Legalithm logo
Chapter IX, Section 2 — Market surveillanceArticle 77

Article 77: Powers of Authorities Protecting Fundamental Rights

Applies from 2 Aug 20266 min readEUR-Lex verified Apr 2026

Article 77 grants national public authorities or bodies that supervise or enforce obligations under Union law protecting fundamental rights — including equality bodies and data protection authorities — the power to access documentation created under the AI Act. When these authorities have reason to consider that the use of a high-risk AI system presents a risk to fundamental rights, they may request and access documentation from providers and deployers to assess compliance. They may also alert market surveillance authorities when they find evidence of non-compliance. This provision bridges AI Act enforcement with existing fundamental rights frameworks (GDPR, anti-discrimination directives, etc.). Always verify on EUR-Lex.

Start free assessmentAll articles

Who does this apply to?

  • -National equality bodies enforcing anti-discrimination law in the context of AI deployment
  • -Data protection authorities (DPAs) where AI systems process personal data and risk fundamental rights
  • -Other national authorities or bodies mandated to protect fundamental rights under Union law
  • -Providers and deployers of high-risk AI systems who must respond to documentation requests from these authorities

Scenarios

A national equality body receives complaints that a high-risk AI recruitment tool systematically disadvantages candidates with disabilities. The equality body suspects the deployer's fundamental rights impact assessment (Article 27) is inadequate.

Under Article 77, the equality body requests the deployer's FRIA documentation and the provider's technical documentation (bias testing results, data governance records). After review, it finds evidence of non-compliance and alerts the market surveillance authority, which opens a formal investigation under Article 74.
Ref. Art. 77 + Art. 27

A data protection authority (DPA) investigating a GDPR complaint about automated decision-making discovers that the high-risk AI system used for credit scoring may violate Article 10 data governance requirements.

The DPA exercises its Article 77 powers to access the provider's AI Act documentation — including training data governance records and bias monitoring reports — to assess whether the AI Act obligations reinforce or overlap with the GDPR concerns. The DPA shares its findings with the market surveillance authority.
Ref. Art. 77 + Art. 10

What Article 77 does (plain terms)

Article 77 creates a bridge between AI Act enforcement and the existing landscape of fundamental rights supervision in Member States:

  • Equality bodies, data protection authorities, and other bodies mandated to protect fundamental rights under Union law gain access powers under the AI Act
  • These authorities may request documentation from providers and deployers when they have reason to believe a high-risk AI system risks fundamental rights
  • Accessible documentation includes: technical documentation (Article 11), fundamental rights impact assessments (Article 27), logging records (Article 12), and other compliance records
  • These authorities may alert market surveillance authorities when they identify non-compliance, triggering the enforcement powers under Articles 74–79
  • The article does not create new substantive fundamental rights obligations — it gives existing rights bodies the procedural tools to enforce their mandates in the AI context

Interaction with GDPR and anti-discrimination law

Article 77 is designed to avoid enforcement silos:

  • GDPR interface: DPAs already supervise automated decision-making (GDPR Articles 22, 35–36). Article 77 ensures they can also access AI Act documentation to assess whether technical safeguards (data governance, bias testing) support GDPR compliance
  • Equality directives interface: Equality bodies enforcing the Racial Equality Directive (2000/43/EC), Employment Equality Directive (2000/78/EC), or Gender Equality Directive (2006/54/EC) can now access AI system documentation relevant to discriminatory outcomes
  • Complementary enforcement: A single AI system may face parallel scrutiny — the DPA for data protection, the equality body for discrimination, and the market surveillance authority for AI Act compliance — Article 77 enables information flow between all three

How Article 77 connects to the rest of the Act

  • Article 27 — Fundamental rights impact assessment (FRIA) that deployers must conduct and that rights bodies can request under Article 77.
  • Article 26 — Deployer obligations including monitoring for fundamental rights risks.
  • Article 11 — Technical documentation that rights bodies may access.
  • Article 12 — Logging requirements whose records may be requested.
  • Article 74 — Market surveillance authority powers triggered by Article 77 alerts.
  • Article 10 — Data governance obligations relevant to bias and discrimination assessments.
  • Article 113 — Application dates and staged entry into force.

Recitals (preamble) on EUR-Lex

The recitals in the consolidated AI Act on EUR-Lex emphasise the complementarity between AI Act enforcement and existing fundamental rights frameworks. The legislature recognised that market surveillance authorities alone may lack the expertise to assess fundamental rights impacts — hence the need to empower specialised bodies. Consult the official preamble on EUR-Lex for the legislative intent.

Compliance checklist

  • Identify which fundamental rights authorities have jurisdiction over your AI use cases (equality bodies, DPAs, consumer authorities).
  • Ensure your fundamental rights impact assessment (Article 27) is documented and ready for authority request.
  • Maintain technical documentation (Article 11) in a format that can be shared with non-technical rights bodies.
  • Prepare internal procedures for responding to Article 77 documentation requests within the authority's timelines.
  • Coordinate between your AI compliance team, data protection officer, and diversity/inclusion function.
  • Log all Article 77 requests received, documentation shared, and authority communications.
Read the official text on EUR-Lex

Prepare for fundamental rights scrutiny—start the free assessment.

Start Free Assessment

Frequently asked questions

Can a DPA use Article 77 to access AI training data?

Article 77 grants access to documentation created under the AI Act — this includes data governance records (Article 10) and technical documentation (Article 11). Whether this extends to the training data itself depends on the specific documentation requirements. The DPA's existing GDPR powers may also apply.

Does Article 77 give equality bodies enforcement powers under the AI Act?

Not directly. Article 77 gives them access and alert powers — they can request documentation and flag issues. Formal enforcement (corrective actions, fines) remains with market surveillance authorities under Articles 74–79. However, equality bodies retain their own enforcement powers under anti-discrimination directives.

What if there is a conflict between GDPR and AI Act documentation access?

Article 77 documentation access must respect confidentiality obligations (Article 78) and data protection rules. Where documentation contains personal data, the DPA is already the competent authority. Coordination between AI Act and GDPR proceedings is expected but not fully detailed — consult EUR-Lex and national implementing measures.