European think tank Bruegel has published a policy brief recommending fundamental changes to the EU’s Artificial Intelligence Act enforcement model, proposing a shift from mandatory pre-deployment compliance checks to post-market surveillance for high-risk AI systems. The proposal, released this week, arrives as businesses face implementation deadlines for what has become the world’s most comprehensive AI regulatory framework.
The current AI Act requires companies deploying high-risk systems—spanning sectors from healthcare diagnostics to credit scoring—to complete extensive conformity assessments before market entry. Bruegel’s analysis argues this ex-ante approach creates disproportionate compliance costs whilst offering limited practical oversight of AI systems that evolve continuously after deployment.
Under the proposed model, firms would instead face intensified market surveillance by national authorities after systems go live. This mirrors regulatory approaches in pharmaceuticals and automotive safety, where post-market monitoring has proven more effective at identifying real-world failures than pre-approval testing alone.
The policy brief identifies specific bottlenecks in the current framework: conformity assessment bodies lack the technical capacity to evaluate complex machine learning systems, creating approval backlogs. Meanwhile, the static nature of pre-deployment checks fails to account for model drift and performance degradation that emerges only through operational use.
For multinational technology firms, the proposal presents a double-edged calculation. Reduced upfront compliance costs could accelerate European market entry, particularly benefiting smaller AI developers currently deterred by assessment expenses. However, the trade-off involves accepting heightened regulatory scrutiny once systems are operational, with authorities empowered to demand algorithm audits and impose penalties for post-deployment failures.
Enterprise AI adopters—particularly in regulated industries like finance and healthcare—face different implications. The current regime’s emphasis on vendor compliance documentation provides a defensive shield for organisations deploying third-party systems. A shift to post-market enforcement would transfer more liability risk to end-users, requiring stronger internal monitoring capabilities.
The proposal arrives as enforcement infrastructure takes shape across member states. The AI Act designates national market surveillance authorities to oversee compliance, but capacity remains uneven. Germany has allocated substantial resources to its Federal Office for Information Security, whilst smaller economies struggle with technical expertise gaps. Bruegel’s model would intensify these capacity demands, requiring authorities to conduct sophisticated ongoing assessments rather than one-time approvals.
Legal practitioners note the approach aligns the AI Act more closely with existing product safety frameworks under the New Legislative Framework, potentially simplifying cross-regulatory compliance for manufacturers already subject to CE marking requirements. However, the continuous nature of AI system updates creates novel challenges absent in traditional product regulation.
The proposal’s reception will likely divide along industry lines. Established technology firms with robust compliance infrastructure may resist changes that increase operational uncertainty, whilst start-ups facing prohibitive entry costs could champion reform. National regulators’ positions will depend partly on existing surveillance capacity and enforcement philosophy.
The European Commission has shown limited appetite for major AI Act revisions following the regulation’s February 2024 entry into force, with full applicability scheduled for August 2026. However, the implementation period provides a window for refinements, particularly if early enforcement reveals systematic issues with the pre-deployment model.
Business leaders should monitor three developments: member state positions on enforcement models as they establish national frameworks, conformity assessment body capacity as the first high-risk systems seek approval, and any Commission signals regarding implementation guidance that might incorporate post-market elements without formal legislative changes.
The debate ultimately centres on whether AI’s unique characteristics—continuous learning, opacity, and rapid evolution—demand novel regulatory approaches or fit within existing product safety paradigms. Bruegel’s intervention ensures this question will shape compliance strategies as Europe’s regulatory model influences global standards.







