetime.now() < self.appeal_deadline
    
    def days_until_appeal_deadline(self) -> int:
        delta = self.appeal_deadline - datetime.now()
        return max(0, delta.days)
    
    def challenge_grounds_assessment(self) -> list[str]:
        """Evaluate potential legal challenge grounds."""
        grounds = []
        if not self.supporting_evidence_provided:
            grounds.append(
                "Possible Ground 2: Reasonable grounds not satisfied — "
                "AI Office provided no supporting evidence in notification"
            )
        if "insufficient time" not in self.urgency_justification.lower():
            grounds.append(
                "Possible Ground 3: Urgency condition — "
                "justification does not specifically address why Art.90-92 timeline was insufficient"
            )
        if self.anticipated_duration_months > 15:
            grounds.append(
                "Ground: Duration exceeds Art.93(3) maximum of 15 months"
            )
        return grounds

@dataclass
class Art93RiskAssessment:
    """Pre-measure risk assessment — evaluate Art.93 exposure before it happens."""
    model_name: str
    systemic_risk_status: SystemicRiskStatus
    active_art90_requests: int = 0
    active_art91_inspections: int = 0
    active_art92_interviews: int = 0
    serious_incidents_last_12_months: int = 0
    documentation_gaps: list[str] = field(default_factory=list)
    capability_risk_categories: list[str] = field(default_factory=list)
    code_of_practice_signatory: bool = False
    eu_sovereign_infrastructure: bool = False
    
    def art93_risk_score(self) -> int:
        """Score 0-100: probability profile for Art.93 activation."""
        score = 0
        if self.systemic_risk_status == SystemicRiskStatus.DESIGNATED:
            score += 40  # Prerequisites met — Art.93 can apply
        elif self.systemic_risk_status == SystemicRiskStatus.UNDER_REVIEW:
            score += 20
        else:
            return 0  # Art.93 cannot apply to non-designated models
        
        # Active investigation multiplier
        score += self.active_art90_requests * 5
        score += self.active_art91_inspections * 7
        score += self.active_art92_interviews * 4
        
        # Incident history
        score += self.serious_incidents_last_12_months * 10
        
        # Documentation gaps
        score += len(self.documentation_gaps) * 5
        
        # Capability risk categories (CBRN, cyberattack, persuasion)
        high_risk_caps = [c for c in self.capability_risk_categories 
                          if any(r in c.lower() for r in ["cbrn", "cyber", "persuasion"])]
        score += len(high_risk_caps) * 8
        
        # Mitigating factors
        if self.code_of_practice_signatory:
            score -= 15
        if self.eu_sovereign_infrastructure:
            score -= 10
        
        return min(100, max(0, score))
    
    def risk_level(self) -> str:
        score = self.art93_risk_score()
        if score == 0:
            return "NONE — Not systemically designated, Art.93 does not apply"
        if score < 30:
            return "LOW"
        if score < 60:
            return "MEDIUM — Active investigation with documentation gaps"
        return "HIGH — Multiple triggers present, consider Art.94 commitment offer"
    
    def recommended_actions(self) -> list[str]:
        actions = []
        score = self.art93_risk_score()
        if score == 0:
            return ["Monitor Art.51 designation threshold — systemic risk status not yet triggered"]
        if self.serious_incidents_last_12_months > 0:
            actions.append(
                "Review Art.73 incident reports — serious incidents are the primary Art.93 trigger"
            )
        if self.documentation_gaps:
            actions.append(
                f"Close documentation gaps immediately: {', '.join(self.documentation_gaps[:3])}"
            )
        if score >= 60:
            actions.append(
                "URGENT: Consider proactive Art.94 commitment offer to AI Office — "
                "cooperation posture substantially reduces Art.93 activation probability"
            )
        if not self.eu_sovereign_infrastructure:
            actions.append(
                "Assess CLOUD Act exposure — EU-sovereign infrastructure reduces jurisdictional conflict "
                "that complicates Art.93 compliance response"
            )
        return actions

def check_art93_triggers(
    systemic_risk_designated: bool,
    recent_serious_incident: bool,
    active_investigation: bool,
    documentation_current: bool,
    code_of_practice_compliant: bool
) -> dict:
    """Pre-investigation Art.93 trigger assessment."""
    if not systemic_risk_designated:
        return {
            "art93_applicable": False,
            "reason": "Art.93 only applies to systemically-designated GPAI models (Art.51)",
            "risk_level": "NONE"
        }
    
