With just under three months to go before the 27 EU member states need to appoint a regulator tasked with overseeing business’ compliance with the AI Act, it remains unclear in at least half of the member states which authority will be nominated, a round-up by Euronews shows.
By 2 August member states must notify the Commission about which market surveillance authorities are appointed, in addition the countries need to adopt an implementing law that sets out penalties and that empowers their authorities.
The latest meeting of the AI Board in late March, which helps coordinate cooperation between member states, showed that the majority of the counties sent representatives from ministries. Just a handful – Denmark, Greece, Italy, Portugal and Romania – had national regulators attending.
The EU executive does not want to comment on which countries are ready yet, but an official working at the AI Office told Euronews that the process in those member states that recently went through elections, such as Germany, will likely be delayed.
The official said that the states are overall are having “intense discussions” in the AI Board – which helps coordinate cooperation between member states – as there are different ways to set up the oversight structure.
Countries are free to decide how to do it, and whether to appoint just one or several regulators.
“I think 95% of them have certainly chosen the structure that they want to have, and started the process to appoint the authorities. We will see whether on 2 August things will be finalized or not. Sometimes it’s difficult to tell because the process in the parliaments may be more or less on here,” the official said.
Delays
The AI Act – which aims to regulate AI tools according to the risk they pose to society – entered into force in August 2024, and started to apply gradually. It will be fully in force in 2027.
A delay in appointing the oversight bodies will mean uncertainty for businesses that have to start complying with the rules.
Some member states have set up an entirely new regulator, such as Spain, where AESIA, an independent agency of the Spanish Department of Digital Transformation, is likely to assume the role.
In Poland, a pending implementing act sets up a new body, the Committee on Development and Security of AI, as the market surveillance authority.
Denmark on the other hand designated its pre-existing Agency for Digital Government.
For Germany, it seems likely that the Federal Network Agency will take up the role.
Others, including the Netherlands, will likely expand the tasks of the privacy watchdog to also check compliance with the AI Act, which has the General Data Protection Regulation (GDPR) as its legal basis.
The privacy regulators themselves called upon member states in July to ensure that they take charge of high-risk systems such as Biometric identification, law enforcement as well as migration, asylum and border control management.
