A Market Surveillance Authority (MSA) is the national competent authority designated by each EU member state to enforce the EU AI Act and protect public interests. Empowered with investigative and corrective powers, an MSA monitors the market for non-compliant high-risk AI systems, conducts unannounced inspections, and can demand immediate withdrawal or recall of products that pose a serious risk to health, safety, or fundamental rights.
Glossary
Market Surveillance Authority

What is a Market Surveillance Authority?
A national public body designated by an EU member state to enforce the AI Act, possessing the power to investigate non-compliant systems, demand corrective action, and restrict market access.
MSAs serve as the primary enforcement interface between providers, deployers, and the European Commission. They are responsible for evaluating serious incident reports, verifying CE marking validity, and coordinating cross-border investigations through the European Artificial Intelligence Board. Their authority extends to suspending or restricting the supply of a non-conforming system until the provider implements mandatory corrective actions.
Core Powers and Responsibilities
A national public body designated by an EU member state to enforce the AI Act, possessing the power to investigate non-compliant systems, demand corrective action, and restrict market access.
Investigative Powers
The authority can conduct unannounced on-site inspections and request access to source code, datasets, and technical documentation. It may interview personnel and seize evidence to determine if a high-risk AI system violates the AI Act's essential requirements. Providers must grant full access to training, validation, and testing datasets, including business secrets, under strict confidentiality safeguards.
Corrective Action Mandates
If a system is found non-compliant, the authority issues a mandatory corrective action order with a binding deadline. This can require the provider to bring the system into conformity, address a specific risk, or recall the product entirely. Failure to comply triggers the power to restrict or prohibit market availability and demand immediate withdrawal from service.
Serious Incident Investigation
The authority is the primary recipient of serious incident reports from providers. Upon notification of a malfunction causing death or serious harm, it launches an immediate investigation to determine root cause. It coordinates with other member states if the incident has cross-border impact and can issue interim restrictive measures before the investigation concludes to prevent further harm.
Market Access Control
The authority holds the power to provisionally suspend a system's CE marking and demand its removal from the EU market. For systems presenting an unacceptable risk, it can order the permanent withdrawal and public recall from end-users. This gatekeeping function ensures only compliant, safe AI products circulate within the single market.
Cross-Border Cooperation
Market surveillance authorities operate within a network of EU coordination. When a non-compliance issue spans multiple member states, the authority must collaborate with counterparts through the European Artificial Intelligence Board (EAIB). Joint investigations and mutual recognition of findings ensure consistent enforcement across the single market, preventing regulatory arbitrage.
Penalty Imposition
The authority can levy administrative fines for non-compliance, with maximum amounts set as a percentage of global annual turnover or a fixed sum, whichever is higher. Penalties are effective, proportionate, and dissuasive. Specific caps include:
- €35 million or 7% for prohibited practices
- €15 million or 3% for most other infringements
- €7.5 million or 1.5% for supplying incorrect information
How Market Surveillance Authorities Operate
Market surveillance authorities are the national enforcement bodies responsible for ensuring that AI systems placed on the EU market comply with the AI Act, possessing broad investigative and corrective powers.
A Market Surveillance Authority is a national public body designated by an EU member state to enforce the AI Act, possessing the power to investigate non-compliant systems, demand corrective action, and restrict market access. These authorities act as the primary interface between regulation and the physical marketplace, ensuring that only AI systems bearing a valid CE marking and meeting essential requirements are made available to end users.
Upon identifying a non-compliant or dangerous AI system, the authority can issue a formal warning, order a mandatory recall, or immediately prohibit the product's distribution. They coordinate cross-border investigations through the European Artificial Intelligence Board and rely on serious incident reporting from providers to trigger reactive inspections, ensuring a harmonized enforcement posture across the single market.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clarifying the investigative and corrective powers of national authorities responsible for enforcing the EU AI Act on the ground.
A Market Surveillance Authority (MSA) is a national public body designated by each EU member state to enforce the AI Act, possessing the power to investigate non-compliant systems, demand corrective action, and restrict market access. Unlike a Notified Body, which performs pre-market conformity assessments, the MSA is the active policing force for AI products already on the market. These authorities operate independently to ensure that only AI systems bearing a valid CE Marking and meeting essential requirements are made available to end-users. Their mandate covers both physical products with integrated AI and stand-alone software, granting them the authority to conduct unannounced inspections and mandate immediate product recalls if a system poses a serious risk to health, safety, or fundamental rights.
Related Terms
Understanding the Market Surveillance Authority requires context on the broader enforcement and compliance mechanisms established by the EU AI Act.
Notified Body
An independent, accredited organization designated by an EU member state to conduct third-party conformity assessments of high-risk AI systems. Unlike the Market Surveillance Authority, which focuses on post-market enforcement, a Notified Body is involved in the pre-market certification phase, verifying technical documentation and quality management systems before a product can receive a CE Marking.
Serious Incident Reporting
A mandatory obligation for providers to immediately notify the Market Surveillance Authority of any malfunction or failure of an AI system that leads to death, serious damage to health, or serious damage to property. This mechanism is the primary real-world sensor that triggers an MSA investigation, enabling the authority to rapidly identify systemic risks and order corrective actions or product recalls.
Post-Market Monitoring
The continuous, systematic process by which a provider collects and analyzes real-world data on a deployed AI system's performance. This documented plan is a core obligation for high-risk AI systems and serves as a critical data source for the Market Surveillance Authority. The MSA reviews these monitoring reports to identify emerging risks that were not apparent during the initial conformity assessment.
Substantial Modification
A change to an AI system's intended purpose or a significant alteration to its performance characteristics that invalidates the original conformity assessment. When a provider makes a substantial modification, the system is treated as a new product requiring fresh certification. The Market Surveillance Authority has the power to determine whether a modification is 'substantial' and can order a new conformity assessment if it deems the change introduces new risks.
Regulatory Sandbox
A controlled environment established by a competent authority that allows providers to develop, test, and validate innovative AI systems under direct regulatory supervision for a limited time. While the Market Surveillance Authority enforces rules in the open market, the sandbox provides a safe space for experimentation where the MSA may offer informal guidance, helping innovators achieve compliance before a full-scale market launch.
CE Marking
A physical or digital mark affixed to an AI system indicating the manufacturer's declaration of conformity with all applicable EU harmonization legislation. The Market Surveillance Authority is the ultimate enforcer of the integrity of this mark. If an MSA discovers a non-compliant system bearing a CE marking, it can compel the provider to withdraw or recall the product, effectively revoking its market access.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us