    triggers = []
    mitigations = []
    
    if recent_serious_incident:
        triggers.append("Serious incident reported — highest-weight Art.93 trigger")
    if active_investigation:
        triggers.append("Active Art.90/91/92 investigation — AI Office already has reasonable grounds baseline")
    if not documentation_current:
        triggers.append("Documentation gaps — increases probability AI Office concludes urgency condition met")
    
    if code_of_practice_compliant:
        mitigations.append("Code of practice compliance — significantly reduces systemic risk inference")
    if documentation_current:
        mitigations.append("Current documentation — reduces AI Office ability to establish reasonable grounds")
    
    risk_level = "LOW"
    if len(triggers) >= 2:
        risk_level = "HIGH"
    elif len(triggers) == 1:
        risk_level = "MEDIUM"
    
    return {
        "art93_applicable": True,
        "active_triggers": triggers,
        "active_mitigations": mitigations,
        "risk_level": risk_level,
        "primary_recommendation": (
            "Offer Art.94 commitments proactively" if risk_level == "HIGH"
            else "Maintain documentation currency and code of practice compliance"
        )
    }

What to Do When You Receive an Art.93 Order

Unlike Art.90 document requests or Art.91 inspection notices, Art.93 notifications require immediate response on two parallel tracks simultaneously: operational compliance and legal challenge.

Track 1 — Operational compliance (hours):

Assess the specific capability or behaviour the order targets. Art.93 orders that target specific model capabilities (CBRN query response, certain deployment configurations) can often be operationally implemented without full model suspension. Mapping the order to the minimum operational change required is both legally necessary (proportionality limits the scope of required compliance) and strategically important (demonstrating cooperative compliance reduces the risk of escalation to Art.94 formal proceedings).

Track 2 — Legal response (days):

Engage EU AI Act enforcement counsel immediately. The appeal window to the General Court typically opens from the date of notification. The challenge grounds assessment above — systemic risk threshold, reasonable grounds, urgency condition, proportionality — should be evaluated within the first 48 hours. Even if a full General Court application is not pursued, the grounds assessment informs the Art.89 right-to-be-heard submissions that the AI Office must schedule "as soon as possible."

Track 3 — AI Office engagement (immediately):

Contact the AI Office to confirm receipt, express cooperative intent, and request scheduling of the Art.89 hearing. Cooperation after receipt of an Art.93 order is factored into Art.99 penalty assessment in the underlying enforcement proceedings. The provider that receives an Art.93 order, complies operationally, challenges proportionality legally, and engages cooperatively with the AI Office presents a fundamentally different risk profile than the provider that refuses to acknowledge the order.

Art.93 in the Full Chapter VII Enforcement Architecture

Enforcement Stage	Article	Duration	Urgency Exception?
Information gathering	Art.90	Weeks–months	No
On-site inspection	Art.91	Days–weeks	No
Staff interviews	Art.92	Days–weeks	No
Interim measures	Art.93	Hours–days	Yes — bypasses Art.89
Commitments	Art.94	Negotiated	N/A — provider-initiated
Penalty	Art.99	Final decision	No

The architecture reveals why Art.93 is the maximum compliance risk: every other enforcement instrument operates on timescales that permit preparation and response. Art.93 alone operates on the timescale of the risk itself — which is why the preconditions that reduce Art.93 risk are not procedural preparations (legal counsel, response protocols) but substantive ones: documentation currency, code of practice compliance, proactive incident reporting, and EU-sovereign infrastructure that removes jurisdictional complications from the AI Office's calculus.

Infrastructure Jurisdiction and Art.93 Compliance Speed

When the AI Office issues an Art.93 order requiring operational changes, the provider's ability to implement those changes quickly affects both compliance exposure (how long the violation period lasts) and the AI Office's assessment of cooperation (which feeds into Art.99 penalty assessment in the underlying proceedings).

