Licentium

AI Regulation Hub

Bulgaria

Bulgaria is regulated by the EU AI Act and has a national AI policy framework through the Concept for the Development of Artificial Intelligence in Bulgaria until 2030 — building reliable AI infrastructure, research capacity, knowledge and skills, innovation, public awareness, trust and a regulatory framework for reliable AI.

Key provisions

EU AI Act — direct application

In force

The EU AI Act applies directly in Bulgaria and imposes binding obligations on AI providers, deployers, importers, distributors and other operators.

Bulgaria AI Concept until 2030

In force

National AI policy framework: reliable AI infrastructure; scientific research capacity; knowledge and skills; innovation; public awareness; trust in society; and a regulatory framework for reliable AI aligned with international regulatory and ethical standards.

High-risk AI duties

In force

Providers must implement risk management, data governance, documentation, transparency, human oversight, accuracy, robustness and cybersecurity. Deployers must use and monitor the AI system properly. Covers AI used in employment, education, public services, credit, insurance, biometric identification, law enforcement, migration, justice or critical infrastructure.

Sectoral law overlay

In force

Binding compliance rules for AI systems come from the EU AI Act, GDPR, cybersecurity, product safety, consumer protection, employment, healthcare, financial regulation and other sectoral laws.

Detailed overview

Bulgaria is regulated by the EU AI Act and has a national AI policy framework through the Concept for the Development of Artificial Intelligence in Bulgaria until 2030. The EU AI Act applies directly in Bulgaria and imposes binding obligations on AI providers, deployers, importers, distributors and other operators.

Bulgaria's AI Concept identifies the main areas of national AI development: building reliable AI infrastructure, developing scientific research capacity, creating knowledge and skills for AI development and use, supporting innovation, raising public awareness, building trust in society, and creating a regulatory framework for reliable AI in line with international regulatory and ethical standards.

The Concept sets a 2030 vision of Bulgaria as a country with a high-tech, efficient and sustainable ecosystem for scientific research, technology transfer, development of original AI, big data and robotics products, and implementation of world-class AI solutions. It also links AI development with education, skills, intelligent industry, electronic public administration, sustainable agriculture and e-health.

Bulgaria's national AI framework is strategic rather than a separate AI statute. The binding compliance rules for AI systems come mainly from the EU AI Act, GDPR, cybersecurity, product safety, consumer protection, employment, healthcare, financial regulation and other sectoral laws.

Under the EU AI Act, high-risk AI used in areas such as employment, education, public services, credit, insurance, biometric identification, law enforcement, migration, justice or critical infrastructure requires strict compliance. Providers must implement risk management, data governance, documentation, transparency, human oversight, accuracy, robustness and cybersecurity. Deployers must use and monitor the AI system properly.

Penalties follow the EU AI Act. Prohibited AI breaches may be fined up to EUR 35 million or 7% of worldwide annual turnover. Other AI Act breaches may be fined up to EUR 15 million or 3%, and misleading information may be fined up to EUR 7.5 million or 1%.

Practical requirements & details

Sourced from Regulation (EU) 2024/1689 (the EU AI Act) and Bulgaria's Concept for the Development of Artificial Intelligence in Bulgaria until 2030.

EU AI Act direct application

  • Binding obligations on AI providers, deployers, importers, distributors and other operators.

Bulgaria AI Concept — main areas

  • Reliable AI infrastructure.
  • Scientific research capacity.
  • Knowledge and skills for AI development and use.
  • Innovation; public awareness; trust in society.
  • Regulatory framework for reliable AI aligned with international regulatory and ethical standards.

2030 vision

  • High-tech, efficient and sustainable ecosystem for research, technology transfer, original AI, big data and robotics.
  • Linked with education, skills, intelligent industry, electronic public administration, sustainable agriculture and e-health.

High-risk areas

  • Employment, education, public services, credit, insurance, biometric identification, law enforcement, migration, justice and critical infrastructure.

Provider & deployer duties

  • Risk management, data governance, documentation, transparency, human oversight, accuracy, robustness and cybersecurity.
  • Deployers must use and monitor the AI system properly.

Sectoral law overlay

  • EU AI Act, GDPR, cybersecurity, product safety, consumer protection, employment, healthcare, financial regulation and other sectoral laws.

Penalties

  • EUR 35 million or 7% of worldwide annual turnover — breaches of prohibited AI rules.
  • EUR 15 million or 3% of worldwide annual turnover — breaches of many other AI Act operator obligations.
  • EUR 7.5 million or 1% of worldwide annual turnover — supplying incorrect, incomplete or misleading information to authorities.

See also the European Union entry, which covers the EU AI Act (Regulation (EU) 2024/1689) — the substantive framework that this jurisdiction implements and supervises domestically.

European Union — EU AI Act

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started