EU Member States — AI Regulatory Implementation
Overview
Section titled “Overview”The EU AI Act is a directly applicable Regulation and does not require Member State transposition. But work at the Member State level happens along three dimensions:
- Designation of national competent authorities (AI Act Article 70) — market-surveillance authorities (MSAs) + notified bodies.
- National AI legislation (supplementary to, not replacing, the AI Act).
- DPA (data protection authority) enforcement of GDPR as applied to AI.
By the deadline of 2025-07-10, only 3 of the 27 Member States (Lithuania, Luxembourg, Malta) had completed the designation of AI Act competent authorities. Major jurisdictions including Germany, France, Italy, Spain, and Austria had not; this is one of the main reasons behind the Digital Omnibus proposal’s suggested delay.
Collected
Section titled “Collected”Early-mover / dedicated AI authorities
Section titled “Early-mover / dedicated AI authorities”- Spain — AESIA — the EU’s first dedicated AI regulator, operational 2024-06, issuing 16 compliance guidance documents in 2024-12.
DPA-led AI oversight
Section titled “DPA-led AI oversight”- France — CNIL AI — France’s most active line of AI × GDPR regulation; 12+ guidance documents since 2023, two key recommendations in 2025-02.
Comparison with non-EU neighbours
Section titled “Comparison with non-EU neighbours”- UK: AI Safety Institute (2023), a pro-innovation non-legislative approach.
- Norway / Switzerland: follow the EU AI Act with adjustments on specifics.
- Ukraine / Western Balkans: EU-candidate states aligning to the AI Act.