For GPAI providers operating on mixed EU/US cloud infrastructure:

Interim measures requiring data segregation may need CLOUD Act analysis before implementation
Orders requiring model capability restriction must be implemented across all deployment regions, including US-based infrastructure
Infrastructure complexity increases implementation timelines, extending the period of technical non-compliance

For GPAI providers on EU-sovereign infrastructure:

Interim measure implementation operates under a single legal framework
No jurisdictional analysis required before implementing the AI Office's order
Implementation timelines are determined by technical complexity alone, not legal complexity

This is the operational manifestation of the jurisdictional argument that appears throughout the Art.89-94 enforcement sequence: EU-sovereign infrastructure does not eliminate enforcement risk, but it reduces the response time and legal complexity when enforcement arrives.

The 30-Item Art.93 Interim Measure Readiness Checklist

Phase 1 — Preventive Compliance (Items 1–10)

Art.51 systemic risk designation status confirmed and documented
If designated: Art.93 risk score assessed using the trigger matrix above
Annex XI/XII technical documentation current and accessible to AI Office within 48 hours
Capability evaluation reports dated within 12 months — CBRN, cyberattack, persuasion categories
Art.73 serious incident reporting procedure operational — no unreported incidents
Code of practice signed and compliance status current
Art.90 information request response procedure tested — maximum 5 business day target
EU AI Act enforcement counsel identified and engaged for rapid mobilisation
Art.93 response protocol documented — dual-track operational + legal response
EU-sovereign infrastructure assessment completed for GPAI training and inference systems

Phase 2 — Investigation Period (Items 11–20)

Active Art.90/91/92 investigation documented with AI Office contact log
Legal counsel briefed on active investigation — Art.93 escalation scenario planned
All Art.90 document requests satisfied completely — no outstanding gaps
Art.91 inspection access facilitated without obstruction
Art.92 interview requests responded to cooperatively
Art.94 commitment offer assessed — active investigation = Art.93 risk elevated
Incident reporting maintained throughout investigation — no new Art.73 gaps
Technical documentation updated if capability changes made during investigation period
AI Office cooperation posture documented — evidence of good faith engagement
Infrastructure jurisdiction analysis completed for investigation-relevant systems

Phase 3 — On Receipt of Art.93 Order (Items 21–30)

Legal counsel notified within 2 hours of receiving Art.93 notification
Order subject matter mapped to specific operational components within 4 hours
Minimum-scope operational compliance plan drafted within 24 hours
General Court appeal window noted — appeal deadline calendared (typically 60 days)
Challenge grounds assessment completed with counsel within 48 hours
Art.89 right-to-be-heard hearing requested from AI Office within 48 hours
Art.94 commitment offer assessed as primary resolution pathway within 48 hours
Art.93(3) mandatory review date (6 months) calendared — arguments for modification/revocation prepared
Art.99 penalty assessment: cooperation, seriousness, duration — enforcement file management started
Post-order compliance documentation established — every implementation step recorded with timestamps

Art.93 in Context: The Systemic Risk Enforcement Sequence

The five articles immediately before Art.93 (Art.89-92) are all investigative instruments. Art.93 is the first enforcement instrument in Chapter VII with immediate operational consequence — the first that can change what a GPAI model can do, not just what information the provider must provide about it.

The policy logic: for providers with systemic risk designation, compliance is not merely a documentation exercise. A GPAI model capable of contributing to CBRN weapons development, conducting autonomous cyberattacks, or executing mass persuasion campaigns represents a risk that documentation cannot mitigate after the harm has occurred. Art.93 is the EU legislature's acknowledgment that the normal rule of law sequence — investigate, hear, decide, enforce — may be insufficient for the highest-risk GPAI capabilities.

This is why the most effective Art.93 risk reduction is not a legal strategy but an engineering one: if the documentation demonstrates that the model does not have the risk capabilities that trigger Art.93's urgency condition, the preconditions for Art.93 activation are not met. The provider with comprehensive capability evaluations, a signed code of practice, and a cooperative AI Office relationship has made the legal question of Art.93 activation the hardest argument for the AI Office to make — not the easiest.

Art.93 interim measures complete the emergency layer of Chapter VII enforcement. The sequence Art.89-94 covers: right to be heard, information requests, inspection, interviews, emergency orders, and commitments. The 30-item checklist covers preventive compliance, investigation-period behaviour, and post-order response. For infrastructure that keeps enforcement response under a single legal order: sota.io