§ EU AI Act · Article 70
AI Act Article 70: Obligations, Deadlines & Penalties
At a glance
Article 70 of the AI Act imposes 18 obligations on Commission, European Data Protection Supervisor, Member State and 2 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 70
Obligation 1
Each Member State shall establish or designate at least one notifying authority and at least one market surveillance authority for the purposes of this Regulation.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
establish
- Deadline
-
—
- Penalty
-
—
Obligation 2
National competent authorities shall exercise their powers independently, impartially and without bias to safeguard objectivity and ensure application of the Regulation.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
national competent authority
- Action required
-
exercise
- Deadline
-
—
- Penalty
-
—
Obligation 3
Members of national competent authorities shall refrain from any action incompatible with their duties.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
members of national competent authorities
- Action required
-
refrain
- Deadline
-
—
- Penalty
-
—
Obligation 4
Member States shall communicate to the Commission the identity of the notifying authorities and market surveillance authorities, their tasks, and any subsequent changes.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
communicate
- Deadline
-
—
- Penalty
-
—
Obligation 5
Member States shall make publicly available information on how competent authorities and single points of contact can be contacted through electronic communication means.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
make publicly available
- Deadline
-
2 August 2025
- Penalty
-
—
Obligation 6
Member States shall designate a market surveillance authority to act as the single point of contact for this Regulation.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
designate
- Deadline
-
—
- Penalty
-
—
Obligation 7
Member States shall notify the Commission of the identity of the single point of contact.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
notify
- Deadline
-
—
- Penalty
-
—
Obligation 8
The Commission shall make a list of the single points of contact publicly available.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Commission
- Action required
-
make publicly available
- Deadline
-
—
- Penalty
-
—
Obligation 9
Member States shall ensure that national competent authorities are provided with adequate technical, financial and human resources, and infrastructure to fulfil their tasks effectively.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 10
National competent authorities shall have a sufficient number of personnel permanently available with competences including AI technologies, data protection, cybersecurity, and fundamental rights.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
national competent authority
- Action required
-
have
- Deadline
-
—
- Penalty
-
—
Obligation 11
Member States shall assess and, if necessary, update competence and resource requirements for national competent authorities on an annual basis.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
assess
- Deadline
-
annual basis
- Penalty
-
—
Obligation 12
National competent authorities shall take appropriate measures to ensure an adequate level of cybersecurity.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
national competent authority
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 13
National competent authorities shall act in accordance with the confidentiality obligations set out in Article 78 when performing their tasks.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
national competent authority
- Action required
-
act
- Deadline
-
—
- Penalty
-
—
Obligation 14
Member States shall report to the Commission on the status of the financial and human resources of the national competent authorities, with an assessment of their adequacy.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Member State
- Action required
-
report
- Deadline
-
2 August 2025, and once every two years thereafter
- Penalty
-
—
Obligation 15
The Commission shall transmit information on resources of national competent authorities to the Board for discussion and possible recommendations.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Commission
- Action required
-
transmit
- Deadline
-
—
- Penalty
-
—
Obligation 16
The Commission shall facilitate the exchange of experience between national competent authorities.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
Commission
- Action required
-
facilitate
- Deadline
-
—
- Penalty
-
—
Obligation 17
Where national competent authorities intend to provide guidance on an AI system in areas covered by other Union law, they shall consult the national competent authorities under that Union law.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
national competent authority
- Action required
-
consult
- Deadline
-
—
- Penalty
-
—
Obligation 18
Where Union institutions, bodies, offices or agencies fall within the scope of this Regulation, the European Data Protection Supervisor shall act as the competent authority for their supervision.
Regulation (EU) 2024/1689, Article 70, Article 70
- Obligated entity
-
European Data Protection Supervisor
- Sector scope
- Union institutions, bodies, offices or agencies
- Action required
-
act
- Deadline
-
—
- Penalty
-
—
§ Deadlines
EU AI Act compliance deadlines
-
2025-02-02
Article 4 AI literacy
in_force
-
2025-02-02
Article 5 prohibitions (unacceptable risk)
in_force
-
2025-08-02
GPAI model obligations (Articles 51 to 56)
in_force
-
2026-08-02
Article 50(2) machine-readable marking (watermarking) of AI-generated content
provisionally_amended
-
2026-08-02
Article 50 transparency obligations OTHER than the 50(2) marking grace (for example disclosure that a user is interacting with an AI system)
scheduled
-
2026-08-02
Annex III stand-alone high-risk obligations
provisionally_amended
-
2026-08-02
National AI regulatory sandboxes (establishment deadline)
provisionally_amended
-
2026-12-02
NEW Article 5 prohibition: AI generation of non-consensual intimate imagery (NCII) and CSAM
provisionally_amended
-
2027-08-02
Annex I embedded (regulated-product) high-risk obligations
provisionally_amended
§ Frequently asked
Questions about Article 70
Who must comply with Article 70 of the AI Act?
+
Commission, European Data Protection Supervisor, Member State, members of national competent authorities, national competent authority.
What does Article 70 of the AI Act require?
+
establish exercise refrain
What is the compliance deadline for AI Act Article 70?
+
2 August 2025; 2 August 2025, and once every two years thereafter; annual basis