Article 110: AI Systems Already Placed on the Market or Put into Service

Article 110 creates a targeted grandfathering clause for a specific category of AI systems: those embedded in the EU's large-scale IT systems established under the legislation listed in Annex X. These are primarily justice and home affairs (JHA) information systems operated by EU agencies (eu-LISA) or Member State authorities.

The systems covered by Annex X include: - Schengen Information System (SIS) — alerts on persons and objects for border, police, and immigration checks - Visa Information System (VIS) — processing of visa applications and biometric data - Eurodac — fingerprint database for asylum applicants - Entry/Exit System (EES) — tracking non-EU nationals crossing the Schengen border - European Travel Information and Authorisation System (ETIAS) — pre-travel authorisation - European Criminal Records Information System for third-country nationals (ECRIS-TCN) - Other systems as specified in the Annex

The rule: If an AI system is a component of one of these large-scale IT systems and was placed on the market or put into service before 2 August 2027 (12 months after the full application date of 2 August 2026), the AI Act does not apply to it — unless it undergoes a significant modification after that date.

Why this matters: These systems are massive, complex, and operated under their own EU legal frameworks with extensive data protection and oversight requirements. The legislator recognised that retroactively applying the AI Act to long-running, already-deployed public-sector systems would be operationally impractical and potentially disruptive. The grandfathering allows a managed transition.

Key distinction from Article 111: Article 111 provides broader transitional provisions for AI systems generally. Article 110 is narrower — it applies only to components of Annex X large-scale IT systems. The two provisions are separate and cumulative.

• Annex X — Lists the large-scale IT systems whose AI components benefit from the Article 110 grandfathering clause. This is the definitive scope — only systems listed in Annex X qualify.
• Article 111 — General transitional provisions: the broader transitional regime for AI systems already on the market. Article 110 is a separate, narrower provision specifically for Annex X systems.
• Article 6 — High-risk classification: many Annex X systems involve biometric identification, law enforcement, and migration management — use cases that would normally qualify as high-risk under Annex III. Article 110 temporarily shields existing systems from these requirements.
• Article 26 — Deployer obligations: public-sector deployers of Annex X systems benefit from the grandfathering, but must be prepared to comply if significant modifications are made.
• Article 113 — Entry into force and application dates: the 2 August 2027 deadline is calculated as 12 months after the 2 August 2026 general application date.

The Article 110 exemption is not permanent. It ends when the AI system undergoes a significant modification after 2 August 2027. The concept of 'significant modification' is defined in the AI Act and generally means a change that:

• Affects the AI system's compliance with the applicable requirements, or
• Modifies the intended purpose for which the AI system has been assessed

In the context of large-scale IT systems, the following changes could constitute a significant modification: - Replacing the AI model with a fundamentally different architecture (e.g., switching from a rule-based matching system to a deep learning model) - Expanding the AI system's functionality beyond its original scope (e.g., adding new biometric modalities) - Retraining on substantially different data that alters the system's performance profile - Changing the intended purpose of the AI component (e.g., from identity verification to behavioural prediction)

Minor updates, bug fixes, and routine maintenance are unlikely to trigger the threshold. However, the boundary is fact-specific — operators should document each change and assess whether it meets the significant modification criteria.

Once a significant modification triggers AI Act applicability, the full set of obligations applies — including high-risk requirements, conformity assessment, and deployer obligations.

For eu-LISA and system operators: - Maintain a detailed inventory of all AI components in Annex X systems, including their deployment dates, technical specifications, and modification history. - Establish a change assessment process: before any upgrade, evaluate whether the change constitutes a significant modification under the AI Act. If it does, plan for full AI Act compliance. - Even for grandfathered systems, consider voluntarily adopting AI Act-aligned practices (risk management, bias monitoring, transparency) as good governance — this also prepares the organisation for eventual compliance when modifications occur.

For technology providers: - If you supply AI components for Annex X systems, be aware that the grandfathering only protects existing deployments. New contracts or major upgrades after the deadline will require AI Act compliance. - Build AI Act compliance capability now, even if current contracts are grandfathered — future procurement specifications are likely to require it.

For compliance teams: - Document the deployment date of each AI component to establish eligibility for grandfathering. - Maintain a modification log with a legal assessment of whether each change reaches the significant modification threshold. - Plan a compliance roadmap for the transition: identify which systems are approaching end-of-life or major upgrade cycles and budget for AI Act compliance accordingly.