Article 82: Compliant AI Systems Which Present a Risk
Article 82 addresses the scenario where a high-risk AI system has passed conformity assessment, bears a CE marking, and formally complies with the AI Act — but nonetheless presents a risk to health, safety, fundamental rights, or the environment. This is the ultimate "compliant but risky" safety net. The market surveillance authority may require the provider to take corrective action, withdraw, or recall the system despite its CE marking. The authority must notify the Commission and other Member States, at which point the Article 81 Union safeguard mechanism kicks in to evaluate whether the national measure should apply Union-wide. Article 82 recognises that conformity assessment is a point-in-time check and that real-world risks can evolve beyond original certification assumptions. Always verify on EUR-Lex.
Who does this apply to?
- -Market surveillance authorities that identify risk in CE-marked, conformity-assessed AI systems
- -Providers of high-risk AI systems that have completed conformity assessment and bear the CE marking
- -The European Commission, which evaluates national measures through the Article 81 safeguard procedure
Scenarios
A hospital deploys a CE-marked AI diagnostic system (Annex III, area 1(a) — health) that passed conformity assessment in 2026. By 2027, epidemiological data reveals the system's training data did not adequately represent a new disease variant, leading to a 15% false-negative rate in affected populations. The system still formally complies with its original documentation.
A CE-marked high-risk AI system for biometric identification at airports passes all conformity checks. Post-deployment, researchers publish evidence that the system exhibits significantly higher false-positive rates for certain ethnic groups, raising fundamental rights concerns not captured during the original conformity assessment.
The 'compliant but risky' safety net (plain language)
Article 82 exists because CE marking is not a permanent guarantee of safety. An AI system may legitimately pass every conformity check and still become risky due to:
- Data drift — the real world changes faster than the training data
- Adversarial exploitation — threat actors discover vulnerabilities post-deployment
- Deployment context shift — the system is used in environments not fully anticipated during conformity assessment
- Emerging evidence — academic research or post-market monitoring reveals previously unknown risks
- Evolving norms — fundamental rights standards or scientific understanding of harm may develop
Article 82 empowers authorities to act regardless of formal compliance status, ensuring the AI Act is outcome-oriented rather than purely process-oriented. The CE marking does not shield providers from corrective action when real-world evidence shows risk.
Enforcement procedure under Article 82
Step 1 — Risk identification: The market surveillance authority identifies that a CE-marked, conformity-assessed high-risk AI system presents a risk to health, safety, fundamental rights, or the environment.
Step 2 — Corrective action: The authority requires the provider to take appropriate corrective action to bring the risk into line — this may include system modifications, operational restrictions, additional safeguards, or updated risk management.
Step 3 — Escalation: If the provider does not adequately address the risk, the authority may require the provider to withdraw or recall the system from the market within a reasonable period.
Step 4 — Notification and Union procedure: The authority notifies the Commission and all other Member States of its measure. The Article 81 Union safeguard procedure applies — the Commission evaluates whether the measure is justified and, if so, requires Union-wide action.
How Article 82 connects to the rest of the Act
- Article 43 — Conformity assessment procedures that the system originally passed.
- Article 47 — EU declaration of conformity; may need updating after corrective action.
- Article 48 — CE marking that the system bears despite the risk finding.
- Article 79 — Parallel procedure for non-compliant systems presenting a risk (Article 82 is specifically for formally compliant systems).
- Article 81 — Union safeguard procedure triggered by the Article 82 notification.
- Article 113 — Application dates; Article 82 applies from 2 August 2026.
Official wording (excerpt): Article 82
Editorial note: The full authentic text of Article 82 is published on EUR-Lex. The following is a faithful summary of its core operative provisions.
Where the market surveillance authority of a Member State finds that an AI system which is in compliance with this Regulation nonetheless presents a risk to the health or safety of persons, to the compliance with obligations under Union or national law intended to protect fundamental rights, or to other aspects of public interest protection, it shall require the relevant provider to take all appropriate corrective action to ensure that the AI system concerned, when placed on the market or put into service, no longer presents that risk, to withdraw the system from the market, or to recall it within a reasonable period. The authority shall immediately inform the Commission and the other Member States. The Commission shall evaluate the measure in accordance with Article 81.
Compliance checklist
- Maintain robust post-market monitoring (Article 72) to detect risk signals before authorities do — early detection and voluntary correction reduces Article 82 exposure.
- Build ongoing model performance monitoring for data drift, accuracy degradation, and emerging bias — do not assume conformity assessment results remain valid indefinitely.
- Prepare rapid-response capabilities for corrective action: model retraining, safety patches, operational restrictions, and updated risk assessments.
- Document all post-deployment changes and their impact on the original conformity assessment — this evidence is critical during Article 82 proceedings.
- If corrective action is ordered: update your conformity documentation (Article 47), re-assess under Article 43 if material changes are made, and update the EU database registration.
- Track Article 82 cases across the Union — Commission opinions create enforcement precedent that may affect similarly certified systems.
- For notified bodies: consider whether the Article 82 finding reveals a systematic gap in your assessment methodology.
Monitor post-market risks—start the free assessment.
Start Free AssessmentRelated Articles
Article 47: EU Declaration of Conformity
Article 48: CE Marking for High-Risk AI Systems
Article 79: Procedure at National Level for AI Systems Presenting a Risk
Article 81: Union Safeguard Procedure
Article 43: Conformity Assessment for High-Risk AI Systems
Article 113: Entry into Force and Application Dates
Frequently asked questions
Can my CE-marked system really be pulled from the market even though it passed conformity assessment?
Yes — this is precisely what Article 82 enables. The CE marking indicates compliance at the time of assessment, but if the system later presents a risk, the authority can require corrective action, withdrawal, or recall. CE marking is not an indefinite compliance shield.
How does Article 82 differ from Article 79?
Both address AI systems presenting a risk. Article 79 covers the general case — including systems that may have formal compliance gaps. Article 82 specifically covers systems that are fully compliant (CE-marked, conformity assessment passed) but still present a risk. The distinction matters because Article 82 acknowledges that the system did everything right on paper.
Does Article 82 require me to redo my conformity assessment?
Not automatically. The authority requires corrective action to eliminate the risk. If the corrective action involves substantial modification to the system, you may need to update your conformity assessment under Article 43 and your EU declaration of conformity under Article 47. Minor corrective actions may only require documentation updates.