Licentium

AI Regulation Hub

Germany

Germany applies the EU AI Act directly. A national implementation bill is in preparation to designate competent authorities, give the Bundesnetzagentur an AI-sandbox role, and set procedures for cooperation, supervision and fines.

Key provisions

EU AI Act obligations

In force

Apply directly in Germany as an EU regulation: provider, deployer, importer and distributor duties under the EU classification model.

German implementation bill

Draft

Government bill before the Bundestag to designate national competent authorities (market surveillance, notification), regulate cooperation, administrative powers and fine procedures.

Bundesnetzagentur AI sandbox

Draft

Implementation bill provides for at least one AI regulatory sandbox and guidance for SMEs, start-ups and public bodies.

Detailed overview

Germany is regulated by the EU AI Act. The EU AI Act applies directly in Germany as an EU regulation, so German AI providers, deployers, importers and distributors must comply with the EU-wide classification, governance, transparency, high-risk AI and general-purpose AI requirements.

Implementation law

Germany is also preparing national implementation legislation for the EU AI Act. The German Bundestag has published a government bill for implementing Regulation (EU) 2024/1689. The purpose of the implementation law is to determine national competent authorities, including market-surveillance and notification authorities, and to regulate cooperation, administrative powers and fine procedures.

Under the German implementation bill, the requirements that businesses must meet and prove are still the requirements of the EU AI Act. In other words, Germany's implementation law is not designed to create a separate German high-risk AI regime. It is mainly about enforcement architecture: which authority supervises AI, how conformity-assessment bodies are notified, how authorities cooperate and how the EU AI Act is enforced nationally.

Sandboxes and innovation

The implementation bill gives the Federal Network Agency, or Bundesnetzagentur, an important role in innovation support and AI regulatory sandboxes. The bill provides for information and guidance on application of the EU AI Act, especially for SMEs, start-ups and public bodies, and for at least one AI regulatory sandbox. A sandbox is a supervised testing environment for developing or testing AI systems with regulatory guidance.

Business obligations

For AI used in Germany, businesses must apply the EU AI Act classification model. AI used in employment, education, credit scoring, biometric identification, critical infrastructure, essential services, law enforcement, migration, border control or justice may be high-risk. High-risk AI providers must implement quality management, risk management, data governance, documentation, conformity assessment, human oversight, accuracy, robustness and cybersecurity controls. Deployers must use the system according to instructions, monitor operation and ensure human oversight.

Penalties

Penalties for substantive AI Act breaches follow the EU AI Act penalty structure. Breaches of prohibited AI rules can reach EUR 35 million or 7% of worldwide annual turnover. Other AI Act breaches can reach EUR 15 million or 3% of worldwide annual turnover, and misleading information to authorities can reach EUR 7.5 million or 1% of worldwide annual turnover. German implementation legislation determines how national authorities exercise enforcement powers.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started